From afbd73e36898db4766573c7f317a3d507548bad0 Mon Sep 17 00:00:00 2001
From: sebthom <sebthom@users.noreply.github.com>
Date: Fri, 5 Dec 2025 20:20:46 +0100
Subject: [PATCH] ci: fix publish release workflow

---
 .github/workflows/build.yml           | 10 ++++------
 .github/workflows/publish-release.yml | 15 ++++++++++++---
 2 files changed, 16 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5281fb6..4975f99 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -10,11 +10,8 @@ on:  # https://docs.github.com/en/actions/reference/workflows-and-actions/events
     # https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule
     - cron: '0 15 1 * *'
   push:
-    branches:
-    - main
-    - release
-    tags-ignore:  # don't build tags
-    - '**'
+    branches: ['**']  # build all branches
+    tags-ignore: ['**'] # don't build tags
     paths-ignore:
     - '**/*.md'
     - '.act*'
@@ -57,7 +54,8 @@ jobs:
   build:
   ###########################################################
 
-    if: github.event_name != 'push' || github.ref == 'refs/heads/main'
+    # Run on push for all branches; on pull_request only for forked PRs to avoid duplicate builds for same-repo branches
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
 
     permissions:
       packages: write
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 5f27db3..13afe67 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -37,18 +37,27 @@ jobs:
       run: env | sort
 
 
+    - name: Generate GitHub Access Token
+      uses: tibdex/github-app-token@v2  # https://github.com/tibdex/github-app-token
+      id: generate_token
+      # see https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens
+      with:
+        # see https://github.com/organizations/Second-Hand-Friends/settings/apps/kleinanzeigen-bot-tu
+        app_id: ${{ secrets.DEPS_UPDATER_APP_ID }}
+        private_key: ${{ secrets.DEPS_UPDATER_PRIVATE_KEY }}
+
+
     - name: Git Checkout
       uses: actions/checkout@v5  # https://github.com/actions/checkout
       with:
+        token: ${{ steps.generate_token.outputs.token }}
         ref: main
+        fetch-depth: 0
 
 
     - name: Push main to release branch
       run: |
         set -eux
 
-        git config user.name "github-actions[bot]"
-        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-
         # Push current main state to release branch to trigger release creation
         git push origin HEAD:release