From c54bf6f94b5231419fe8a7ff3b2518a2a7e7447e Mon Sep 17 00:00:00 2001
From: Samreet Singh <samreet.singh@iteratec.com>
Date: Thu, 19 Dec 2024 11:54:53 +0100
Subject: [PATCH 1/2] Leave dependabot pr in triage column to avoid failed run
 Since the dependabot has no access to the secrets, the step will be skipped
 to avoid failed runs.

Signed-off-by: Samreet Singh <samreet.singh@iteratec.com>
---
 .github/workflows/move-bot-pr-to-review.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml
index 6a90ecc988..4d565abcb2 100644
--- a/.github/workflows/move-bot-pr-to-review.yaml
+++ b/.github/workflows/move-bot-pr-to-review.yaml
@@ -37,6 +37,8 @@ jobs:
           PR_ID: ${{ github.event.pull_request.node_id }}
 
       - name: Move PR to column To Review
+        # only move SCB-Bot, since dependabot is not part of core team and therefore has no access to secrets
+        if: startsWith(github.head_ref, 'dependencies/upgrading')
         run: |
           # Get the ID for the field Status 
           # gh project field-list 6 --owner secureCodeBox

From f5b02178dc949d8fab7d5002ea016c4c395bee37 Mon Sep 17 00:00:00 2001
From: Samreet Singh <samreet.singh@iteratec.com>
Date: Thu, 19 Dec 2024 12:38:09 +0100
Subject: [PATCH 2/2] Replace SCB-token with github token since additional
 permission are not needed in this part

Signed-off-by: Samreet Singh <samreet.singh@iteratec.com>
---
 .github/workflows/move-bot-pr-to-review.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml
index 4d565abcb2..8fbd3b26a4 100644
--- a/.github/workflows/move-bot-pr-to-review.yaml
+++ b/.github/workflows/move-bot-pr-to-review.yaml
@@ -14,6 +14,10 @@ jobs:
     runs-on: ubuntu-22.04
     # only run if the branch starts with 'dependabot/' or 'dependencies/upgrading' 
     if: startsWith(github.head_ref, 'dependabot/') || startsWith(github.head_ref, 'dependencies/upgrading')
+    permissions:
+      pull-requests: write
+      repository-projects: write
+    
     steps:
       - uses: actions/checkout@v4
 
@@ -33,7 +37,7 @@ jobs:
               }
             }" | jq -r '.data.addProjectV2ItemById.item.id') >> $GITHUB_ENV
         env: 
-          GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} 
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
           PR_ID: ${{ github.event.pull_request.node_id }}
 
       - name: Move PR to column To Review