SonarSource · alex-meseldzija-sonarsource · Apr 30, 2026 · May 1, 2026 · May 1, 2026
diff --git a/.github/workflows/update-action-versions.yml b/.github/workflows/update-action-versions.yml
@@ -62,56 +62,39 @@ jobs:
             rm -f "$file.bak"
           done
 
-      - name: Check for changes
-        id: check-changes
-        run: |
-          if git diff --quiet; then
-            echo "changes_detected=false" >> $GITHUB_OUTPUT
-            echo "No changes detected"
-          else
-            echo "changes_detected=true" >> $GITHUB_OUTPUT
-            echo "Changes detected"
-            echo "Modified files:"
-            git diff --name-only
-          fi
-
       - name: Create Pull Request
-        if: steps.check-changes.outputs.changes_detected == 'true'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7
+        id: create-pr
+        uses: ./create-pull-request
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: |
             Update action versions to ${{ steps.get-ref.outputs.target_ref }}
-            
+
             Updated all SonarSource/release-github-actions references to use ${{ steps.get-ref.outputs.target_ref }}
           title: "Update action versions to ${{ steps.get-ref.outputs.target_ref }}"
           body: |
             ## Summary
-            
+
             This PR updates all `SonarSource/release-github-actions` references to use `${{ steps.get-ref.outputs.target_ref }}`.
-            
+
             ## Changes
-            
+
             - Updated action references in action.yml files
             - Used reference: `${{ steps.get-ref.outputs.target_ref }}`
-
-            ## Files Modified
-
-            ```
-            ${{ steps.check-changes.outputs.modified_files }}
-            ```
-
+
             ---
-            
+
             This PR was automatically created by the `update-action-versions` workflow.
           branch: update-action-versions-${{ steps.get-ref.outputs.target_ref }}
           delete-branch: true
 
       - name: Summary
+        env:
+          PR_OPERATION: ${{ steps.create-pr.outputs.pull-request-operation }}
+          TARGET_REF: ${{ steps.get-ref.outputs.target_ref }}
         run: |
-          if [ "${{ steps.check-changes.outputs.changes_detected }}" == "true" ]; then
-            echo "✅ Successfully created PR with updated action versions"
-            echo "Target reference: ${{ steps.get-ref.outputs.target_ref }}"
+          if [ "$PR_OPERATION" != "none" ]; then
+            echo "Successfully created PR with updated action versions"
+            echo "Target reference: $TARGET_REF"
           else
-            echo "ℹ️ No updates needed - all references are already up to date"
+            echo "No updates needed - all references are already up to date"
           fi
diff --git a/create-pull-request/action.yml b/create-pull-request/action.yml
@@ -247,11 +247,13 @@ runs:
         echo "Head SHA: ${HEAD_SHA}"
 
         # Configure remote URL with token for push
-        REPO_URL="https://x-access-token:${RESOLVED_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
+        CURRENT_REPO=$(GH_TOKEN="$RESOLVED_TOKEN" gh repo view --json nameWithOwner --jq '.nameWithOwner')
+        REPO_URL="https://x-access-token:${RESOLVED_TOKEN}@github.com/${CURRENT_REPO}.git"
         git remote set-url origin "$REPO_URL"
 
         # Push to remote (force is safe here: the branch is bot-owned and managed exclusively by this action)
         git push --force origin "$PR_BRANCH"
+        echo "repo=${CURRENT_REPO}" >> "$GITHUB_OUTPUT"
         echo "Pushed branch '${PR_BRANCH}' to origin."
 
     - name: Create or update pull request
@@ -260,6 +262,7 @@ runs:
       shell: bash
       env:
         GH_TOKEN: ${{ steps.resolve-token.outputs.token }}
+        CURRENT_REPO: ${{ steps.stage-commit-push.outputs.repo }}
         INPUT_TITLE: ${{ inputs.title }}
         INPUT_BODY: ${{ inputs.body }}
         INPUT_BODY_PATH: ${{ inputs.body-path }}
@@ -401,7 +404,7 @@ runs:
           # Handle maintainer-can-modify
           if [[ "$INPUT_MAINTAINER_CAN_MODIFY" == "false" ]]; then
             echo "Disabling maintainer edits on PR #${PR_NUMBER}..."
-            gh api --method PATCH "/repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}" \
+            gh api --method PATCH "/repos/${CURRENT_REPO}/pulls/${PR_NUMBER}" \
               -f maintainer_can_modify=false
           fi
         fi

diff --git a/sonar-update-center-release/action.yml b/sonar-update-center-release/action.yml
@@ -70,13 +70,11 @@ runs:
 
     - name: Create Pull Request
       id: create-pr
-      # TODO: Switch to our own create-pull-request when it supports other repos.
-      uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+      uses: SonarSource/release-github-actions/create-pull-request@v1
       with:
         author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
         commit-message: Update ${{ inputs.file }} with version ${{ inputs.version }}
         title: Update ${{ inputs.file }} with version ${{ inputs.version }}
         body: ""
         base: "master"
         branch: "bot/update-${{ inputs.file }}-${{ inputs.version }}-${{ github.run_id }}"
-        token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
diff --git a/update-analyzer/README.md b/update-analyzer/README.md
@@ -24,7 +24,7 @@ An example PR how to request a token with those permissions can be found [here](
 This action depends on:
 - [SonarSource/vault-action-wrapper@v3](https://github.com/SonarSource/vault-action-wrapper) for secure token retrieval
 - [actions/checkout@v4](https://github.com/actions/checkout) for repository checkout
-- [peter-evans/create-pull-request@v6](https://github.com/peter-evans/create-pull-request) for pull request creation
+- [SonarSource/release-github-actions/create-pull-request](../create-pull-request) for pull request creation
 
 ## Inputs
 

diff --git a/update-analyzer/action.yml b/update-analyzer/action.yml
@@ -111,14 +111,14 @@ runs:
 
     - name: Create Pull Request
       id: create_pr
-      uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
+      uses: SonarSource/release-github-actions/create-pull-request@v1
       with:
+        token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
         author: ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
         commit-message: '${{ steps.setup_env.outputs.commit-prefix }} Update `${{ inputs.plugin-name }}` plugins to version ${{ inputs.release-version }}'
         title: '${{ steps.setup_env.outputs.commit-prefix }} Update `${{ inputs.plugin-name }}` to version ${{ inputs.release-version }}'
         body: ${{ inputs.pull-request-body }}
         base: ${{ inputs.base-branch }}
         branch: '${{ inputs.plugin-name }}/update-analyzer-${{ inputs.release-version }}'
-        token: ${{ fromJSON(steps.secrets.outputs.vault).GITHUB_TOKEN }}
         draft: ${{ inputs.draft }}
         reviewers: ${{ inputs.reviewers }}
diff --git a/update-rule-metadata/README.md b/update-rule-metadata/README.md
@@ -17,7 +17,7 @@ This action depends on:
 - [SonarSource/vault-action-wrapper](https://github.com/SonarSource/vault-action-wrapper) for retrieving Artifactory credentials and GitHub token
 - Java 17 runtime for executing the rule-api JAR
 - Git for detecting changes and creating pull requests
-- [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) for automated PR creation
+- [SonarSource/release-github-actions/create-pull-request](../create-pull-request) for automated PR creation
 
 ## Inputs