From a8eff4cb42610f04456226b45557e903bd1f186e Mon Sep 17 00:00:00 2001
From: Dinesh Yadav <13635627+HumbleBee14@users.noreply.github.com>
Date: Sun, 19 Apr 2026 15:16:34 -0400
Subject: [PATCH] fix: use PAT for release workflow to push through branch
 protection

GITHUB_TOKEN cannot bypass required PR rules. Uses RELEASE_PAT
(admin-scoped fine-grained PAT) so the bot can commit version bumps
and tags directly to main via the ruleset admin bypass.
---
 .github/workflows/release.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c95381d..0e59f11 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,7 +31,10 @@ jobs:
       - uses: actions/checkout@v6
         with:
           fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+          # Use a PAT (not GITHUB_TOKEN) so the workflow can push the
+          # version-bump commit and tag through branch protection.
+          # The PAT belongs to an admin who is in the ruleset bypass list.
+          token: ${{ secrets.RELEASE_PAT }}
 
       - name: Set up JDK 17
         uses: actions/setup-java@v5