Bad GITHUB_OAUTH_TOKEN value error in Gruntwork CI/CD Pipelines or ECS Deploy Runner

[zackproser]

A customer asked:

Hello There! We're getting this error on the CI/CD workflow:

2023-01-27 16:18:51 [INFO] [gruntwork-install] Repository is not public. GITHUB_OAUTH_TOKEN environment variable is required.
2023-01-27 16:18:51 [INFO] [gruntwork-install] Installing infrastructure-deployer...
[fetch] time="2023-01-27T16:18:51Z" level=error msg="\nReceived an HTTP 401 Response when attempting to query the repo for its tags.\n\nThis means that either your GitHub oAuth Token is invalid, or that the token is valid but is being used to request access\nto either a public repo or a private repo to which you don't have access.\n\nUnderlying error message:\nReceived HTTP Response 401 while fetching releases for GitHub URL https://api.github.com/repos/gruntwork-io/terraform-aws-ci/tags?per_page=100. Full HTTP response: {\"message\":\"Bad credentials\",\"documentation_url\":\"https://docs.github.com/rest\"}\n\n"
Error: Process completed with exit code 1.

Does anyone have any idea what might be going on?
Thanks!

[zackproser]

The following Gruntworks products use the same general pattern for securely accessing your GitHub repositories when performing a CI/CD job, without dangerously including your secrets in your Docker images or version control:

• ECS Deploy Runner
• Pipelines

General access pattern leveraging a GitHub Personal Access Token

1. Your machine user's (CI/CD user's) GitHub Personal Access Token (PAT) is stored in AWS Secrets Manager within your Reference Architecture's shared account
2. At runtime, ECS Deploy Runner / Pipelines fetches your GitHub PAT from Secrets Manager and makes it available to the running ECS task. In this way, we load your secret "just in time" and it only exists ephemerally within the volatile memory of the running ECS container.
3. The GitHub PAT is used to perform git operations such as cloning your infrastructure-live repository into your running task's ECS container so that can be operated on by your pipeline

Therefore, if you're encountering this error, it means that you need to ensure two different things about your token:

1. Ensure that your GitHub PAT is valid
2. Ensure that your GitHub PAT has the correct scopes attached to it

Please see the linked KB posts to each for guides and demos on how to quickly confirm if either situation applies to your token.