Skip to content

Backfill v5.0.0 changelog and enable PAT-based sync#29

Merged
marianogoldman merged 1 commit into
masterfrom
fix/release-changelog-token
Jun 13, 2026
Merged

Backfill v5.0.0 changelog and enable PAT-based sync#29
marianogoldman merged 1 commit into
masterfrom
fix/release-changelog-token

Conversation

@marianogoldman

@marianogoldman marianogoldman commented Jun 13, 2026

Copy link
Copy Markdown
Contributor

Why

The v5.0.0 release did trigger update-changelog.yml and it generated the changelog correctly — but the final push to master was rejected by branch protection:

remote: error: GH006: Protected branch update failed for refs/heads/master.
remote: - 2 of 2 required status checks are expected.

master uses classic branch protection with enforce_admins: true + required status checks (PHP 8.4 / 8.5). The default GITHUB_TOKEN (github-actions[bot]) can't push directly because it can't satisfy those checks. So CHANGELOG.md was never updated.

What this PR does

  • Backfills the v5.0.0 entry into CHANGELOG.md (one-off, since that release already happened) and points the Unreleased compare link at v5.0.0.
  • Updates update-changelog.yml to check out master with an admin PAT (secrets.RELEASE_TOKEN) so future releases can push the changelog commit.

⚠️ Required manual steps before the next release (your side)

  1. Create a PAT owned by an admin (you):
    • Fine-grained → repo puntodev/bookablesContents: Read and write.
  2. Add it as a repo secret named RELEASE_TOKEN
    (Settings → Secrets and variables → Actions).
  3. Disable enforce_admins on master so the admin PAT can bypass the required
    status checks on a direct push: 
    gh api -X DELETE repos/puntodev/bookables/branches/master/protection/enforce_admins
    (Reversible: PUT the same endpoint to re-enable.)

Without step 3, even an admin PAT is blocked. With it, the bot push bypasses the checks while everything else stays protected (force-pushes/deletions still blocked, linear history enforced).

🤖 Generated with Claude Code

@marianogoldman @claude
Backfill v5.0.0 changelog and push via admin PAT
60e8a4a 
The v5.0.0 release workflow generated the changelog correctly but the push
to master was rejected by branch protection (GITHUB_TOKEN cannot satisfy the
required status checks on a direct push), so CHANGELOG.md was never updated.

- Backfill the v5.0.0 entry manually (one-off) and point the Unreleased
  compare link at v5.0.0.
- Update update-changelog.yml to check out master with an admin PAT
  (secrets.RELEASE_TOKEN) so future releases can push the changelog commit;
  this requires enforce_admins to be disabled on master.

Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
@marianogoldman marianogoldman marked this pull request as ready for review June 13, 2026 13:08
@marianogoldman marianogoldman merged commit 285ffd1 into master Jun 13, 2026
2 checks passed
@marianogoldman marianogoldman deleted the fix/release-changelog-token branch June 13, 2026 13:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marianogoldman