Question

Summary

When using GitHub Copilot CLI (@github/copilot) in GitHub Actions for organization repositories, authentication fails because fine-grained PATs cannot have both "Copilot Requests" permission AND organization repository access simultaneously.

Problem

Fine-grained Personal Access Tokens have a fundamental limitation:

This forces users to choose between:

1. A user-owned token with Copilot access but limited org repo visibility
2. An org-owned token with repo access but no Copilot authentication

Use Case

We are trying to automate release notes generation using Copilot CLI in GitHub Actions:

- name: Generate release notes with Copilot
  env:
    COPILOT_GITHUB_TOKEN: ${{ secrets.COPILOT_TOKEN }}
  run: |
    copilot -p "Generate release notes for changes in the last 7 days across all repos in 'our-org'" --allow-all-tools < /dev/null

Error

When using an org-owned fine-grained PAT (with repo access but no Copilot Requests permission):

The organization 'org-name' either doesn't exist or isn't accessible.

When using a user-owned fine-grained PAT (with Copilot Requests but limited org access):

• Cannot access organization repositories

Expected Behavior

Organization-owned fine-grained PATs should have the "Copilot Requests" permission available, allowing enterprises to:

• Use Copilot CLI in CI/CD pipelines
• Access organization repositories with proper scoping