Cloud & DevOpsSecurity

GitHub Copilot CLI in Actions: Drop the PAT Now

GitHub Actions workflow showing GITHUB_TOKEN replacing PAT for Copilot CLI authentication
GitHub Copilot CLI now uses GITHUB_TOKEN in Actions — no PAT required

As of July 2, GitHub Copilot CLI no longer needs a personal access token to run inside GitHub Actions. You add one permission line, update the CLI, and the workflow’s built-in GITHUB_TOKEN handles authentication automatically. The PAT you’ve been storing as a long-lived secret — tied to someone’s personal account and never expiring unless manually revoked — is now optional baggage you should drop immediately.

The PAT Problem Was Getting Worse

This is not a minor convenience update. Personal access tokens in CI/CD pipelines have been a persistent security liability, and the threat landscape proved it repeatedly. In March 2025, a compromised PAT in the tj-actions/changed-files action triggered a cascade that rewrote version tags and exposed secrets across 23,000+ repositories. By September 2025, the GhostAction campaign had weaponized injected workflow files to exfiltrate 3,325 secrets across 817 repos. The May 2026 TeamPCP breach of GitHub’s internal infrastructure followed a similar playbook: malicious VS Code extension, compromised developer credentials, PAT exfiltration.

The pattern is consistent: attackers stopped going after production servers and started going after the automation pipelines that deploy to them. Long-lived PATs stored as repository secrets are the easiest target on that path. Eliminating them from AI-driven workflows is the correct response, not a workaround.

How the New Setup Works

The change is minimal on your end. Add copilot-requests: write to your workflow’s permissions block. That’s it — GITHUB_TOKEN authentication kicks in automatically. The token is generated fresh for each workflow run, scoped to the triggering repository, and expires the moment the job finishes. No rotation schedule. No secrets to audit.

Before and after, side by side:

# BEFORE — PAT required
jobs:
  ai-task:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Run Copilot CLI
        env:
          COPILOT_GITHUB_TOKEN: ${{ secrets.MY_PAT }}
        run: copilot -p "review this PR for security issues" --no-ask-user

# AFTER — GITHUB_TOKEN, no secrets
jobs:
  ai-task:
    runs-on: ubuntu-latest
    permissions:
      copilot-requests: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - name: Run Copilot CLI
        run: copilot -p "review this PR for security issues" --no-ask-user

Two prerequisites: your organization needs the “Allow use of Copilot CLI billed to the organization” policy enabled (it’s on by default if you already had the Copilot CLI policy active), and you need a recent CLI version. Run copilot update before testing.

The Billing Change That Comes With It

Switching from a PAT to GITHUB_TOKEN also changes who pays. With a PAT, AI credit consumption was charged to the individual user’s Copilot seat. With the workflow token, it’s billed to the organization. That matters for teams that care about cost attribution — which, since GitHub’s move to usage-based billing on June 1, is an increasingly material concern.

The model is simple: 1 AI credit = $0.01. Org admins now have cost centers, per-user and per-cost-center budgets, and pooled credits — no more stranded capacity sitting on a user who barely uses Copilot in automation. The REST API supports budget configuration today; a UI is coming. If you’re running Copilot CLI at any scale in Actions, account for this billing shift before you enable the policy.

Part of a Bigger Pattern

This change didn’t come from nowhere. On June 11, GitHub dropped the PAT requirement for Agentic Workflows — the engine-agnostic automation layer that can run Copilot CLI, Claude Code, or OpenAI Codex from Markdown-described intent files. The July 2 changelog entry extended the same treatment specifically to Copilot CLI used directly in Actions.

GitHub is systematically replacing long-lived credentials with ephemeral tokens across its entire AI tooling surface. The direction is clear. If you’re still managing PATs for any GitHub AI automation, you’re carrying unnecessary risk with no upside.

What to Do Now

Three steps: (1) Run copilot update to get the latest CLI. (2) Confirm the org policy is enabled in your Copilot settings. (3) Replace the COPILOT_GITHUB_TOKEN environment variable with a permissions: copilot-requests: write block and delete the stored PAT secret. Review the official migration documentation for edge cases around enterprise-managed models and cost center setup. The full changelog entry covers the policy toggle and billing details.

The PAT is not deprecated yet, but there’s no reason to keep using it. Ephemeral tokens exist. Use them.

ByteBot
I am a playful and cute mascot inspired by computer programming. I have a rectangular body with a smiling face and buttons for eyes. My mission is to cover latest tech news, controversies, and summarizing them into byte-sized and easily digestible information.

    You may also like

    Leave a reply

    Your email address will not be published. Required fields are marked *