fix token - again

.github/workflows/check_new_releases.yml

@@ -33,6 +33,33 @@ jobs:
     steps:
       - name: Checkout the repository
         uses: actions/[email protected]
+        with:
+          persist-credentials: false  # We will use a PAT instead
+
+      - name: Debug PAT
+        run: |
+          echo "SCORE_BOT_PAT is set: [${{ secrets.SCORE_BOT_PAT != '' }}]"
+          echo "GITHUB_TOKEN is set: [${{ secrets.GITHUB_TOKEN != '' }}]"
+        env:
+          SCORE_BOT_PAT: ${{ secrets.SCORE_BOT_PAT }}
+
+      - name: "Debug PAT: /user"
+        run: |
+          curl -s -H "Authorization: token $SCORE_BOT_PAT" https://api.github.com/user
+        env:
+          SCORE_BOT_PAT: ${{ secrets.SCORE_BOT_PAT }}
+
+      - name: "Debug PAT: /repos/eclipse-score/bazel_registry"
+        run: |
+          curl -s -H "Authorization: token $SCORE_BOT_PAT" https://api.github.com/repos/eclipse-score/bazel_registry
+        env:
+          SCORE_BOT_PAT: ${{ secrets.SCORE_BOT_PAT }}
+
+      - name: "Debug PAT: /user/repos"
+        run: |
+          curl -s -H "Authorization: token $SCORE_BOT_PAT" https://api.github.com/user/repos?per_page=100
+        env:
+          SCORE_BOT_PAT: ${{ secrets.SCORE_BOT_PAT }}
 
       - name: Run version checker script
         id: check_versions
@@ -42,19 +69,40 @@ jobs:
           pip install -r tools/requirements.txt
           python scripts/check_and_update_modules.py
 
-      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v7
-        with:
-          title: Update modules
-          author: eclipse-score-bot <[email protected]>
-          committer: eclipse-score-bot <[email protected]>
-          body: |
-            This PR updates the modules to their latest versions.
-            Please review and merge if everything looks good.
-          commit-message: Update modules
-          branch: bot/modules-update
+
+      - name: Configure git author
+        run: |
+          git config user.name "eclipse-score-bot"
+          git config user.email "[email protected]"
+
+      - name: Commit changes
+        run: |
+          git add -A
+          git commit -m "chore: modules update"
+        id: commit
+
+      - name: Create branch, push, and open PR
+        run: |
+          set -euox pipefail
+          git switch -C "$BRANCH"
+
+          # Force origin to use the PAT
+          git remote set-url origin "https://x-access-token:${GH_TOKEN}@github.com/${{ github.repository }}.git"
+
+          # Push the branch (create or update)
+          git push -u origin "$BRANCH"
+
+          gh pr create \
+          --repo "${{ github.repository }}" \
+          --base "$PR_BASE" \
+          --head "$BRANCH" \
+          --title "$PR_TITLE" \
+          --body  "$PR_BODY"
+
         env:
-          # Use token with write access.
-          # Using a different token than GITHUB_TOKEN is also required,
-          # in order to trigger subsequent PR-workflows.
-          GITHUB_TOKEN: ${{ secrets.SCORE_BOT_PAT }}
+          GH_TOKEN: ${{ secrets.SCORE_BOT_PAT }}   # PAT belongs to eclipse-score-bot
+          BRANCH: bot/modules-update
+          PR_BASE: main
+          PR_TITLE: "chore: modules update"
+          PR_BODY: "Automated update via gh CLI (from fork)."
+