From d4b8575b405ab54ed85d64ecc33b58f15d0d6b4b Mon Sep 17 00:00:00 2001
From: Mats Blomdahl <mats.blomdahl@gmail.com>
Date: Sun, 23 Oct 2022 11:39:57 +0200
Subject: [PATCH] Add PAT for Protected Branch Push Access (#93)

- Use `persist-credentials: false`, "... otherwise, the token used is the GITHUB_TOKEN, instead of your personal access token" (from https://github.com/ad-m/github-push-action#readme)
- Always fetch latest `default` branch before publishing pre-release
---
 .github/workflows/publish-prerelease.yml | 6 +++++-
 .github/workflows/publish-release.yml    | 3 ++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/publish-prerelease.yml b/.github/workflows/publish-prerelease.yml
index b9d034a..a280cd4 100644
--- a/.github/workflows/publish-prerelease.yml
+++ b/.github/workflows/publish-prerelease.yml
@@ -17,6 +17,10 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v3
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+          ref: issue-93-gh-actions
       - uses: actions/setup-node@v3
         with:
           node-version: 16
@@ -63,4 +67,4 @@ jobs:
         uses: ad-m/github-push-action@master
         with:
           branch: master
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.GHA_MAPBOXGLCIRCLE_GITHUB_TOKEN }}
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index b7e2bc6..5fb32be 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -14,6 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
         with:
+          persist-credentials: false
           fetch-depth: 0
           ref: master
       - uses: actions/setup-node@v3
@@ -62,4 +63,4 @@ jobs:
         uses: ad-m/github-push-action@master
         with:
           branch: master
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.GHA_MAPBOXGLCIRCLE_GITHUB_TOKEN }}