don't persist credentials so pat is used for repo-sync

[rsese]

Why:

• x-ref: https://github.com/github/docs-engineering/issues/5808

repo-sync is failing:

https://github.com/github/docs/actions/runs/19864074248

UPSTREAM_REPO=https://***@github.com/github/docs-internal.git
BRANCHES=main:repo-sync
Resetting origin to: ***github.com/github/docs
Adding tmp_upstream https://***@github.com/github/docs-internal.git
Fetching tmp_upstream
remote: Repository not found.
fatal: repository 'https://github.com/github/docs-internal.git/' not found

and repo-sync sets the repo with a token in the URL:

          source_repo: https://${{ secrets.DOCS_BOT_PAT_REPO_SYNC }}@github.com/github/${{ github.repository ==

seems this started after the update to actions/checkout v6?

What's being changed (if available, include any code snippets, screenshots, or gifs):

• set persist-credentials: false for actions/checkout

this defaults to true and we use a PAT anyways, so 's theory is that v6 somehow is overriding the PAT even though it's embedded in the URL 🤔 worth a try?

Check off the following:

• A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
• The changes in this PR meet the docs fundamentals that are required for all content.
• All CI checks are passing and the changes look good in the review environment.

[github-actions]

👋 Hey there spelunker. It looks like you've modified some files that we can't accept as contributions:

• .github/workflows/repo-sync.yml

You'll need to revert all of the files you changed that match that list using GitHub Desktop or git checkout origin/main <file name>. Once you get those files reverted, we can continue with the review process.

The complete list of files we can't accept are:

• .devcontainer/**
• .github/**
• data/reusables/rai/**
• Dockerfile*
• src/**
• package*.json
• content/actions/how-tos/security-for-github-actions/security-hardening-your-deployments/**

We also can't accept contributions to files in the content directory with frontmatter type: rai or contentType: rai.

[github-actions]

How to review these changes 👓

Thank you for your contribution. To review these changes, choose one of the following options:

• Spin up a codespace
• Set up a local development environment

A Hubber will need to deploy your changes internally to review.

Table of review links

Note: Please update the URL for your staging server or codespace.

This pull request contains code changes, so we will not generate a table of review links.

🤖 This comment is automatically generated.

[Copilot]

Pull request overview

This PR addresses a repo-sync workflow failure by preventing actions/checkout from persisting Git credentials that were overriding the PAT (Personal Access Token) required for syncing between the public and private docs repositories.

Key Changes:

• Added persist-credentials: false to the checkout step in the repo-sync workflow to prevent credential persistence from interfering with the PAT embedded in the source repository URL

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

[nitpick] For consistency with the existing usage in .github/workflows/check-broken-links-github-github.yml (line 30), consider using the string 'false' instead of the boolean false for the persist-credentials parameter.

While both values are functionally equivalent in GitHub Actions YAML, maintaining consistency across the codebase makes the patterns easier to follow.

Suggested change

	persist-credentials: false
	persist-credentials: 'false'

[github-actions]

Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues ⚡