💚 ci: use different token for dependabot checkout

ljnsn · Mar 14, 2024 · f2cf5dc · f2cf5dc
1 parent 8014158
commit f2cf5dc
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/.github/workflows/pythonpackage.yml b/.github/workflows/pythonpackage.yml
@@ -51,11 +51,20 @@ jobs:
       !startsWith(github.event.head_commit.message, 'bump(release):')
     name: "Bump version and create changelog with commitizen"
     steps:
-      - name: Check out
+      - name: Checkout
+        if: github.actor == 'dependabot[bot]'
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: "${{ secrets.PERSONAL_ACCESS_TOKEN }}"
+          token: ${{ github.token }}
+          submodules: recursive
+      - name: Checkout
+        if: github.actor != 'dependabot[bot]'
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          submodules: recursive
       - name: Create bump and changelog
         uses: commitizen-tools/commitizen-action@master
         with: