From 280b3f0f624de6f3fc7c54c0304ef32a764a0aa9 Mon Sep 17 00:00:00 2001 From: Barrett Ruth <62671086+barrettruth@users.noreply.github.com> Date: Tue, 3 Mar 2026 15:43:49 -0500 Subject: [PATCH] ci(digest): push with PAT to trigger CI and auto-approve as barrettruth (#56) ci(digest): push branch with PAT so CI triggers Problem: GITHUB_TOKEN suppresses all downstream workflow triggers including push events, so CI never runs on the digest branch. Solution: push with DIGEST_PAT (triggers CI as a real user push), then reset the remote to GITHUB_TOKEN for PR creation. Admin bypass on the ruleset handles the review requirement. --- .github/workflows/upstream-digest.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/upstream-digest.yml b/.github/workflows/upstream-digest.yml index f3482cc..39a8813 100644 --- a/.github/workflows/upstream-digest.yml +++ b/.github/workflows/upstream-digest.yml @@ -36,12 +36,14 @@ jobs: git checkout -b "${BRANCH}" git add doc/upstream.md git commit -m "docs(upstream): upstream digest $(date +%Y-%m-%d)" + git remote set-url origin "https://x-access-token:${{ secrets.DIGEST_PAT }}@github.com/barrettruth/canola.nvim.git" git push --force origin "${BRANCH}" - if ! gh pr list --head "${BRANCH}" --state open --json number --jq '.[0].number' | grep -q .; then - PR_URL=$(gh pr create \ + if ! GH_TOKEN="${{ secrets.GITHUB_TOKEN }}" gh pr list --head "${BRANCH}" --state open --json number --jq '.[0].number' | grep -q .; then + PR_URL=$(GH_TOKEN="${{ secrets.GITHUB_TOKEN }}" gh pr create \ --title "docs(upstream): upstream digest" \ --body "Automated weekly digest of new upstream activity. Triage by updating statuses and notes." \ --base main \ --head "${BRANCH}") - gh pr merge "${PR_URL}" --auto --squash + GH_TOKEN="${{ secrets.DIGEST_PAT }}" gh pr review "${PR_URL}" --approve + GH_TOKEN="${{ secrets.GITHUB_TOKEN }}" gh pr merge "${PR_URL}" --auto --squash fi