diff --git a/.github/workflows/rebase-upstream.yml b/.github/workflows/rebase-upstream.yml index 38af44d214b0..abd12c970a57 100644 --- a/.github/workflows/rebase-upstream.yml +++ b/.github/workflows/rebase-upstream.yml @@ -9,7 +9,6 @@ on: permissions: contents: write issues: write - workflows: write jobs: rebase: @@ -19,7 +18,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.WORKFLOW_TOKEN || secrets.GITHUB_TOKEN }} - name: Setup git run: | diff --git a/.github/workflows/release-patched-version.yml b/.github/workflows/release-patched-version.yml index ec0ecef3a9df..603a186df3d2 100644 --- a/.github/workflows/release-patched-version.yml +++ b/.github/workflows/release-patched-version.yml @@ -15,7 +15,6 @@ on: permissions: contents: write - workflows: write jobs: create-patched-release: @@ -29,7 +28,7 @@ jobs: uses: actions/checkout@v4 with: fetch-depth: 0 - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.WORKFLOW_TOKEN || secrets.GITHUB_TOKEN }} - name: Setup git run: | diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md index ebe3478cf51f..1a65fb175f1f 100644 --- a/DEPLOYMENT.md +++ b/DEPLOYMENT.md @@ -4,6 +4,16 @@ This fork maintains patches on top of upstream BuildKit using a rebase workflow. Our `master` branch contains upstream BuildKit plus our custom patches rebased on top. +## Setup Requirements + +If your patches modify workflow files (`.github/workflows/*.yml`), you need to create a Personal Access Token: + +1. Go to GitHub Settings > Developer settings > Personal access tokens +2. Create a new token with `repo` and `workflow` scopes +3. Add it as a secret named `WORKFLOW_TOKEN` in your repository settings + +Without this token, the workflows will fall back to using `GITHUB_TOKEN`, which cannot push workflow changes. + ## Creating a Patched Release To deploy a patched version of BuildKit: