test

Signed-off-by: Simon Beaudoin <sbeaudoi@qti.qualcomm.com>

Author: simonbeaudoin0935

.github/workflows/qcom-promote-upstream-reusable-workflow.yml

@@ -38,6 +38,7 @@ on:
 permissions:
   contents: write
   packages: read
+  pull-requests: write
 
 env:
   NORMALIZED_VERSION: ""
@@ -87,7 +88,6 @@ jobs:
         uses: actions/checkout@v4
         with:
           path: ./package-repo
-          token: ${{secrets.GITHUB_TOKEN}}
           fetch-depth: 0
 
       - name: Authenticate with GitHub
@@ -180,8 +180,7 @@ jobs:
 
           # Override the global extraheader set by actions/checkout (GITHUB_TOKEN) which would otherwise
           # take precedence over the credentials embedded in the URL and prevent access to external repos.
-          # if ! git -c http.https://github.com/.extraheader="" fetch upstream-source "+refs/tags/*:refs/tags/*"; then
-          if ! git fetch upstream-source "+refs/tags/*:refs/tags/*"; then
+          if ! git -c http.https://github.com/.extraheader="" fetch upstream-source "+refs/tags/*:refs/tags/*"; then
             echo "❌ Failed to fetch tags from '${{inputs.upstream-repo}}'."
 
             if [ -n "${{secrets.UPSTREAM_REPO_READ_PAT}}" ]; then
@@ -202,7 +201,7 @@ jobs:
             exit 1
           fi
           
-      - name: Pre-populate the upstream/latest branch if first promotion
+      - name: Merge upstream tag into upstream/latest
         working-directory: ./package-repo
         run: |
 
@@ -214,7 +213,24 @@ jobs:
           else
             # The branch exists, check it out and promote it to the upstream tag
             git checkout upstream/latest
-            git merge --ff-only ${{inputs.upstream-tag}}
+            git merge ${{inputs.upstream-tag}}
+          fi
+
+      - name: Strip .github/workflows from upstream/latest
+        working-directory: ./package-repo
+        run: |
+          # Since Github does not allow pushing workflows using the GITHUB_TOKEN, remove .github/workflows if present.
+
+          git config user.name "${{vars.DEB_PKG_BOT_CI_NAME}}"
+          git config user.email "${{vars.DEB_PKG_BOT_CI_EMAIL}}"
+
+          git checkout upstream/latest
+
+          # Remove .github/workflows/ if present to avoid GITHUB_TOKEN push restrictions.
+          # The upstream source repo workflows are not relevant to the packaging repo.
+          if [ -d .github/workflows ]; then
+            git rm -rf .github/workflows
+            git commit -s -m "Remove .github/workflows from upstream source"
           fi
 
       - name: Merge upstream tag into packaging branch
@@ -263,6 +279,8 @@ jobs:
       - name: Open Promotion PR
         working-directory: ./package-repo
         run: |
+          gh auth login --with-token <<< "${{secrets.GITHUB_TOKEN}}"
+
           ../qcom-build-utils/scripts/create_promotion_pr.py \
             --base-branch "${{inputs.debian-branch}}" \
             --upstream-tag "${{inputs.upstream-tag}}" \