chore(ci): Use correct token for openapi version autobump (#2296)

Pijukatel · claude · web-flow · commit db736cb4a11c · 2026-02-27T16:51:57.000+01:00
> [!NOTE] > **Low Risk** > Low risk CI-only change; it only affects how the workflow authenticates for checkout/commits and could fail if the secret is misconfigured. > > **Overview** > Updates the OpenAPI version bump GitHub Action to authenticate `actions/checkout` using `secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN` instead of relying on workflow `contents: write` permissions, ensuring the autobump can push commits with the intended token. > > <sup>Written by [Cursor Bugbot](https://cursor.com/dashboard?tab=bugbot) for commit d412156. Configure [here](https://cursor.com/dashboard?tab=bugbot).</sup>  --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/.github/workflows/bump-openapi-version.yaml b/.github/workflows/bump-openapi-version.yaml
@@ -11,11 +11,11 @@ jobs:
     bump-version:
         name: Bump OpenAPI version
         runs-on: ubuntu-latest
-        permissions:
-            contents: write
 
         steps:
             - uses: actions/checkout@v6
+              with:
+                  token: ${{ secrets.APIFY_SERVICE_ACCOUNT_GITHUB_TOKEN }}
 
             - name: Bump OpenAPI version
               run: echo "v2-$(date -u +%Y-%m-%dT%H%M%SZ)" > apify-api/openapi/components/version.yaml
