Skip to content

Fix: Authenticate git push and script env var with PAT_TOKEN in update-readme workflow#6

Merged
naheel0 merged 3 commits intomainfrom
copilot/fix-github-actions-permissions
Mar 9, 2026
Merged

Fix: Authenticate git push and script env var with PAT_TOKEN in update-readme workflow#6
naheel0 merged 3 commits intomainfrom
copilot/fix-github-actions-permissions

Conversation

Copy link
Contributor

Copilot AI commented Mar 9, 2026
edited
Loading

github-actions[bot] lacks write access to the org repo, causing the leaderboard update workflow to fail. Two issues were fixed:

  1. Script env var mismatch: updateReadme.js reads process.env.PAT_TOKEN, but the workflow was passing the secret as GITHUB_TOKEN, causing the script to exit immediately with "PAT_TOKEN is not set" before the push step was ever reached.

  2. Push authentication: git push origin HEAD:main was failing with a 403 because github-actions[bot] lacks write access.

Changes

  • .github/workflows/update-readme.yml — Fixed the env variable name in the "Generate leaderboard" step from GITHUB_TOKEN to PAT_TOKEN, and replaced git push origin HEAD:main with an authenticated remote URL using PAT_TOKEN injected via git remote set-url:
- name: Generate leaderboard
  run: node profile/scripts/updateReadme.js
  env:
    PAT_TOKEN: ${{ secrets.PAT_TOKEN }}

- name: Commit & push changes
  env:
    PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
  run: |
    git remote set-url origin https://x-access-token:${PAT_TOKEN}@github.com/${{ github.repository }}.git
    git add profile/README.md
    git commit -m "Update leaderboard" || echo "No changes"
    git push origin HEAD:main

Using an env var (instead of inlining ${{ secrets.PAT_TOKEN }} directly in the URL) ensures the token remains masked in Actions logs.

🔒 GitHub Advanced Security automatically protects Copilot coding agent pull requests. You can protect all pull requests by enabling Advanced Security for your repositories. Learn more about Advanced Security.

@jaseel0
Fix: Use PAT_TOKEN for authenticated git push in update-readme workflow
17440ae 
Co-authored-by: jaseel0 <225665919+jaseel0@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix permissions issue for GitHub Actions Fix: Authenticate git push with PAT_TOKEN in update-readme workflow Mar 9, 2026
@jaseel0 jaseel0 added the ci label Mar 9, 2026
@naheel0 naheel0 marked this pull request as ready for review March 9, 2026 16:52
@naheel0 naheel0 requested review from jaseel0 and naheel0 as code owners March 9, 2026 16:52
@naheel0
Copy link
Contributor

naheel0 commented Mar 9, 2026

@copilot way still filure

GIT_PAK | 3 weeks ago |   -- | -- | -- PAT_TOKEN

@naheel0
Fix: pass PAT_TOKEN (not GITHUB_TOKEN) as env var to updateReadme.js
f7e3acd 
Co-authored-by: naheel0 <191262736+naheel0@users.noreply.github.com>
Copy link
Contributor Author

Copilot AI commented Mar 9, 2026

@copilot way still filure

...

Found the root cause from the CI logs: the "Generate leaderboard" step was setting the env variable as GITHUB_TOKEN but updateReadme.js reads process.env.PAT_TOKEN — so the script exited immediately with "PAT_TOKEN is not set" before the git push was ever reached.

Fixed in f7e3acd by changing the env mapping from GITHUB_TOKEN: ${{ secrets.PAT_TOKEN }} to PAT_TOKEN: ${{ secrets.PAT_TOKEN }}.

Copilot AI changed the title Fix: Authenticate git push with PAT_TOKEN in update-readme workflow Fix: Authenticate git push and script env var with PAT_TOKEN in update-readme workflow Mar 9, 2026
@naheel0 naheel0 merged commit 1faafe0 into main Mar 9, 2026
@naheel0 naheel0 deleted the copilot/fix-github-actions-permissions branch March 9, 2026 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@naheel0 naheel0 naheel0 approved these changes

@jaseel0 jaseel0 Awaiting requested review from jaseel0 jaseel0 is a code owner

Assignees

Copilot code review Copilot

@jaseel0 jaseel0

Labels

ci

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@naheel0 @jaseel0