[Question] Copilot Requests permission unavailable for organization-owned repos, fine-grained PATs blocks CI/CD automation #64
Description
Question
Summary
When using GitHub Copilot CLI (@github/copilot) in GitHub Actions for organization repositories, authentication fails because fine-grained PATs cannot have both "Copilot Requests" permission AND organization repository access simultaneously.
Problem
Fine-grained Personal Access Tokens have a fundamental limitation:
| Token Resource Owner | Copilot Requests Permission | Org Repository Access |
|---|---|---|
| Personal Account | ✅ Available | ❌ Limited |
| Organization | ❌ Not Available | ✅ Full Access |
This forces users to choose between:
- A user-owned token with Copilot access but limited org repo visibility
- An org-owned token with repo access but no Copilot authentication
Use Case
We are trying to automate release notes generation using Copilot CLI in GitHub Actions:
- name: Generate release notes with Copilot
env:
COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_TOKEN }}
run: |
copilot -p "Generate release notes for changes in the last 7 days across all repos in 'our-org'" --allow-all-tools < /dev/nullError
When using an org-owned fine-grained PAT (with repo access but no Copilot Requests permission):
The organization 'org-name' either doesn't exist or isn't accessible.
When using a user-owned fine-grained PAT (with Copilot Requests but limited org access):
- Cannot access organization repositories
Expected Behavior
Organization-owned fine-grained PATs should have the "Copilot Requests" permission available, allowing enterprises to:
- Use Copilot CLI in CI/CD pipelines
- Access organization repositories with proper scoping