This project uses GitHub Personal Access Tokens (PAT) for:
- GitHub CLI authentication
- GitHub Copilot integration
- GitHub Actions autoscaler
- API access for workflow management
# Run the interactive setup script
bash scripts/setup-github-token.shVisit: https://github.com/settings/tokens/new
Required scopes:
- ✅
repo- Full control of private repositories - ✅
workflow- Update GitHub Action workflows - ✅
admin:org- Full control of orgs and teams (if using org runners) - ✅
copilot- GitHub Copilot access
Recommended name: ipfs_accelerate_py_token
Click "Generate token" and copy the token (starts with ghp_ or github_pat_)
Option A: Using gh CLI (Recommended)
# Authenticate interactively
gh auth login -h github.com
# Or use token directly
echo "YOUR_TOKEN_HERE" | gh auth login --with-tokenOption B: Environment Variables
# Add to ~/.bashrc or ~/.zshrc
export GITHUB_TOKEN="ghp_YOUR_TOKEN_HERE"
export GH_TOKEN="ghp_YOUR_TOKEN_HERE"
# Reload shell
source ~/.bashrcOption C: .env File (For Autoscaler)
# Create .env file (already in .gitignore)
echo "GITHUB_TOKEN=ghp_YOUR_TOKEN_HERE" > .env
chmod 600 .env-
Install Extension
- Open VS Code
- Go to Extensions (Ctrl+Shift+X)
- Search "GitHub Copilot"
- Click Install
-
Sign In
- Click on Copilot icon in status bar
- Sign in with GitHub
- Authorize GitHub Copilot
-
Verify
- Open a Python file
- Start typing - you should see Copilot suggestions
- Press Tab to accept suggestions
# Install Copilot CLI
gh extension install github/gh-copilot
# Use it
gh copilot suggest "how to fix permission errors in github actions"
gh copilot explain "git checkout -b feature/new-branch"# Check gh CLI authentication
gh auth status
# Test API access
gh api user
# Check token scopes
gh api user -i | grep x-oauth-scopes
# Test with repo
gh repo view endomorphosis/ipfs_accelerate_py- Generate tokens with minimum required scopes
- Use different tokens for different purposes
- Store tokens securely (gh CLI credential store or env vars)
- Add
.envto.gitignore - Set
.envfile permissions to 600 (owner read/write only) - Rotate tokens periodically (every 90 days recommended)
- Revoke tokens immediately if compromised
- Commit tokens to git repositories
- Share tokens via email, chat, or other insecure channels
- Use the same token for multiple projects/machines
- Grant more scopes than necessary
- Leave tokens with unlimited expiration
If your token expires or becomes invalid:
# Re-authenticate
gh auth refresh -h github.com
# Or login again
bash scripts/setup-github-token.sh# Check if token works directly
curl -H "Authorization: token YOUR_TOKEN" https://api.github.com/user
# Re-authenticate
gh auth logout
gh auth login- Check subscription: https://github.com/settings/copilot
- Verify VS Code extension is enabled
- Check VS Code settings:
github.copilot.enable - Restart VS Code
# Verify token is in environment
echo $GITHUB_TOKEN
# Restart service
sudo systemctl restart github-autoscaler@barberb.service
# Check logs
sudo journalctl -u github-autoscaler@barberb.service -f- Location:
/etc/systemd/system/github-autoscaler@.service - Token Source: Environment variable or gh CLI
- Restart:
sudo systemctl restart github-autoscaler@barberb.service
- Location:
/etc/systemd/system/runner-permission-fix.timer - Token: Uses gh CLI credentials
- Check:
systemctl status runner-permission-fix.timer
- Token: Automatically provided by GitHub Actions as
${{ secrets.GITHUB_TOKEN }} - No setup needed: GitHub injects this automatically
| Scope | Purpose | Required? |
|---|---|---|
repo |
Access repositories | ✅ Yes |
workflow |
Manage workflows | ✅ Yes |
admin:org |
Manage org runners | ✅ Yes (for org) |
copilot |
GitHub Copilot | ✅ Yes (for Copilot) |
read:org |
Read org data | |
user |
Read user data |