build: fail for out of date patches on forks (#46126)

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: Shelley Vohr <shelley.vohr@gmail.com>

.github/actions/checkout/action.yml

@@ -99,7 +99,7 @@ runs:
       fi
 
       ELECTRON_USE_THREE_WAY_MERGE_FOR_PATCHES=1 e d gclient sync --with_branch_heads --with_tags -vv
-      if [[ "${{ inputs.is-release }}" != "true" && -n "${{ env.PATCH_UP_APP_CREDS }}" ]]; then
+      if [[ "${{ inputs.is-release }}" != "true" ]]; then
         # Re-export all the patches to check if there were changes.
         python3 src/electron/script/export_all_patches.py src/electron/patches/config.json
         cd src/electron

script/push-patch.js

@@ -2,23 +2,31 @@ const { appCredentialsFromString, getTokenForRepo } = require('@electron/github-
 
 const cp = require('node:child_process');
 
+const { PATCH_UP_APP_CREDS } = process.env;
+
 async function main () {
+  if (!PATCH_UP_APP_CREDS) {
+    throw new Error('PATCH_UP_APP_CREDS environment variable not set');
+  }
+
   const token = await getTokenForRepo(
     {
       name: 'electron',
       owner: 'electron'
     },
-    appCredentialsFromString(process.env.PATCH_UP_APP_CREDS)
+    appCredentialsFromString(PATCH_UP_APP_CREDS)
   );
+
   const remoteURL = `https://x-access-token:${token}@github.com/electron/electron.git`;
+
   // NEVER LOG THE OUTPUT OF THIS COMMAND
   // GIT LEAKS THE ACCESS CREDENTIALS IN CONSOLE LOGS
   const { status } = cp.spawnSync('git', ['push', '--set-upstream', remoteURL], {
     stdio: 'ignore'
   });
+
   if (status !== 0) {
-    console.error('Failed to push to target branch');
-    process.exit(1);
+    throw new Error('Failed to push to target branch');
   }
 }