Improve reliability of github permissions bot #196
Description
We have a script that is designed to run regularly to enforce a set of permissions on repos in our various Github orgs.
A key thing it does is to remove the default admin permission on newly created repo by the user who created it.
The script requires a token with admin permissions, which is obviously very highly sensitive. For this reason, we do not run this cron job on our DO cloud infra, but instead from Simon's machine. This is Obviously Less Than Ideal™.
Recently, the org token expired and the script stopped working, but we didn't get any alerts on it. This led to our permissions not being correctly maintained.
We should improve this, and shout loudly when the script fails.
This is possibly as simple as modifying the script to send and email (simple, lol) to the RAP team slack channel email address, or similar.
We maybe could also look at switching to fine-grained PATs at the same time, as the script currently uses a classic PAT with all the permmisions.