Fix MegaLinter auto-fix PR creation

[FlorianPfaff]

Summary

• Use the workflow-scoped ${{ github.token }} for the MegaLinter auto-fix PR step instead of preferring a repository PAT.
• Generate a run-specific MegaLinter fix branch (megalinter-fixes-${{ github.run_id }}) to avoid force-updating a stale/diverged megalinter-fixes branch.
• Document the reason in the workflow: the failing run linted successfully, but peter-evans/create-pull-request failed while pushing the generated fixes with HTTP 403.

Context

The referenced MegaLinter run successfully linted all files and generated four auto-formatting fixes, then failed only when pushing the auto-fix PR branch. The log showed:

remote: Permission to FlorianPfaff/PyRecEst.git denied to FlorianPfaff.
fatal: unable to access 'https://github.com/FlorianPfaff/PyRecEst/': The requested URL returned error: 403

Using the job token with explicit job-level contents: write / pull-requests: write permissions avoids a misconfigured PAT overriding the workflow token, and the unique branch name avoids branch divergence problems from reusing megalinter-fixes.

Testing

Not run locally. This is a GitHub Actions workflow-only change.

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	18.65s
✅ JSON	prettier	2	0	0	0	0.75s
✅ JSON	v8r	2		0	0	2.12s
✅ MARKDOWN	markdownlint	28	0	0	0	1.39s
✅ MARKDOWN	markdown-table-formatter	28	0	0	0	0.39s
✅ PYTHON	bandit	488		0	0	7.64s
✅ PYTHON	black	488	3	0	0	12.11s
✅ PYTHON	flake8	488		0	0	4.24s
✅ PYTHON	isort	488	4	0	0	0.9s
✅ PYTHON	mypy	488		0	0	6.13s
✅ PYTHON	pylint	488		0	0	107.61s
✅ PYTHON	ruff	488	4	0	0	0.09s
✅ REPOSITORY	checkov	yes		no	no	21.73s
✅ REPOSITORY	gitleaks	yes		no	no	9.85s
✅ REPOSITORY	git_diff	yes		no	no	0.06s
✅ REPOSITORY	secretlint	yes		no	no	9.0s
✅ REPOSITORY	syft	yes		no	no	3.11s
✅ REPOSITORY	trivy-sbom	yes		no	no	3.57s
✅ REPOSITORY	trufflehog	yes		no	no	22.16s
✅ YAML	prettier	5	0	0	0	0.49s
✅ YAML	v8r	5		0	0	5.85s
✅ YAML	yamllint	5		0	0	0.41s

See detailed reports in MegaLinter artifacts

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.4.0 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_RUFF,COPYPASTE_JSCPD,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository