use repository Administration token for ec2-github-runner

unvariance · Jan 17, 2025 · 960055e · 960055e
1 parent b4b8541
commit 960055e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml
@@ -27,7 +27,7 @@ jobs:
         uses: machulav/ec2-github-runner@v2
         with:
           mode: start
-          github-token: ${{ secrets.TOKEN_FOR_MANAGING_SELF_RUNNERS }}
+          github-token: ${{ secrets.REPO_ADMIN_TOKEN }}
           ec2-image-id: ami-08970251d20e940b0  # Amazon Linux 2023 in us-west-2
           ec2-instance-type: t3.micro
           subnet-id: ${{ secrets.AWS_SUBNET_ID }}
@@ -71,6 +71,6 @@ jobs:
         uses: machulav/ec2-github-runner@v2
         with:
           mode: stop
-          github-token: ${{ secrets.TOKEN_FOR_MANAGING_SELF_RUNNERS }}
+          github-token: ${{ secrets.REPO_ADMIN_TOKEN }}
           label: ${{ needs.start-runner.outputs.label }}
           ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
diff --git a/docs/ci/aws-setup.md b/docs/ci/aws-setup.md
@@ -116,7 +116,7 @@ Configure the repository with the following secrets that can be used in Actions:
 - `AWS_REGION`: the region where we'll run runners
 - `AWS_SUBNET_ID`: the subnet ID, needs to be in `AWS_REGION`
 - `AWS_SECURITY_GROUP_ID`: the name of the security group that allows runners to pull jobs
-- `GITHUB_ACTIONS_SELF_HOSTED_RUNNERS_TOKEN`: see below
+- `REPO_ADMIN_TOKEN`: see below
 
 ### Getting a token for ec2-github-runner
 
@@ -125,7 +125,8 @@ To register runners with GitHub, the `machulav/ec2-github-runner` action needs a
 1. Configure your organization to allow fine-grained tokens. In Organization Settings -> Third-party Access -> Personal access tokens -> Settings, allow access via fine-grained personal access tokens
 2. Create a fine-grained personal access token here: https://github.com/settings/personal-access-tokens/new
 3. Set the resource owner to be the organization
-4. In Organization Permissions, give access to "Self-hosted runners" (read and write)
+4. Set the permission scope to "Only select repositories", and select the repo with the GitHub Action
+4. In Repository permissions, add "Administration" (read and write)
 
 ## GitHub Workflow Configuration