doc: import-in-the-middle release token (#902)

legendecas · mhdawson · web-flow · commit 0acfbbac8001 · 2024-07-30T15:02:45.000+01:00
Co-authored-by: Michael Dawson &lt;mdawson@devrus.com&gt;
diff --git a/request-an-access-token.md b/request-an-access-token.md
@@ -20,6 +20,8 @@ steps as:
        and requested permission scopes only.
     1. Save the token as a repository secret at `https://github.com/<org>/<repo>/settings/secrets/actions`,
        do not reveal the token to the anyone in plaintext.
+    1. If necessary, grant write access to [`@nodejs-github-bot`][] at
+       `https://github.com/<org>/<repo>/settings/access`.
     1. Land the PR.
 
 Fine-grained tokens created with access to https://github.com/nodejs resources will
@@ -34,9 +36,16 @@ The "secret name" is a string that the secret can be referenced in the GitHub Ac
 scripts. Like a secret name of `RELEASE_PLEASE_TOKEN` can be accessed from the script
 as `${{ secrets.RELEASE_PLEASE_TOKEN }}`.
 
-Repo                        | Secret name
----                         | ---
-nodejs/import-in-the-middle | RELEASE_PLEASE_GITHUB_TOKEN
+The "expiration date" is the date before which the token should be renewed and
+replaced. This should be no longer than 1 year.
+
+The "pull request" is the PR that initially requested the token, or requested
+permission scope changes. The PR should describe the permission scopes requested.
+
+Repo                              | Secret name                   | Expiration date | Pull Request                               |
+---                               | ---                           | ---             | ---                                        |
+[`nodejs/import-in-the-middle`][] | `RELEASE_PLEASE_GITHUB_TOKEN` | 2025-07-23      | <https://github.com/nodejs/admin/pull/902> |
 
 
 [`@nodejs-github-bot`]: https://github.com/nodejs-github-bot
+[`nodejs/import-in-the-middle`]: https://github.com/nodejs/import-in-the-middle
