Skip to content

ci: use RELEASE_PAT to bypass branch protection for semantic-release#148

Open
infloent wants to merge 1 commit into
Netcentric:mainfrom
infloent:ci/temp-release-pat-fix
Open

ci: use RELEASE_PAT to bypass branch protection for semantic-release#148
infloent wants to merge 1 commit into
Netcentric:mainfrom
infloent:ci/temp-release-pat-fix

Conversation

@infloent

@infloent infloent commented Jun 9, 2026

Copy link
Copy Markdown

Description

Temp fix: use RELEASE_PAT to unblock semantic-release on main

Closes #147, ref #146.

The default GITHUB_TOKEN cannot bypass branch protection, causing the release workflow to fail with GH006 on every push to main. This swaps in RELEASE_PAT (a fine-grained PAT scoped to this repo, Contents: Read and write) as a temporary fix while the org GitHub App is provisioned.

Changes:

  • release.yml - GITHUB_TOKEN -> RELEASE_PAT
  • manual-release.yml - GITHUB_TOKEN -> RELEASE_PAT

Verified via manual-release.yml dry-run on this branch - no GH006 error.

This is temporary. Remove RELEASE_PAT and revert these changes once the GitHub App solution from #146 is in place.

Related Issue

#147

Fixes #

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • I have read the CONTRIBUTING document.
  • All new and existing tests passed.

@infloent infloent self-assigned this Jun 9, 2026
infloent
infloent commented Jun 9, 2026
View reviewed changes
Comment thread .github/workflows/manual-release.yml
# ENV and Config
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.RELEASE_PAT }}

@infloent infloent Jun 9, 2026
edited
Loading

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • RELEASE_PAT created but access approval pending

@infloent infloent requested review from Hugoer and easingthemes June 9, 2026 19:35
@easingthemes

easingthemes commented Jun 9, 2026

Copy link
Copy Markdown
Member

New token can be from service account, then we can keep this as permanent solution.
The fastest approach is to change direct commit in workflow to opening PR.

@infloent

infloent commented Jun 10, 2026

Copy link
Copy Markdown
Author

New token can be from service account, then we can keep this as permanent solution. The fastest approach is to change direct commit in workflow to opening PR.

@easingthemes me and Hugo don't have access to create a token from a service account, that's why we open this issue #147 for the temp solution while there is #146 issue for the permanent solution.
Changing from direct commit to PR to opening PR seems be more complex and requiring more validation than just replacing the token.

The goal for the temp solution is to unblock the release fast (without coordinating with multiple persons for access ) in order to:

  1. first release this fix(tasks): update styles watcher to support chokidar v4

  2. test this feat: add extra dist folders control and generate clientlibs for SplitChunks with the above fix

  3. release feat: add extra dist folders control and generate clientlibs for SplitChunks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Hugoer Hugoer Awaiting requested review from Hugoer

@easingthemes easingthemes Awaiting requested review from easingthemes

Assignees

@infloent infloent

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Temp Fix] Unblock releases via developer PAT while GitHub App is provisioned

2 participants

@infloent @easingthemes