ci: Ensure dependabot checkout does not have dupe credentials (#942)

chtruong814 · web-flow · commit 842700f9c8aa · 2026-04-27T09:02:44.000-05:00
ci: Ensure dependabot checkout does not have dupe credentials Potentially some behavior changed with this PR: #881 We need to pass `persist-credentials: false` to the checkout step to not persist credentials for when the PR step happens and also adds credentials to the header. Was able to manually run job on this branch: #941 https://github.com/NVIDIA-NeMo/Evaluator/actions/runs/24998599211 Signed-off-by: Charlie Truong <chtruong@nvidia.com>
diff --git a/.github/workflows/_update_dependencies.yml b/.github/workflows/_update_dependencies.yml
@@ -93,6 +93,7 @@ jobs:
         with:
           token: ${{ secrets.PAT }}
           ref: ${{ env.TARGET_BRANCH }}
+          persist-credentials: false
 
       - name: Install GPG
         run: sudo apt-get install -y gnupg2
