Personal Access Token in a Organization Secret "PERSONAL_TOKEN"

Question

Personal Access Token in a Organization Secret "PERSONAL_TOKEN"

Opened this issue 2 years ago · 0 comments

If you are planning to implement the CopyCat GitHub Action in your GitHub Organization, be aware that one of the Org Admins should create a Personal Access Token in their GitHub account > Settings > Developer Settings > Personal access tokens at https://github.com/settings/tokens and give the PAT admin:org privileges. Then take that key and create a Org Secret called "PERSONAL_TOKEN"

Org Secrets do not implicitly have permissions associated with them. The organization administrator has permissions, not the org secret.

I spent quite a few hours trying to understand why the CopyCat GHA didn't copy files between my organization repos. I was trying to incorrectly use a Org Secret called "PERSONAL_TOKEN" which didn't have permissions.

I would be willing to submit a PR to improve the CopyCat README so my future self will know how to set up this GHA in GitHub Orgs.