chore: add explicit usage of custom GITHUB_TOKEN (#1150)

/kind chore /area ci Even though workflow uses GH_TOKEN i explicitly replace default GITHUB_TOKEN, so we do not use it. Possibly fixing workflow runs on PRs from actions.
kyma-project · Nov 26, 2024 · ede044e · ede044e
1 parent 05ef114
commit ede044e
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/.github/workflows/update-sec-scanner.yaml b/.github/workflows/update-sec-scanner.yaml
@@ -2,16 +2,14 @@ name: Update sec-scanners-config.yaml
 on:
   schedule:
     - cron: '21 * * * *'
-permissions:
-  contents: write
-  pull-requests: write
 
 jobs:
   update-sec-scanners:
     name: update sec-scanners-config.yaml
     runs-on: ubuntu-latest
     env:
       IMAGE: europe-docker.pkg.dev/kyma-project/prod/istio/main/istio-manager
+      GITHUB_TOKEN: ${{ secrets.GOAT_BOT_REPO_ACCESS }}
     steps:
       - uses: actions/checkout@v4
         with:
@@ -35,8 +33,8 @@ jobs:
           GH_TOKEN: ${{ secrets.GOAT_BOT_REPO_ACCESS }}
           IMAGE_TAG: ${{ steps.latest-sha.outputs.image-tag }}
         run: |
-          git config user.name "kyma-goat-bot"
-          git config user.email "goattest@sap.com"
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
           
           git fetch origin
           git checkout -f autobump/sec-scanners-config
@@ -49,4 +47,4 @@ jobs:
           fi
           git commit -m "chore: automatic update sec-scanners-config.yaml" -m "Generated by GitHub Actions"
           git push -f -u origin autobump/sec-scanners-config
-          gh pr create --base main --head autobump/sec-scanners-config --fill --label dependencies
+          gh pr create --base main --head autobump/sec-scanners-config --fill --label dependencies || true