From a4031b3ec271a2404a3f3a30b7e32660b5a42ae0 Mon Sep 17 00:00:00 2001
From: HiranoMasaaki <lambda.groove@gmail.com>
Date: Sun, 15 Feb 2026 12:35:33 +0000
Subject: [PATCH 1/2] fix: use PAT exclusively in release workflow without
 fallback

Remove GITHUB_TOKEN fallback so missing/expired PAT fails loudly
instead of silently falling back to GITHUB_TOKEN (which doesn't
trigger downstream workflows).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/release.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 00d40b62..b319b32f 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -49,9 +49,7 @@ jobs:
           title: 'chore: version packages'
           commit: 'chore: version packages'
         env:
-          # Use PAT to trigger CI workflow on the created PR
-          # GITHUB_TOKEN doesn't trigger other workflows (GitHub security feature)
-          GITHUB_TOKEN: ${{ secrets.PAT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.PAT_GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
@@ -59,5 +57,4 @@ jobs:
         if: steps.changesets.outputs.pullRequestNumber
         run: gh pr merge ${{ steps.changesets.outputs.pullRequestNumber }} --auto --squash
         env:
-          # Use PAT so the merge triggers the Release workflow
-          GH_TOKEN: ${{ secrets.PAT_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.PAT_GITHUB_TOKEN }}

From 076560017c1833afcaa23f427a1369c1055a1f03 Mon Sep 17 00:00:00 2001
From: HiranoMasaaki <lambda.groove@gmail.com>
Date: Sun, 15 Feb 2026 12:38:34 +0000
Subject: [PATCH 2/2] fix: pass PAT to checkout so changeset push triggers CI

changesets/action uses the checkout token for git push. Without this,
the push actor remains github-actions[bot] and GitHub suppresses
workflow triggers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/release.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b319b32f..9f8c3f31 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,6 +24,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v6
+        with:
+          token: ${{ secrets.PAT_GITHUB_TOKEN }}
 
       - name: Setup pnpm
         uses: pnpm/action-setup@v4