fix: use provided github-token for writeback push

jack-champagne · claude · jack-champagne · commit 0bd0f066afec · 2026-02-27T23:53:25.000-05:00
The writeback git push was using the default GITHUB_TOKEN (set up by
actions/checkout), which cannot bypass branch protection rules even when
the PAT owner is configured as a bypass actor. Switch the remote URL to
authenticate with inputs.github-token (typically a PAT with repo scope)
so the push is attributed to the token owner and respects their bypass
permissions.

Co-Authored-By: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/action.yml b/action.yml
@@ -91,13 +91,16 @@ runs:
     - name: Commit writeback changes
       if: inputs.writeback == 'true' && inputs.dry-run != 'true'
       shell: bash
+      env:
+        GH_TOKEN: ${{ inputs.github-token }}
       run: |
         if git diff --quiet "${{ inputs.tasks-file }}"; then
           echo "No writeback changes to commit"
           exit 0
         fi
         git config user.name "tasksmd-sync[bot]"
         git config user.email "tasksmd-sync[bot]@users.noreply.github.com"
+        git remote set-url origin "https://x-access-token:${{ inputs.github-token }}@github.com/${{ github.repository }}.git"
         git add "${{ inputs.tasks-file }}"
         git commit -m "chore: write back board item IDs to ${{ inputs.tasks-file }}"
         git push
