From 8f1202311a80ee98c8d0aa15519f43ca9793e6d9 Mon Sep 17 00:00:00 2001
From: bntvllnt <32437578+bntvllnt@users.noreply.github.com>
Date: Mon, 27 Apr 2026 22:46:21 +0200
Subject: [PATCH] =?UTF-8?q?fix(ci):=20drop=20RELEASE=5FPAT=20=E2=80=94=20u?=
 =?UTF-8?q?se=20default=20GITHUB=5FTOKEN=20for=20release=20push?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The release job's checkout was passing `token: ${{ secrets.RELEASE_PAT }}`,
but no such secret exists in this repo. With the input resolving to an empty
string, git auth setup wrote `AUTHORIZATION: basic ` (empty value), then the
fetch step prompted for a username and aborted with `terminal prompts disabled`.

Drop the explicit token. The job already declares `permissions: contents: write`
+ `id-token: write`, so the default `GITHUB_TOKEN` is sufficient for the
chore(release) commit + tag push and OIDC continues to handle npm publish.
---
 .github/workflows/publish.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 7e65ddf..1affe91 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -100,7 +100,6 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          token: ${{ secrets.RELEASE_PAT }}
 
       - uses: pnpm/action-setup@v4
         with: