morgane/EverShelf
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

ci: fix checkout to use github.token, WORKFLOW_PAT only for push

Browse Source
This commit is contained in:
dadaloop82
2026-05-23 09:23:48 +00:00
parent 964de98203
commit 6857c20893
1 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/ci.yml
+9 -4
View File
@@ -102,9 +102,9 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
# WORKFLOW_PAT must be a classic PAT with repo+workflow scopes. # Always use the built-in GITHUB_TOKEN for checkout (read-only fetch).
# Without it, pushes that touch .github/workflows/ will be rejected. # WORKFLOW_PAT is only needed for the push step below.
token: ${{ secrets.WORKFLOW_PAT || github.token }} token: ${{ github.token }}
- name: Configure git bot identity - name: Configure git bot identity
run: | run: |
@@ -113,7 +113,12 @@ jobs:
- name: Merge develop → main - name: Merge develop → main
run: | run: |
git remote set-url origin https://x-access-token:${{ secrets.WORKFLOW_PAT || github.token }}@github.com/${{ github.repository }}.git # WORKFLOW_PAT (classic PAT with repo+workflow scopes) is required to
# push commits that touch .github/workflows/ files.
# Falls back to GITHUB_TOKEN for non-workflow pushes.
PUSH_TOKEN="${{ secrets.WORKFLOW_PAT }}"
if [ -z "$PUSH_TOKEN" ]; then PUSH_TOKEN="${{ github.token }}"; fi
git remote set-url origin "https://x-access-token:${PUSH_TOKEN}@github.com/${{ github.repository }}.git"
LAST=$(git log --oneline -1 origin/develop) LAST=$(git log --oneline -1 origin/develop)
git checkout main git checkout main
git pull --ff-only origin main git pull --ff-only origin main