Fine-grained PATs will also work

[jagthedrummer]

One of the strikes against using a PAT was the fact that they're not scoped to a repo, but recently GitHub has introduced "Fine-grained tokens" which can be scoped to a single repo.

I just ran some tests and can confirm that a fine-grained token will do the trick as long as you give it read/write access to "Contents" and "Pull Requests" under the "Repository Permissions" section. (Note that the "Metadata" permission will automatically be set to Read-only when you select either of the previously mentioned settings.)

Just thought I'd drop a note to help anyone who might be wondering.

[peter-evans]

Hi @jagthedrummer

Fine-grained PATs may work for some use cases, but not all. They are still in beta and some GitHub APIs don't support them yet.

For example, #1791

This is why I'm not updating the docs to make it the preferred method yet.
#1937

[rettenbs]

One thing I noticed: If the pull requests updates the workflows of the repository, the fine grain token needs the "Workflows" permission as well. Make sense to me but it took me awhile to figure it out.