From 9b85d94a3723f68f9c5e7c2f1c5554889c51a598 Mon Sep 17 00:00:00 2001 From: Hatton Date: Mon, 15 Jun 2026 17:19:58 -0600 Subject: [PATCH] Fix reusable workflow secret name to PR_REVIEW_TRACKER_PROJECT_TOKEN The rename landed after PR #1 was merged, so main still declared the old PROJECT_TOKEN while callers now pass PR_REVIEW_TRACKER_PROJECT_TOKEN. The mismatch caused caller runs to fail at startup. This aligns main with the callers. Co-Authored-By: Claude Opus 4.8 (1M context) --- .github/workflows/pr-review-tracker.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/pr-review-tracker.yml b/.github/workflows/pr-review-tracker.yml index 39516c1..9a43a22 100644 --- a/.github/workflows/pr-review-tracker.yml +++ b/.github/workflows/pr-review-tracker.yml @@ -13,14 +13,14 @@ # options) is recreated, update the three IDs here in this one place. # # Auth: the default GITHUB_TOKEN cannot write org Projects (v2). Callers pass an -# org-level secret PROJECT_TOKEN via `secrets: inherit` (a classic PAT with the -# `project` scope, or a GitHub App token with org Projects read+write). +# org-level secret PR_REVIEW_TRACKER_PROJECT_TOKEN by mapping it explicitly (a +# fine-grained PAT with org Projects read+write; BloomBooks blocks classic PATs). name: PR Review Tracker (reusable) on: workflow_call: secrets: - PROJECT_TOKEN: + PR_REVIEW_TRACKER_PROJECT_TOKEN: description: Token that can write to the BloomBooks org project. required: true @@ -35,7 +35,7 @@ jobs: steps: - name: Set Status to "Waiting for AI-Review" env: - GH_TOKEN: ${{ secrets.PROJECT_TOKEN }} + GH_TOKEN: ${{ secrets.PR_REVIEW_TRACKER_PROJECT_TOKEN }} PROJECT_ID: PVT_kwDOAFlSFM4Bawkp STATUS_FIELD_ID: PVTSSF_lADOAFlSFM4BawkpzhVl0_w WAITING_OPTION_ID: "97860183"