Use PAT to trigger CI workflows in VRT update workflow (#6363)

.github/workflows/vrt-update-apply.yml

@@ -59,6 +59,7 @@ jobs:
           repository: ${{ steps.metadata.outputs.head_repo }}
           ref: ${{ steps.metadata.outputs.head_ref }}
           token: ${{ secrets.ACTIONS_UPDATE_TOKEN }}
+          persist-credentials: false
           fetch-depth: 0
 
       - name: Validate and apply patch
@@ -123,9 +124,10 @@ jobs:
           HEAD_REPO: ${{ steps.metadata.outputs.head_repo }}
           GITHUB_TOKEN: ${{ secrets.ACTIONS_UPDATE_TOKEN }}
         run: |
-          # Configure git to use the token via credential helper (avoids token in URLs/logs)
-          git config --local credential.helper '!f() { echo "username=x-access-token"; echo "password=${GITHUB_TOKEN}"; }; f'
-          git remote set-url origin "https://github.com/${HEAD_REPO}.git"
+          # Use PAT in URL to ensure push triggers CI workflows
+          # Note: GitHub Actions automatically masks secrets in logs
+          git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@github.com/${HEAD_REPO}.git"
+
           git push origin "HEAD:refs/heads/$HEAD_REF"
           echo "Successfully pushed VRT updates to $HEAD_REPO@$HEAD_REF"
 

upcoming-release-notes/6363.md

@@ -0,0 +1,6 @@
+---
+category: Maintenance
+authors: [MatissJanis]
+---
+
+Another approach at triggering ci jobs after update-vrt workflow