From 85c40cabd603aa7463293fbaddff500026c92cc5 Mon Sep 17 00:00:00 2001
From: StableLlama <stablellama@tutanota.com>
Date: Sun, 22 Feb 2026 22:27:47 +0100
Subject: [PATCH] ci: create-release use PAT (RELEASE_TOKEN) so release
 triggers other workflows; add guard

---
 .github/workflows/create-release.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/create-release.yml b/.github/workflows/create-release.yml
index 4645084d..41eda173 100644
--- a/.github/workflows/create-release.yml
+++ b/.github/workflows/create-release.yml
@@ -30,6 +30,14 @@ jobs:
             exit 1;
           fi
 
+      - name: Ensure RELEASE_TOKEN secret is provided
+        run: |
+          if [ -z "${{ secrets.RELEASE_TOKEN }}" ]; then
+            echo "Secret RELEASE_TOKEN is not set. This workflow requires a personal access token (repo scope) in the repo secrets named RELEASE_TOKEN.";
+            echo "Create a PAT with 'repo' scope and add it at Settings → Secrets → Actions → New repository secret.";
+            exit 1;
+          fi
+
       - name: Create GitHub Release (action)
         uses: ncipollo/release-action@v1
         with:
@@ -39,4 +47,4 @@ jobs:
           draft: false
           prerelease: false
           commit: main
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ secrets.RELEASE_TOKEN }}