From 087eb6c91f242afbe1a0067938f8942811ad398a Mon Sep 17 00:00:00 2001
From: "Nicholas C. Zakas" <nicholas@humanwhocodes.com>
Date: Tue, 18 Nov 2025 10:40:54 -0500
Subject: [PATCH 1/2] build: Ensure auto-created PRs run CI

---
 .github/workflows/update-baseline.yml | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update-baseline.yml b/.github/workflows/update-baseline.yml
index 48b5b48b..8ea13ba7 100644
--- a/.github/workflows/update-baseline.yml
+++ b/.github/workflows/update-baseline.yml
@@ -6,15 +6,21 @@ on:
 
 jobs:
     update-baseline:
-        permissions:
-            contents: write
-            pull-requests: write
-
         env:
             GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
         runs-on: ubuntu-latest
         steps:
+            # We are using our GitHub Bot App to create the PR.
+            # This ensures that other workflows triggered by
+            # PR creation will run as expected.
+            # The GitHub Bot App is configured in the organization settings.
+            - uses: actions/create-github-app-token@v2
+              id: generate-token
+              with:
+                  app-id: ${{ vars.BOT_APP_ID }}
+                  private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
+
             - uses: actions/checkout@v5
             - name: Setup Node.js
               uses: actions/setup-node@v6
@@ -33,6 +39,7 @@ jobs:
             - name: Create Pull Request
               uses: peter-evans/create-pull-request@v7
               with:
+                  token: ${{ steps.generate-token.outputs.token }}
                   commit-message: "fix: update baseline data"
                   title: "fix: update baseline data"
                   branch: update-baseline-data

From a7e1194ccc89122cf8339d43eb2299880190e5db Mon Sep 17 00:00:00 2001
From: "Nicholas C. Zakas" <nicholas@humanwhocodes.com>
Date: Wed, 19 Nov 2025 10:29:11 -0500
Subject: [PATCH 2/2] Use workflow_push_bot_token

---
 .github/workflows/update-baseline.yml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/.github/workflows/update-baseline.yml b/.github/workflows/update-baseline.yml
index 8ea13ba7..f4ac95f8 100644
--- a/.github/workflows/update-baseline.yml
+++ b/.github/workflows/update-baseline.yml
@@ -6,21 +6,8 @@ on:
 
 jobs:
     update-baseline:
-        env:
-            GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
         runs-on: ubuntu-latest
         steps:
-            # We are using our GitHub Bot App to create the PR.
-            # This ensures that other workflows triggered by
-            # PR creation will run as expected.
-            # The GitHub Bot App is configured in the organization settings.
-            - uses: actions/create-github-app-token@v2
-              id: generate-token
-              with:
-                  app-id: ${{ vars.BOT_APP_ID }}
-                  private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
-
             - uses: actions/checkout@v5
             - name: Setup Node.js
               uses: actions/setup-node@v6
@@ -39,7 +26,7 @@ jobs:
             - name: Create Pull Request
               uses: peter-evans/create-pull-request@v7
               with:
-                  token: ${{ steps.generate-token.outputs.token }}
+                  token: ${{ secrets.WORKFLOW_PUSH_BOT_TOKEN }}
                   commit-message: "fix: update baseline data"
                   title: "fix: update baseline data"
                   branch: update-baseline-data