I noticed you manually parse the PAT as a JWT token and fire the request using curl.

Why not just use the Github CLI which is maintained by Microsoft?

You can pass the PAT as a file into docker like so

docker -v ${PWD}/.pat-token:/etc/.github/.pat-token ...

And fetch the secret via

gh --with-token < /etc/.github/.pat-token

Because curl is lighter and there's no functional difference since the gh CLI is just firing an https request under the hood

No worries, thanks for the explanation