From 3f4ef20cee05ea64702483d5a6164b3fb4fa2b9d Mon Sep 17 00:00:00 2001
From: Nicolas Vuillamy <nicolas.vuillamy@gmail.com>
Date: Fri, 19 May 2023 09:06:50 +0200
Subject: [PATCH] Update mega-linter.yml to manage permissions & trigger
 workflows after auto-commit

If you accept this PR, you need to:

  - [Create Fine Grained Personal Access Token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token#creating-a-fine-grained-personal-access-token), scoped only on your repository and then copy the PAT value
  - [Define environment secret variable](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-an-environment) on named **PAT** on your repository environment "megalinter", and paste the PAT value
---
 .github/workflows/mega-linter.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index 85afb9c..0002fed 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -7,7 +7,7 @@ on:
   # Trigger mega-linter at every push. Action will also be visible from Pull Requests to main
   #push: # Comment this line to trigger action only on pull-requests (not recommended if you don't pay for GH Actions)
   pull_request:
-    branches: [master, main]
+    branches: [main]
 
 permissions:
   contents: write
@@ -28,13 +28,15 @@ jobs:
   build:
     name: MegaLinter
     runs-on: ubuntu-latest
+    environment:
+      name: megalinter
     continue-on-error: true
     steps:
       # Git Checkout
       - name: Checkout Code
         uses: actions/checkout@v3
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           fetch-depth: 0
 
       # MegaLinter
@@ -70,7 +72,7 @@ jobs:
         if: steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
         uses: peter-evans/create-pull-request@v5
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
           commit-message: "[MegaLinter] Apply linters automatic fixes"
           title: "[MegaLinter] Apply linters automatic fixes"
           labels: bot