diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 553956564..0c35c546a 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -65,6 +65,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ github.head_ref }} + token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Setup Go environment uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -111,6 +112,7 @@ jobs: It updates the hardcoded measurements and the image version (for QEMU/MiniConstellation). commit-message: "image: update measurements and image version" committer: edgelessci + author: edgelessci labels: no changelog # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }} diff --git a/.github/workflows/update-rpms.yml b/.github/workflows/update-rpms.yml index 11bca85dc..d8e92a488 100644 --- a/.github/workflows/update-rpms.yml +++ b/.github/workflows/update-rpms.yml @@ -14,6 +14,8 @@ jobs: steps: - name: Checkout uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + with: + token: ${{ secrets.CI_COMMIT_PUSH_PR }} - name: Assume AWS role to upload Bazel dependencies to S3 uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2 @@ -49,6 +51,7 @@ jobs: It updates the locked rpm packages that form the Constellation OS images. commit-message: "image: update locked rpms" committer: edgelessci + author: edgelessci labels: dependencies # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }}