[CI] Fix update-website.yml

[sbc100]

• Ignore changes that only include AUTHORS.html
• Use EMSCRIPTEN_BOT_TOKEN when checking out the -site repo since we need that in order to push to it
• Move -site repo checkout to within the emscripten checkout.

[sbc100]

I'm now able to manually trigger the update-website action from this PR branch so I think we can iterate here until its working.

[sbc100]

I'm seeing:

remote: Permission to kripken/emscripten-site.git denied to github-actions[bot].
247
fatal: unable to access 'https://github.com/kripken/emscripten-site/': The requested URL returned error: 403

which I guess makes sense since we are trying to push directly rather than to a fork.

[sbc100]

@dschuff any idea where the best place to start is? Should we add emscripten-bot@ as a collaborator on the emscripten-site or do we need to issue some new token.

[kripken]

lgtm but I don't know anything about the token stuff

[dschuff]

We discussed this a bit offline, but for the record, when you use the token here, the actions should be done with the permissions of @emscripten-bot (so the fact that github-actions[bot] is showing up here means the token isn't being used). We can add give @emscripten-bot permission to push to the site, or we can let it use its own fork and push to that, and then it should be able to open PRs against the site without any special permissions.

[sbc100]

Turns out it was the checkout action that was fucking things up since it was overriding the auth method for the repo. Using token: ${{ secrets.EMSCRIPTEN_BOT_TOKEN }} during checkout fixed the issue.

[sbc100]

OK this seems to be working now. I think we should be good to land. PTAL

[dschuff]

Turns out that this doesn't actually matter; gh respects both for some reason.