fix: Update sync-workflows.yml

.github/workflows/sync-workflows.yml

@@ -7,9 +7,8 @@
 name: Sync Workflows
 
 on:
-  push:
-    branches: 
-      - dev # The branches below must be a subset of the branches above
+  pull_request:
+    branches: [ "dev" ] # The branches below must be a subset of the branches above
   workflow_dispatch:
 
 jobs:
@@ -87,13 +86,19 @@ jobs:
           SPECIFIC_FILES: ${{ vars.SPECIFIC_FILES }}  # List of specific files not to copy to certain repositories
           SPECIFIC_REPOS: ${{ vars.SPECIFIC_REPOS }}  # List of specific repositories needing specific files not included
           PR_REVIEWERS: ${{ vars.PR_REVIEWERS }}  # List of reviewers
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
         run: |
           SIGNED_OFF_BY="Signed-off-by: ${{ env.PR_AUTHOR_NAME_FULL }} <${{ env.PR_AUTHOR_EMAIL }}>"
+          export GH_USERNAME=${{ secrets.GH_USERNAME }}
+          export GH_TOKEN=${{ secrets.GH_TOKEN_LIB }}
+
+          # Configure Git user details
+          git config --global user.name "${{ secrets.GH_USERNAME }}"
+          git config --global user.email "${{ env.PR_AUTHOR_EMAIL }}"  # Optional, but recommended for commits
+
           for repo in $REPOS; do
-            git clone https://github.com/frmscoe/$repo.git
+            git clone https://x-access-token:${{ secrets.GH_TOKEN_LIB }}@github.com/frmscoe/$repo.git
             cd $repo
-            git remote set-url origin https://x-access-token:${{ secrets.GH_TOKEN }}@github.com/frmscoe/$repo.git
+            git remote set-url origin https://x-access-token:${{ secrets.GH_TOKEN_LIB }}@github.com/frmscoe/$repo.git
 
             if git ls-remote --heads origin sync-workflows-update | grep sync-workflows-update; then
               # Branch exists, pull the latest changes
@@ -126,11 +131,7 @@ jobs:
             git add .
             git commit -m "ci: sync workflows from central-workflows ${SIGNED_OFF_BY}" || echo "No changes to commit"
             git push origin sync-workflows-update || git push origin sync-workflows-update --force
-
-            # Clear the GITHUB_TOKEN environment variable and use a temporary file for gh authentication
-            echo "${{ secrets.GH_TOKEN }}" > /tmp/gh_token
-            unset GITHUB_TOKEN
-            gh auth login --with-token < /tmp/gh_token
+
 
             # Create the PR with reviewers
             IFS=',' read -ra REVIEWERS <<< "${PR_REVIEWERS}"
@@ -141,8 +142,5 @@ jobs:
 
             gh pr create --title "ci: sync workflows from central-workflows" --body "This PR syncs workflows from the central-workflows repository. ${SIGNED_OFF_BY}" --base dev --head sync-workflows-update $REVIEWERS_ARGS || echo "PR already exists, updating existing PR"
 
-            # Cleanup
-            rm /tmp/gh_token
-
             cd ..
           done