Cleanup and improvement.

Author: desrosj

…/workflows/pull-requests-built-files.yml .github/workflows/check-built-files.yml.github/workflows/pull-requests-built-files.yml renamed to .github/workflows/check-built-files.yml .github/workflows/pull-requests-built-files.yml renamed to .github/workflows/check-built-files.yml

@@ -1,7 +1,11 @@
-# Responsible for checking pull requests for changes to built files.
-name: Manage Built Files for PRs
+# Checks for uncommitted changes to built files and pushes changes back.
+name: Check built files
 
 on:
+  # Because all commits happen through SVN and should always be manually reviewed by a committer, this workflow only
+  # runs for pull requests.
+  #
+  # Other workflows that run on push will detect changes to versioned files and fail.
   pull_request_target:
     branches:
       - trunk
@@ -21,7 +25,7 @@ on:
       # These files configure Composer. Changes could affect the outcome.
       - 'composer.*'
       # Confirm any changes to relevant workflow files.
-      - '.github/workflows/pull-requests-built-files.yml'
+      - '.github/workflows/check-built-files.yml'
 
 # Cancels all previous workflow runs for pull requests that have not completed.
 concurrency:
@@ -35,12 +39,34 @@ permissions: {}
 
 jobs:
   # Checks a PR for uncommitted changes to built files.
+  #
+  # This job uses a GitHub App instead of $GITHUB_TOKEN because Dependabot pull requests are only granted
+  # read-only access.
+  #
+  # Performs the following steps:
+  # - Generates a token for authenticating with the GitHub App.
+  # - Checks out the repository.
+  # - Sets up Node.js.
+  # - Configures caching for Composer.
+  # - Installs Composer dependencies.
+  # - Logs general debug information about the runner.
+  # - Installs npm dependencies.
+  # - Builds CSS file using SASS.
+  # - Builds Emoji files.
+  # - Builds bundled Root Certificate files.
+  # - Builds WordPress.
+  # - Configures the Git author.
+  # - Checks for changes to versioned files.
+  # - Stages changes.
+  # - Commits changes.
+  # - Pushes changes.
   update-built-files:
-    name: Updates built files when necessary
+    name: Check and update built files
     runs-on: ubuntu-24.04
     permissions:
       contents: write
-    if: ${{ github.event_name == 'pull_request_target' && github.event.commits < 2 && 'dependabot[bot]' == github.actor }}
+    # This prevents a second run after changes are committed back because Dependabot always rebases updates onto trunk.
+    if: ${{ github.actor != 'dependabot[bot]' || github.event.commits < 2 }}
     steps:
       - name: Generate Installation Token
         id: generate_token
@@ -134,7 +160,7 @@ jobs:
           git config user.name "dependabot[bot]"
           git config user.email 49699333+dependabot[bot]@users.noreply.github.com
 
-      - name: Ensure version-controlled files are not modified or deleted during building
+      - name: Check for changes to versioned files
         id: built-file-check
         run: |
           diff_output=$(git diff)