From 512cd304f0edcb02c254812a6054df7275a2715a Mon Sep 17 00:00:00 2001 From: Jack Luo Date: Tue, 22 Apr 2025 10:49:31 -0700 Subject: [PATCH] use Personal Access Token (PAT) for creating PR in the update-readme workflow (#3829) Currently, the PR made by the update-readme workflow does not trigger the CI to run, because GitHub does not trigger workflows for pull requests made by a GitHub Actions token (GITHUB_TOKEN) by default. To fix the above issue, with this PR, the workflow will now retrieve and use a Personal Access Token (PAT) for creating the PR. --- .github/workflows/update-readme.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update-readme.yml b/.github/workflows/update-readme.yml index ef6e66de..f0ba8899 100644 --- a/.github/workflows/update-readme.yml +++ b/.github/workflows/update-readme.yml @@ -7,6 +7,7 @@ on: permissions: contents: write pull-requests: write + id-token: write jobs: update-readme: @@ -49,12 +50,21 @@ jobs: git checkout -b "$BRANCH" git commit -a -m "update README with latest" git push origin "$BRANCH" + + # GitHub does not trigger workflows for pull requests made by a GitHub Actions token (GITHUB_TOKEN) by default. + # Therefore, we need to retrieve a Personal Access Token (PAT) + - name: Retrieve token from vault + uses: rancher-eio/read-vault-secrets@main + with: + secrets: | + secret/data/github/repo/${{ github.repository }}/github-token/credentials token | PAT_TOKEN ; + - name: Create Pull Request if: ${{ env.changes_exist == 'true' }} id: cpr env: SOURCE_BRANCH: ${{ steps.branch.outputs.branch }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_TOKEN: ${{ env.PAT_TOKEN }} run: | PR_TITLE="[${GITHUB_REF_NAME}] update README with latest" PR_BODY="Auto-generated by GitHub Actions"