From 6494dc61d3e663a9f5166a099d9736ceefc5a3aa Mon Sep 17 00:00:00 2001
From: Sam Bull <git@sambull.org>
Date: Wed, 28 May 2025 15:08:30 +0100
Subject: [PATCH] Fix PAT instructions with Dependabot

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4e9b319..ff60268 100644
--- a/README.md
+++ b/README.md
@@ -461,10 +461,12 @@ If you create a fine-grained personal access token, apply the `Contents`-permiss
 ```yaml
 - uses: actions/checkout@v4
   with:
-    token: ${{ secrets.PAT }}
+    token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
 ```
 You can learn more about Personal Access Token in the [GitHub documentation](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token).
 
+Having a fallback to GITHUB_TOKEN helps things like Dependabot to continue working, as they may not be granted access to the PAT.
+
 > [!TIP] 
 > If you're working in an organisation, and you don't want to create the PAT from your personal account, we recommend using a bot-account for such tokens.