Fix workflow permissions and allow testing on non-main branches

[Copilot]

The test-openapi-directory workflow from PR #26 fails when pushing compatibility badge updates because the main branch is protected and GITHUB_TOKEN cannot bypass branch protection. Additionally, the workflow was failing when manually triggered on PR branches because it attempted to commit and push to those branches.

Changes

• Updated checkout action to use PAT_TOKEN secret instead of GITHUB_TOKEN
• Added inline documentation for token requirement
• Added if: github.ref == 'refs/heads/main' condition to commit step to only push badge data when running on main branch
• This allows the workflow to be tested on any branch without failures

Behavior

• On main branch (scheduled or manual trigger): Runs tests, commits badge data, and pushes
• On PR/feature branches (manual trigger): Runs tests but skips commit/push step

Setup Required

Create a classic PAT with repo scope and add as repository secret PAT_TOKEN:

1. Settings → Developer settings → Personal access tokens → Tokens (classic) → Generate new token
2. Select scope: repo
3. Repository → Settings → Secrets and variables → Actions → New repository secret
   • Name: PAT_TOKEN
   • Value: [paste token]

The workflow can now be tested on any branch. When running on main, it will commit and push badge data once the secret is configured.

- name: Check out repository
  uses: actions/checkout@v3
  with:
    token: ${{ secrets.PAT_TOKEN }}  # Required for protected branch push

- name: Commit compatibility data
  if: github.ref == 'refs/heads/main'  # Only commit/push on main branch
  run: |
    git config --local user.email "github-actions[bot]@users.noreply.github.com"
    git config --local user.name "github-actions[bot]"
    git add .github/compatibility.json
    git diff --staged --quiet || git commit -m "Update compatibility badge data: $(date -u '+%Y-%m-%d')"
    git push

Original prompt

One of the actions is failing: https://github.com/phalt/cicerone/actions/runs/20479368778/job/58849921167 this was because of this recent change: #26 let's fix it. I am pretty sure it's just a permissions thing

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.62%. Comparing base (26ea4e6) to head (1cca5f7).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #28   +/-   ##
=======================================
  Coverage   99.62%   99.62%           
=======================================
  Files          30       30           
  Lines         804      804           
  Branches       72       72           
=======================================
  Hits          801      801           
  Partials        3        3           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[phalt]

@copilot It would appear that this job isn't working as expected when I run it on that branch: https://github.com/phalt/cicerone/actions/runs/20486246677

[Copilot]

@copilot It would appear that this job isn't working as expected when I run it on that branch: https://github.com/phalt/cicerone/actions/runs/20486246677

Fixed in commit a66483c. The workflow now only commits/pushes when running on the main branch. When triggered on PR branches, it will run the tests but skip the commit step, allowing you to test the workflow without failures.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• https://api.github.com/repos/phalt/cicerone/actions/jobs/58869208515/logs
  • Triggering command: /usr/bin/curl curl -s -H Authorization: token -L REDACTED (http block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)