fix: Use PAT for rebase workflow to trigger subsequent checks (#1001)

mPokornyETM · web-flow · commit 593a2e8fe6b5 · 2026-04-10T22:52:11.000+02:00
When using github.token, force-pushes don't trigger other workflows
like Jenkins Security Scan. Using a PAT (GH_TOKEN secret) fixes this.

Falls back to github.token if secret is not configured.

To complete this fix, a repository admin needs to:
1. Create a PAT with 'repo' and 'workflow' scopes
2. Add it as repository secret named GH_TOKEN
diff --git a/.github/workflows/rebase-open-prs.yml b/.github/workflows/rebase-open-prs.yml
@@ -15,6 +15,8 @@ jobs:
     steps:
       - uses: mPokornyETM/rebase-open-prs-action@v1
         env:
-          GH_TOKEN: ${{ github.token }}
+          # Use PAT to trigger subsequent workflows (security scan, etc.)
+          # Falls back to github.token if GH_TOKEN secret is not set
+          GH_TOKEN: ${{ secrets.GH_TOKEN || github.token }}
         with:
-          github-token: ${{ github.token }}
+          github-token: ${{ secrets.GH_TOKEN || github.token }}
