merge-upstream workflow to create PRs with latest changes from upstream

[fopina]

Workflow to open pull requests with latest changes from projectdiscovery/httpx to keep this fork up-to-date.

This requires a PAT that is able to open PRs as GITHUB_TOKEN will get blocked due to not being able to trigger PR workflows - even if permission to create PRs is added, it can never trigger workflows.

This closes #27

[gsilvapt]

Just to confirm, I can override the repository secret GITHUB_TOKEN with a PAT, correct?
Thanks!

[fopina]

GITHUB_TOKEN is a specially scoped secret added on each run, not a repository secret.

As it cannot trigger workflows on PRs, we need a PAT to be used instead.

The action expects the secret as input, so it can be named however we want, I was just suggesting setting it at org level instead of repository.

Probably a name like SURF_BOT_PAT sounds good! (And then I need to update this PR)

[gsilvapt]

GITHUB_TOKEN is a specially scoped secret added on each run, not a repository secret.

As it cannot trigger workflows on PRs, we need a PAT to be used instead.

The action expects the secret as input, so it can be named however we want, I was just suggesting setting it at org level instead of repository.

Probably a name like SURF_BOT_PAT sounds good! (And then I need to update this PR)

We need to start managing this org through Terraform, to facilitate scoping secrets 😂
I'll add the secret at org-level and come back to this PR to let you know (so we can proceed). The secret will be named SURF_BOT_PAT if you want to start working on this.

[gsilvapt]

Done 👍 Tried the new token types, not sure if permission-wise it's all right so we will probably to iterate once or twice 😅 GitHub developer experience...

[fopina]

Workflow updated with the secret name then!

[sonarqubecloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[gsilvapt]

LGTM, let's test drive it :)