Use a bot instead of a personal access token?

[wlandau]

Is it possible to use a GitHub bot instead of a personal access token to run this action? When I use a bot with read/write "Actions" and "Workflow" permissions, I get the 403 errors at https://github.com/r-multiverse/community/actions/runs/13633004089/job/38104868912. The errors resolved when I defined a fine-grained PAT with just read/write "Actions" permissions.

I would prefer using a bot and generating ephemeral tokens on demand because I think it is more secure: https://github.com/r-multiverse/community/blob/430872432c05a4df64683375fd649e31d9f3621a/.github/workflows/review.yaml#L13-L19

[PhrozenByte]

According to the API docs this should indeed be possible. The token apparently just needs read/write Actions permissions.

However, there was a known issue that made PATs not work with repos of orgs and other users. I just checked again and it seems like that it should work for orgs too now (also matching with your testing). This might be a similar issue. I'm no GitHub API expert though... And I've never used GitHub apps before. So, I'm in the dark here as well...

1. Please check whether the app is really installed for the r-multiverse org, not your user.
2. Then please try again with installing the app for your user.
3. Try adding more permissions to the app, up to all permissions.
4. Try running things locally (i.e. request a token with curl and then run gh-workflow-immortality.sh locally)

[wlandau]

1. Please check whether the app is really installed for the r-multiverse org, not your user.

Thanks, I double-checked that the app is installed at the organization level

2. Then please try again with installing the app for your user.
3. Try adding more permissions to the app, up to all permissions.

I think I would need to replicate this in a test environment.