From 9347c61bc0cbed0d2062b930144c2cbd557f9189 Mon Sep 17 00:00:00 2001
From: Austin Horstman <khaneliman12@gmail.com>
Date: Wed, 2 Jul 2025 12:17:42 -0500
Subject: [PATCH] ci: use GITHUB_TOKEN when app config missing (#7374)

Allow testing workflows more on forks when app configuration missing.

Signed-off-by: Austin Horstman <khaneliman12@gmail.com>
---
 .github/workflows/backport.yml           |  9 +++------
 .github/workflows/update-flake.yml       | 15 +++++++++------
 .github/workflows/update-maintainers.yml |  6 ++++--
 3 files changed, 16 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
index ae82a0dff..fe8f7ef5d 100644
--- a/.github/workflows/backport.yml
+++ b/.github/workflows/backport.yml
@@ -1,13 +1,11 @@
 # Based on
 # https://github.com/NixOS/nixpkgs/blob/2566f9dc/.github/workflows/backport.yml
 name: Backport
-
 on:
   pull_request_target:
     types:
       - closed
       - labeled
-
 jobs:
   backport:
     name: Backport Pull Request
@@ -23,21 +21,20 @@ jobs:
     steps:
       - name: Create GitHub App token
         uses: actions/create-github-app-token@v2
+        if: vars.CI_APP_ID
         id: app-token
         with:
           app-id: ${{ vars.CI_APP_ID }}
           private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
-
       - uses: actions/checkout@v4
         with:
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
           ref: ${{ github.event.pull_request.head.sha }}
-
       - name: Create backport PRs
         id: backport
         uses: korthout/backport-action@v3
         with:
           # See https://github.com/korthout/backport-action#inputs
-          github_token: ${{ steps.app-token.outputs.token }}
+          github_token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
           branch_name: backport/${target_branch}/${pull_number}
           copy_labels_pattern: .*
diff --git a/.github/workflows/update-flake.yml b/.github/workflows/update-flake.yml
index ef2075a69..cc7caee9e 100644
--- a/.github/workflows/update-flake.yml
+++ b/.github/workflows/update-flake.yml
@@ -14,14 +14,16 @@ jobs:
     steps:
       - name: Create GitHub App token
         uses: actions/create-github-app-token@v2
+        if: vars.CI_APP_ID
         id: app-token
         with:
           app-id: ${{ vars.CI_APP_ID }}
           private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
       - name: Get GitHub App user info
+        if: vars.CI_APP_ID
         id: user-info
         env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token}}
           slug: ${{ steps.app-token.outputs.app-slug }}
         run: |
           name="$slug[bot]"
@@ -35,16 +37,17 @@ jobs:
         uses: actions/checkout@v4
         with:
           ref: ${{ matrix.branch }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
       - name: Install Nix
         uses: cachix/install-nix-action@v31
       - name: Update flake.lock
         uses: DeterminateSystems/update-flake-lock@v25
         with:
-          token: ${{ steps.app-token.outputs.token }}
-          git-committer-name: ${{ steps.user-info.outputs.name }}
-          git-committer-email: ${{ steps.user-info.outputs.email }}
-          git-author-name: ${{ steps.user-info.outputs.name }}
-          git-author-email: ${{ steps.user-info.outputs.email }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
+          git-committer-name: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }}
+          git-committer-email: ${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}
+          git-author-name: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }}
+          git-author-email: ${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}
           pr-labels: dependencies
           pr-title: "[${{ matrix.branch }}] flake.lock: Update"
           pr-body: |
diff --git a/.github/workflows/update-maintainers.yml b/.github/workflows/update-maintainers.yml
index 91c89548f..7597de9df 100644
--- a/.github/workflows/update-maintainers.yml
+++ b/.github/workflows/update-maintainers.yml
@@ -17,12 +17,14 @@ jobs:
     steps:
       - name: Create GitHub App token
         uses: actions/create-github-app-token@v2
+        if: vars.CI_APP_ID
         id: app-token
         with:
           app-id: ${{ vars.CI_APP_ID }}
           private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
       - name: Get GitHub App user info
         id: user-info
+        if: vars.CI_APP_ID
         env:
           GH_TOKEN: ${{ steps.app-token.outputs.token }}
           slug: ${{ steps.app-token.outputs.app-slug }}
@@ -37,7 +39,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
       - name: Get Nixpkgs revision from flake.lock
         id: get-nixpkgs
         run: |
@@ -81,7 +83,7 @@ jobs:
       - name: Create Pull Request
         if: steps.check-changes.outputs.has_changes == 'true' || github.event.inputs.create_pr == 'true'
         env:
-          GH_TOKEN: ${{ steps.app-token.outputs.token }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token || secrets.GITHUB_TOKEN }}
           title: "maintainers: update all-maintainers.nix"
           commit_body: |
             Automated update of the master maintainers list combining: