ci: fix token auth for pip-compile workflow

Author: gotmax23

.github/workflows/reusable-pip-compile.yml

@@ -76,17 +76,6 @@ jobs:
             echo "branch-exists=false" >> "${GITHUB_OUTPUT}"
             git switch -c "${pr_branch}"
           fi
-      - name: Generate temp GITHUB_TOKEN
-        id: create_token
-        uses: actions/create-github-app-token@v2
-        with:
-          app-id: ${{ secrets.BOT_APP_ID }}
-          private-key: ${{ secrets.BOT_APP_KEY }}
-      # We could rely on the checkout action to persist the token in the
-      # repository config, but this way, we can prevent the previous steps
-      # from having unnecessary access.
-      - name: "Set up token authentication"
-        run: gh auth setup-git --hostname github.com
       - name: "Run nox ${{ inputs.nox-args }}"
         env:
           # Ensure the latest pip version is used
@@ -97,6 +86,17 @@ jobs:
         # zizmor: ignore[template-injection]
         run: |
           nox ${{ inputs.nox-args }}
+      - name: Generate temp GITHUB_TOKEN
+        id: create_token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.BOT_APP_ID }}
+          private-key: ${{ secrets.BOT_APP_KEY }}
+      # We could rely on the checkout action to persist the token in the
+      # repository config, but this way, we can prevent the previous steps
+      # from having unnecessary access.
+      - name: "Set up token authentication"
+        run: gh auth setup-git --force --hostname github.com
       - name: Push new dependency versions and create a PR
         env:
           GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}