From 38f81dc8e8aac3f231aeca4ec23d24bcb90da55d Mon Sep 17 00:00:00 2001
From: Florian Pfaff <6773539+FlorianPfaff@users.noreply.github.com>
Date: Tue, 5 May 2026 14:40:57 +0200
Subject: [PATCH] Fix MegaLinter auto-fix PR creation

---
 .github/workflows/mega-linter.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/mega-linter.yml b/.github/workflows/mega-linter.yml
index 1fca3addf..ab8b093d3 100644
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@@ -108,10 +108,13 @@ jobs:
         if: github.ref == 'refs/heads/main' && steps.ml.outputs.has_updated_sources == 1 && (env.APPLY_FIXES_EVENT == 'all' || env.APPLY_FIXES_EVENT == github.event_name) && env.APPLY_FIXES_MODE == 'pull_request' && (github.event_name == 'push' || github.event.pull_request.head.repo.full_name == github.repository) && !contains(github.event.head_commit.message, 'skip fix')
         uses: peter-evans/create-pull-request@v8
         with:
-          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
+          # Prefer the scoped workflow token over a user PAT. In the failing run,
+          # the auto-fix PR push failed with a 403 despite job-level write permissions.
+          token: ${{ github.token }}
           commit-message: "[MegaLinter] Apply linters automatic fixes"
           title: "[MegaLinter] Apply linters automatic fixes"
-          branch: megalinter-fixes
+          # Avoid force-updating a stale or diverged auto-fix branch.
+          branch: megalinter-fixes-${{ github.run_id }}
           labels: bot
           base: main