It’s a nice looking cards list. I have something similar.
You don’t need to set the token at all. Your local build will use unauthorized API requests which means after too many requests you’ll get rate limited and get no data.
If you do decide to use the token, then I would avoid the complexity of a dotenv plugin and first just get it to work a simple way.
Then if that works, you can go one step further and use dotenv library if you want.
I prefer to avoid dotenv library and rather load the value using a make command. And export at the top of Makefile too.
Note for security reasons it is safer to only make a dev auth token in Settings which has read-only access. If you make a write token, then someone who steals your token can write to all of your repositories, not just the one.
Also when you make need to get access to read all public repos under permissions and then generate a new token. Maybe you didn’t tick that before.
You can also test out your token outside of Jekyll by doing a request with it to a repo as per GH REST API docs.
But when adding it in the project root folder, and add gem dotenv, it will raise the auth error. It means the env is loaded, but it is not valid in the calling of github-metadata plugin.
Not sure if it requires extra setting. I am using a Windows 10/Ruby 2.7.
But, you are using the GitHub Metadata plugin. When that plugin runs, it has no concept of the dotenv plugin or of a script like above.
You’d have to write you own logic which setups up dotenv and then calls the GH Metadata plugin, but that is not worth the effort. And you might end up running the metadata plugin twice.