From 8a45e5a7c74fc50fcbd5f1646e2d3ede25a0503b Mon Sep 17 00:00:00 2001
From: Anagh Hegde <anagh.hv@gmail.com>
Date: Thu, 14 Nov 2024 14:52:54 +0530
Subject: [PATCH] chore: update sync to pg workflow to use github pat for
 accessing the secrets (#36944)

## Description
In order to modify a workflow, a GitHub App, such as the one used for
issuing tokens for GitHub Actions, requires the workflow scope. This is
so that GitHub Apps you've added to your repository can't access the
secrets in your repository without your permission. The token issued for
GitHub Actions doesn't have this permission by default.
This PR adds pat token to the push command. This is to avoid failures
when the secrets are modified in the repositories.
## Automation

/ok-to-test tags=""

### :mag: Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!WARNING]
> Tests have not run on the HEAD
b09d3542da73c527a1a52c93abb3b06a595c3bd3 yet
> <hr>Wed, 13 Nov 2024 06:09:54 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [ ] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

- **Chores**
- Updated the push command for merging the `release` branch into the
`pg` branch to use a personal access token for enhanced security.
- Modified error message capture to align with the new push command for
better error tracking.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---
 .github/workflows/sync-release-to-pg.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/sync-release-to-pg.yml b/.github/workflows/sync-release-to-pg.yml
index a962d28c9e..e4cc227b29 100644
--- a/.github/workflows/sync-release-to-pg.yml
+++ b/.github/workflows/sync-release-to-pg.yml
@@ -51,13 +51,13 @@ jobs:
         if: env.MERGE_CONFLICT == 'false'
         run: |
           set -e
-          git push origin pg || echo "PUSH_FAILURE=true" >> $GITHUB_ENV
+          git push https://${{ secrets.PAT_GITHUB }}@github.com/${{ github.repository }} HEAD:pg || echo "PUSH_FAILURE=true" >> $GITHUB_ENV
 
       - name: Capture push failure message
         if: env.PUSH_FAILURE == 'true'
         run: |
           # Capture the last git error message
-          push_error_message=$(git push origin pg 2>&1 | tail -n 1)
+          push_error_message=$(git push https://${{ secrets.PAT_GITHUB }}@github.com/${{ github.repository }} HEAD:pg 2>&1 | tail -n 1)
           echo "PUSH_ERROR_MESSAGE=$push_error_message" >> $GITHUB_ENV
 
       - name: Notify on push failure