From 0986fb009cb0c94f4c3f428449b9a43d12447712 Mon Sep 17 00:00:00 2001
From: Ian Kretz <44385082+ikretz@users.noreply.github.com>
Date: Wed, 8 Oct 2025 18:18:23 +0200
Subject: [PATCH] Obtain GitHub token right before pull request

---
 .github/workflows/sync-malicious-packages.yaml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/sync-malicious-packages.yaml b/.github/workflows/sync-malicious-packages.yaml
index 220b57c6..2cc66d0a 100644
--- a/.github/workflows/sync-malicious-packages.yaml
+++ b/.github/workflows/sync-malicious-packages.yaml
@@ -19,12 +19,6 @@ jobs:
 
     steps:
 
-      - uses: DataDog/dd-octo-sts-action@08f2144903ced3254a3dafec2592563409ba2aa0 # v1.0.1
-        id: octo-sts
-        with:
-          scope: DataDog/malicious-software-packages-dataset  # target repository
-          policy: self.open_pr # trust policy in target repo
-
       - uses: actions/checkout@v4
 
       - uses: actions/setup-python@v5
@@ -53,6 +47,12 @@ jobs:
           done
           python scripts/update-count.py
 
+      - uses: DataDog/dd-octo-sts-action@08f2144903ced3254a3dafec2592563409ba2aa0 # v1.0.1
+        id: octo-sts
+        with:
+          scope: DataDog/malicious-software-packages-dataset  # target repository
+          policy: self.open_pr # trust policy in target repo
+
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with: