Update tag-with-gitversion.yml

dotnetprog · web-flow · commit 9458516e3ba8 · 2025-08-28T13:18:35.000-04:00
diff --git a/.github/workflows/tag-with-gitversion.yml b/.github/workflows/tag-with-gitversion.yml
@@ -28,16 +28,26 @@ jobs:
      
       - name: Create and push annotated tag (minor+1, patch=0)
         env:
-          GH_TOKEN: ${{ secrets.GIST_AUTH_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ secrets.GIST_AUTH_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           set -euo pipefail
           MAJOR="${{ steps.gitversion.outputs.major }}"
           MINOR="${{ steps.gitversion.outputs.minor }}"
           # increment minor and set patch to 0
           NEW_MINOR=$((MINOR + 1))
           TAG="v${MAJOR}.${NEW_MINOR}.0"
-          git config user.name github-actions[bot]
-          git config user.email 41898282+github-actions[bot]@users.noreply.github.com
-          git tag -a $TAG -m "Tag created by GitHub Actions using GitVersion (incremented minor)"
-          git push origin $TAG
+          echo "Computed tag: $TAG"
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          # create annotated tag (fail if exists)
+          git tag -a "$TAG" -m "Tag created by GitHub Actions using GitVersion (incremented minor)"
+          # choose token: use PAT if provided (recommended), otherwise fallback to GITHUB_TOKEN
+          TOKEN="${PERSONAL_ACCESS_TOKEN:-${GITHUB_TOKEN}}"
+          if [ -z "$TOKEN" ]; then
+            echo "No token available to push tag"
+            exit 1
+          fi
+          # Push the tag using the chosen token over HTTPS to ensure it triggers other workflows
+          git push "https://x-access-token:${TOKEN}@github.com/${{ github.repository }}" "$TAG"
 
