Skip to content

ci: push release commit/tag under admin PAT (bypass protected main)#71

Merged
mrviduus merged 1 commit into
mainfrom
ci/release-use-pat
Jun 18, 2026
Merged

ci: push release commit/tag under admin PAT (bypass protected main)#71
mrviduus merged 1 commit into
mainfrom
ci/release-use-pat

Conversation

@mrviduus

@mrviduus mrviduus commented Jun 18, 2026

Copy link
Copy Markdown
Owner

Зачем

Ручной запуск release (#70) упал: шаг бампа делает git push origin HEAD:main, а main защищён (require PR + required check build). Дефолтный GITHUB_TOKEN — не админ → GH006: protected branch hook declined.

Фикс

checkout теперь использует secrets.RELEASE_PAT (PAT админа) с fallback на GITHUB_TOKEN. Так как в защите main enforce_admins=false, push под админским PAT обходит защиту. Tag-push прогоны в main не пушат, поэтому им PAT не нужен — fallback.

⚠️ Требует один секрет (ручное действие)

Создать fine-grained PAT: Settings → Developer settings → Personal access tokens → Fine-grained → Repository access: linkmate, Permissions: Contents: Read and write → добавить в repo как secret RELEASE_PAT. Без него ручной запуск снова упадёт; обычный tag-push продолжит работать.

🤖 Generated with Claude Code

@mrviduus @claude
ci: push release commit/tag under admin PAT to bypass protected main
57d0900 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@mrviduus mrviduus merged commit 470b0d6 into main Jun 18, 2026
3 checks passed
@mrviduus mrviduus deleted the ci/release-use-pat branch June 18, 2026 14:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrviduus