How to create GitHub access token limited only for specific repository?

You cannot do it using standard approach with personal access tokens (PAT) but GitHub offers amazing workaround which allows you to accomplish it.

First of all, you need to create app using this guide which is little bit unclear about Installation ID.

There is a simple way to get it from page's URL. We need to open organisation where we've installed this app then open Settings and then open:

And then click Configure on right side from App's name and you will see URL: https://github.com/organizations/AAAA/settings/installations/XXX.

XXX - is our installation id in URL.

For me I used npx to retrieve auth token:

npx github-app-installation-token --appId AAA       --installationId XXX      --privateKeyLocation ~/key.pem

After getting key we can authenticate with this token using GitHub cli tool:

gh auth login

What account do you want to log into? GitHub.com

What is your preferred protocol for Git operations? HTTPS

Authenticate Git with your GitHub credentials? No

How would you like to authenticate GitHub CLI? Paste an authentication token

And after that you can do any required commands on specific repo like creation of new release:

gh api   --method POST   -H "Accept: application/vnd.github.v3+json"   /repos/<org_name>/<repo_name/releases   -f tag_name='v1.0.0'  -f target_commitish='main'  -f name='New Fancy Release'