From 0b66872d6ba46f065e363a529c594eb0a11f43a4 Mon Sep 17 00:00:00 2001 From: TonyBlu Date: Mon, 25 May 2026 22:50:00 +0800 Subject: [PATCH] fix(ci): use UPSTREAM_TOKEN for both checkout and sync push GITHUB_TOKEN cannot push commits that contain changes to .github/workflows/ files (GitHub security restriction). Use a Classic PAT with 'repo' + 'workflow' scopes instead. Also add explicit checkout with fetch-depth:0 and ref:master so the Fork-Sync action has full history for merging. --- .github/workflows/sync-upstream.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sync-upstream.yml b/.github/workflows/sync-upstream.yml index 87a8c30..c09b088 100644 --- a/.github/workflows/sync-upstream.yml +++ b/.github/workflows/sync-upstream.yml @@ -16,7 +16,14 @@ jobs: if: ${{ github.event.repository.fork }} steps: + # Checkout with UPSTREAM_TOKEN (Classic PAT with repo + workflow scope) + # GITHUB_TOKEN cannot push commits that modify .github/workflows/ files - uses: actions/checkout@v4 + with: + ref: master + fetch-depth: 0 + token: ${{ secrets.UPSTREAM_TOKEN }} + persist-credentials: true - name: Clean issue notice uses: actions-cool/issues-helper@e361abf610221f09495ad510cb1e69328d839e1c # v3.7.6 @@ -31,7 +38,7 @@ jobs: upstream_sync_repo: alexta69/metube upstream_sync_branch: master target_sync_branch: master - target_repo_token: ${{ secrets.GITHUB_TOKEN }} # automatically generated, no need to set + target_repo_token: ${{ secrets.UPSTREAM_TOKEN }} test_mode: false - name: Sync check