From 576941d3808329659b0c493d738c59953b6053db Mon Sep 17 00:00:00 2001 From: Coleen Iona Quadros Date: Thu, 2 Jul 2026 14:42:08 +0200 Subject: [PATCH] fix: add persist-credentials: false to checkout to prevent duplicate Authorization headers The create-pull-request action sets its own git credential for pushing to the fork repo. With actions/checkout@v7 persisting its GITHUB_TOKEN credential via includeIf.gitdir, both resolve when contacting github.com, causing a "Duplicate header: Authorization" HTTP 400 error. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/merge-acm-flow.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/merge-acm-flow.yaml b/.github/workflows/merge-acm-flow.yaml index 746f9e7..e755139 100644 --- a/.github/workflows/merge-acm-flow.yaml +++ b/.github/workflows/merge-acm-flow.yaml @@ -133,6 +133,7 @@ jobs: repository: ${{ inputs.downstream }} fetch-depth: 0 ref: ${{ inputs.downstream-branch }} + persist-credentials: false - name: Fetch upstream tag run: | git config user.name 'github-actions[bot]'