BUG: dataset-update workflow failing

[sabinevidal]

Workflow failing here due to permission issue while using @nathanfletcher's GitHub details. He has bypassed his account for the review approvals

remote: error: GH006: Protected branch update failed for refs/heads/main.        
remote: error: At least 1 approving review is required by reviewers with write access. 

[sabinevidal]

@nathanfletcher Seems to be the GITHUB_TOKEN which is blocking the permissions (a safety fallback which makes sense) https://github.community/t/how-to-push-to-protected-branches-in-a-github-action/16101 However, if we create a PAT for you with the correct permissions, then we'll have an endless workflow (see this comment and the replies) with the other workflows being triggered on 'push' (edit: wait, it will just rebuild the one time after this commit. Which I suppose could be necessary - so this could be the best option) Fix would be to exclude the other workflows from being triggered on any push to the ./modeling/dataset/training_data.json path (docs on this). @lacabra is this sustainable?

[sabinevidal]

An interesting write up on the possible vulnerability of bypassing PRs with Github Actions. Seems GitHub has implemented a fix though. https://medium.com/cider-sec/bypassing-required-reviews-using-github-actions-6e1b29135cc7

[sabinevidal]

@nathanfletcher: as discussed, we just need a PAT for your account with the permissions required for the commit to a protected branch. Save it as PAT_TOKEN in secrets

[amreenp7]

NF to double check if 134 is completed.