From 957c59546b68091b97524bda991a0d2deafe8536 Mon Sep 17 00:00:00 2001
From: Trey <tgrunnagle@gmail.com>
Date: Thu, 13 Nov 2025 08:48:22 -0800
Subject: [PATCH] Fix update_thv_models GHA

**Problem**

PRs created by the update_thv_models action are not triggering PR related actions (namely quality checks). This is a deliberate limitation imposed by GitHub Actions that an action cannot trigger other workflows. However, we want quality checks on this action since it is updating model code.

**Solution**

Based on [this discussion](https://github.com/peter-evans/create-pull-request/issues/48#issuecomment-536204092):
GitHub is determining that API calls are coming from actions by checking the authentication token. If you use a repo scoped token instead of the default GITHUB_TOKEN then the on: pull_request workflow will run checks against the created pull request.

As part of this change, I've created a repo-scoped PAT (with only PR r/w permissions) for stacklok's 'bot' account and saved it as a repo secret.
---
 .github/workflows/update-thv-models.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-thv-models.yml b/.github/workflows/update-thv-models.yml
index a39e117..e915f9c 100644
--- a/.github/workflows/update-thv-models.yml
+++ b/.github/workflows/update-thv-models.yml
@@ -59,7 +59,9 @@ jobs:
         id: create-pr
         uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          # Ensure PR related actions (quality checks) are triggered, see
+          # https://github.com/peter-evans/create-pull-request/issues/48#issuecomment-536204092
+          token: ${{ secrets.UPDATE_THV_MODELS_GITHUB_TOKEN }}
           commit-message: |
             Update ToolHive API models