From 960055e9997662e3064ef08f6391461cb9e446e1 Mon Sep 17 00:00:00 2001
From: Jonathan Perry <yonch@yonch.com>
Date: Fri, 17 Jan 2025 17:25:08 -0600
Subject: [PATCH] use repository Administration token for ec2-github-runner

---
 .github/workflows/aws-runner-template.yaml | 4 ++--
 docs/ci/aws-setup.md                       | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/aws-runner-template.yaml b/.github/workflows/aws-runner-template.yaml
index 1df1aab..b9cc0df 100644
--- a/.github/workflows/aws-runner-template.yaml
+++ b/.github/workflows/aws-runner-template.yaml
@@ -27,7 +27,7 @@ jobs:
         uses: machulav/ec2-github-runner@v2
         with:
           mode: start
-          github-token: ${{ secrets.TOKEN_FOR_MANAGING_SELF_RUNNERS }}
+          github-token: ${{ secrets.REPO_ADMIN_TOKEN }}
           ec2-image-id: ami-08970251d20e940b0  # Amazon Linux 2023 in us-west-2
           ec2-instance-type: t3.micro
           subnet-id: ${{ secrets.AWS_SUBNET_ID }}
@@ -71,6 +71,6 @@ jobs:
         uses: machulav/ec2-github-runner@v2
         with:
           mode: stop
-          github-token: ${{ secrets.TOKEN_FOR_MANAGING_SELF_RUNNERS }}
+          github-token: ${{ secrets.REPO_ADMIN_TOKEN }}
           label: ${{ needs.start-runner.outputs.label }}
           ec2-instance-id: ${{ needs.start-runner.outputs.ec2-instance-id }}
diff --git a/docs/ci/aws-setup.md b/docs/ci/aws-setup.md
index 15bc8b2..4aa4a9e 100644
--- a/docs/ci/aws-setup.md
+++ b/docs/ci/aws-setup.md
@@ -116,7 +116,7 @@ Configure the repository with the following secrets that can be used in Actions:
 - `AWS_REGION`: the region where we'll run runners
 - `AWS_SUBNET_ID`: the subnet ID, needs to be in `AWS_REGION`
 - `AWS_SECURITY_GROUP_ID`: the name of the security group that allows runners to pull jobs
-- `GITHUB_ACTIONS_SELF_HOSTED_RUNNERS_TOKEN`: see below
+- `REPO_ADMIN_TOKEN`: see below
 
 ### Getting a token for ec2-github-runner
 
@@ -125,7 +125,8 @@ To register runners with GitHub, the `machulav/ec2-github-runner` action needs a
 1. Configure your organization to allow fine-grained tokens. In Organization Settings -> Third-party Access -> Personal access tokens -> Settings, allow access via fine-grained personal access tokens
 2. Create a fine-grained personal access token here: https://github.com/settings/personal-access-tokens/new
 3. Set the resource owner to be the organization
-4. In Organization Permissions, give access to "Self-hosted runners" (read and write)
+4. Set the permission scope to "Only select repositories", and select the repo with the GitHub Action
+4. In Repository permissions, add "Administration" (read and write)
 
 ## GitHub Workflow Configuration