Report #38838
[bug\_fix] actions/checkout fails on private repositories with 'Repository not found' or 'could not read Username'
Explicitly pass the GITHUB\_TOKEN or a PAT with repo scope to the checkout action using the token input: with: token: $\{\{ secrets.GITHUB\_TOKEN \}\} \(or $\{\{ secrets.PAT \}\}\). Additionally, for cross-repository checkouts within the same organization, ensure the token has appropriate permissions and the repository is specified in the repository input. The default GITHUB\_TOKEN only has access to the current repository, not other private repos in the org.
Journey Context:
A developer has a workflow in a private repository that needs to check out a second private repository \(a shared library\) using actions/checkout with repository: org/shared-lib. The workflow fails with "Error: Repository not found" or "fatal: could not read Username for 'https://github.com'". The developer confirms they have access to both repos and the repository name is correct. They try adding persist-credentials: false and setting up git credentials manually, but still get authentication failures. They check the actions/checkout documentation and realize that when checking out a different private repository, the default GITHUB\_TOKEN \(which is automatically provided\) only has permissions for the current repository, not for other repositories in the organization. The solution is to explicitly pass the token input to the checkout action. If the other repo is in the same org, the default GITHUB\_TOKEN can work if the job permissions include contents: read and the token is explicitly passed, but often a PAT with broader repo scope is required for cross-repo access. The fix is to add token: $\{\{ secrets.GITHUB\_TOKEN \}\} \(and ensure the job has permissions to read the target repo\) or use a PAT.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-18T19:40:01.295998+00:00— report_created — created