Github action mirror repository receiving 403

I'm trying to mirrow a public repository belonging to my github organization (I'm an admin for the org) to a private repository in my personal account. I did the following:

Created a fine grained access token with many permissions (I got a little desperate) Read and Write access to Dependabot alerts, actions, actions variables, administration, attestations api, code, codespaces, codespaces lifecycle admin, codespaces secrets, commit statuses, dependabot secrets, deployments, discussions, environments, issues, merge queues, pages, pull requests, repository advisories, repository custom properties, repository hooks, secret scanning alerts, secrets, security events, and workflows
Checked 100x that the token has access to my personal private repository
Enabled workflows to run in my personal repo:

But I keep seeing the error:

> Run git remote add private
> https://***@github.com/xxxx.git
> origin    https://github.com/yyyy (fetch)
> origin    https://github.com/yyyy (push)
> private   https://***@github.com/xxxx.git
> (fetch)
> private   https://***@github.com/xxxx.git
> (push) remote: Permission to xxxx.git
> denied to github-actions[bot]. fatal: unable to access
> 'https://github.com/xxxx/': The
> requested URL returned error: 403 Error: Process completed with exit
> code 128.

My github action is defined as follows:

name: Mirror Repository

on:
  push:
    branches: [main]
  workflow_dispatch: # Allows manual triggering of the workflow

jobs:
  mirror:
    runs-on: ubuntu-latest
    permissions:
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Fetch all history for all branches and tags

      - name: Push to private mirror
        env:
          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
        run: |
          git remote add private https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/xxxx.git
          # Debug: List remotes to verify
          git remote -v
          git push private --force --all
          git push private --force --tags

Can someone help? I'm out of ideas.

Solution

When you use the checkout action, the auth token is persisted in the git config. Try setting your personal token there instead of in the run step:

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 0 # Fetch all history for all branches and tags
          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

      - name: Push to private mirror
        run: |
          git remote add private https://github.com/florianmartens/revenuestack-clone.git
          # Debug: List remotes to verify
          git remote -v
          git push private --force --all
          git push private --force --tags

This should still let you check out the source repo since it's public, but then also authenticate access to your private repo.