From 0812191dfb469874c926baefb0f0667e8f1662ab Mon Sep 17 00:00:00 2001
From: Nate Smith <nate.smith@beesroadhouse.com>
Date: Fri, 22 May 2026 17:45:06 -0400
Subject: [PATCH] fix: open PR instead of pushing direct to satisfy
 default-branch protection

The org-level Default Branch Protection ruleset (created 2026-04-29) requires
all changes to the default branch to land via PR. The previous
`stefanzweifel/git-auto-commit-action@v5` step tried to push the regenerated
SBOM/STRUCTURE files directly to `development`, got rejected with GH006, and
left the Generate Repo Artifacts workflow red on every run since 2026-04-26.

Switch to `peter-evans/create-pull-request@v6`. The workflow now opens a PR
titled "chore: regenerate SBOM and STRUCTURE" against the triggering branch.
Auto-merge has been enabled on the repo; org admins can approve+merge the PR
in one click via the existing OrganizationAdmin bypass entry.

Adds `pull-requests: write` to the workflow's permissions.

Closes #14.
---
 .github/workflows/generate-artifacts.yml | 29 +++++++++++++++++++-----
 1 file changed, 23 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/generate-artifacts.yml b/.github/workflows/generate-artifacts.yml
index 8a38c86..c602d97 100644
--- a/.github/workflows/generate-artifacts.yml
+++ b/.github/workflows/generate-artifacts.yml
@@ -15,6 +15,7 @@ on:
 
 permissions:
   contents: write
+  pull-requests: write
 
 concurrency:
   group: artifacts-${{ github.ref }}
@@ -80,10 +81,26 @@ jobs:
           } > SBOM.md
           rm metadata.json
 
-      - name: Commit artifacts if changed
-        uses: stefanzweifel/git-auto-commit-action@v5
+      # Open a PR instead of pushing directly. The org-level Default Branch
+      # Protection ruleset requires PRs to the default branch, so the previous
+      # git-auto-commit-action push was rejected (GH006). Tracked in issue #14.
+      - name: Open PR with regenerated artifacts
+        uses: peter-evans/create-pull-request@v6
         with:
-          commit_message: "chore: regenerate SBOM and STRUCTURE [skip ci]"
-          file_pattern: "SBOM.md STRUCTURE.md"
-          commit_user_name: "github-actions[bot]"
-          commit_user_email: "41898282+github-actions[bot]@users.noreply.github.com"
+          branch: chore/regenerate-artifacts
+          base: ${{ github.ref_name }}
+          delete-branch: true
+          add-paths: |
+            SBOM.md
+            STRUCTURE.md
+          commit-message: "chore: regenerate SBOM and STRUCTURE"
+          committer: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"
+          author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"
+          title: "chore: regenerate SBOM and STRUCTURE"
+          body: |
+            Auto-generated regeneration of `SBOM.md` and `STRUCTURE.md` from commit ${{ github.sha }}.
+
+            Triggered by: `${{ github.event_name }}` on `${{ github.ref_name }}`.
+          labels: |
+            type:enhancement
+            category:improvement