Is Fine-grained Personal Access Tokens compotable to Checking out private repository

[enginterzi]

I don't get this to work. I have a private repo I need to check out and use in another private repo of the organization.
So, inside the workflow, I'm doing this:

- name: Checkout private repository uses: actions/checkout@v4 with: repository: username/private-repo-name ref: main token: ${{ secrets.PAT }}

Here is the error message I'm getting
Retrieving the default branch name Not Found - https://docs.github.com/rest/repos/repos#get-a-repository

It seems to be working fine when I use the "classic" tokens. I've set all the permissions to read and write for testing purposes, so there should be no issues there.

I am considering the following points:

1. As this is still in beta, it may not be suitable for use in production.
2. There might be a bug with actions/checkout or it may not be compatible.
3. There could be limitations for both pro and free accounts.

[gongfeng98]

Same problem

[GouravSittam]

Are Fine-grained Personal Access Tokens (PATs) Compatible with Checking Out Private Repositories?

Short answer:
Yes, Fine-grained Personal Access Tokens (PATs) are fully compatible with checking out private repositories on GitHub.

---

Key Points

• Authentication:
  Fine-grained PATs can be used as your password when cloning, pulling, or pushing to a private repository over HTTPS.

• Permissions:
  The token must have at least Repository contents: Read-only permission for the corresponding private repository. For pushing, Read and Write permission is required.

• Security:
  Fine-grained PATs let you restrict access to only the repositories and permissions you specify. They also support setting expiration dates for added security.

• Two-factor Authentication:
  If 2FA is enabled, you must use a PAT (classic or fine-grained); account passwords are not supported for HTTPS Git operations.

---

How to Use Fine-grained PATs for Checking Out Private Repositories

1. Generate a Fine-grained PAT:

   • Navigate to GitHub Settings → Developer settings → Personal access tokens → Fine-grained tokens.
   • Click Generate new token.
   • Select the repository/repositories and required permissions (e.g., Repository contents: Read-only).
   • Set an expiration date if desired.
   • Generate and copy the token.

2. Clone the Repository:

   • Copy the HTTPS URL from your repository, e.g.:

     git clone https://github.com/OWNER/REPO.git
     
   • When prompted, enter your GitHub username and paste your fine-grained PAT as the password.

3. Troubleshooting:

   • If you get authentication errors:
     • Check token permissions and expiration.
     • Make sure the repository is included in the token’s access list.
     • Ensure you are using the entire token (no extra spaces).
     • With 2FA enabled, only PATs are accepted for HTTPS authentication.

---

Advantages Over Classic PATs

• Granular permissions (repo-level, operation-level)
• Expiration dates for better credential management
• Easier to audit and revoke if needed

---

References

• Creating a fine-grained personal access token
• About fine-grained personal access tokens
• Cloning a repository with HTTPS

---

In summary:
Fine-grained PATs are not only compatible with checking out private repositories, but are also recommended for their enhanced security, control, and flexibility. Just ensure you set the correct repository permissions when creating your token.

If you need a step-by-step guide with screenshots or run into any issues, let me know!