From 5b5a20ed54bf830e3a0880269cf6da9d5ab36603 Mon Sep 17 00:00:00 2001
From: Stephen Edwards <sedwards@squareup.com>
Date: Thu, 19 Jun 2025 13:37:36 -0400
Subject: [PATCH] Persist checkout credentials for push

---
 .github/actions/gradle-task-with-commit/action.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/actions/gradle-task-with-commit/action.yml b/.github/actions/gradle-task-with-commit/action.yml
index e4763e53cf..d1ddc76a29 100644
--- a/.github/actions/gradle-task-with-commit/action.yml
+++ b/.github/actions/gradle-task-with-commit/action.yml
@@ -33,7 +33,9 @@ runs:
       id: can-push
       shell: bash
       run: |
-        if [[ "${{ env.GITHUB_REF_PROTECTED }}" == 'true' ]]; then
+        if [[ "${{ inputs.access-token }}" == '' ]]; then
+          echo "can_push=false" >> $GITHUB_OUTPUT
+        elif [[ "${{ env.GITHUB_REF_PROTECTED }}" == 'true' ]]; then
           echo "can_push=false" >> $GITHUB_OUTPUT
         elif [[ "${{ github.event.pull_request.head.repo.full_name }}" != "${{ github.repository }}" ]]; then
           echo "can_push=false" >> $GITHUB_OUTPUT
@@ -46,10 +48,9 @@ runs:
       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
       if: steps.can-push.outputs.can_push == 'true'
       with:
+        token: ${{ inputs.access-token }}
         ref: ${{ github.head_ref }}
         fetch-depth: 0
-        token: ${{ inputs.access-token }}
-        persist-credentials: false
 
     - name: Run ${{ inputs.fix-task }}
       if: steps.can-push.outputs.can_push == 'true'