Skip to content

Fix: bypass branch protection in publish workflow#15

Merged
utkarsh232005 merged 1 commit into
KDM-cli:mainfrom
utkarsh232005:fix/publish-workflow-bypass
May 14, 2026
Merged

Fix: bypass branch protection in publish workflow#15
utkarsh232005 merged 1 commit into
KDM-cli:mainfrom
utkarsh232005:fix/publish-workflow-bypass

Conversation

@utkarsh232005
Copy link
Copy Markdown
Member

@utkarsh232005 utkarsh232005 commented May 14, 2026
edited by coderabbitai Bot
Loading

This PR updates the publish workflow to use the GH_PAT secret for the checkout step. This allows the workflow to authenticate with sufficient permissions to push tags and version bumps directly to the protected main branch, provided the GH_PAT owner has 'Admin' bypass permissions in the repository ruleset.

Summary by CodeRabbit

  • Chores
    • Updated CI/CD pipeline authentication configuration to improve build and release process reliability.

Review Change Stack

Copilot AI review requested due to automatic review settings May 14, 2026 08:17
@utkarsh232005 utkarsh232005 merged commit 91f4a22 into KDM-cli:main May 14, 2026
3 of 4 checks passed
Copilot AI reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the manual publish workflow to authenticate actions/checkout with a repository secret (GH_PAT) so the job can push version bumps and tags to a protected main branch (assuming the PAT owner can bypass repository rules).

Changes:

  • Configure actions/checkout@v4 to use ${{ secrets.GH_PAT }} as the checkout token.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/publish.yml
Comment on lines 23 to +26
- name: Checkout code
uses: actions/checkout@v4
with:
token: ${{ secrets.GH_PAT }}
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 14, 2026
edited
Loading

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 1087255c-01b0-481f-b11e-5503eb8a4b8f

📥 Commits

Reviewing files that changed from the base of the PR and between 810d2d0 and b37c018.

📒 Files selected for processing (1)
  • .github/workflows/publish.yml
📝 Walkthrough

Walkthrough

The publish workflow now authenticates the checkout step using a GitHub personal access token (GH_PAT) instead of relying on default checkout permissions. This enables authenticated repository access for downstream build, version bump, publish, and release operations.

Changes

Publish Workflow Authentication

Layer / File(s) Summary
Checkout authentication configuration
.github/workflows/publish.yml		 The actions/checkout@v4 step is configured with a token parameter set to ${{ secrets.GH_PAT }}, providing authenticated access for the publish workflow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 A token slips into the checkout flow,

Granting passage where credentials go,
Simple auth, a secret shared,
The publish workflow now prepared! ✨

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@utkarsh232005 utkarsh232005 deleted the fix/publish-workflow-bypass branch May 17, 2026 18:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@utkarsh232005