Use PAT over GITHUB_TOKEN #3

	name: Bump version tag on merge

	on:
	pull_request:
	types: [closed]
	branches: [main]

	jobs:
	tag:
	if: github.event.pull_request.merged == true
	runs-on: ubuntu-latest

	concurrency:
	group: tag-main
	cancel-in-progress: false

	permissions:
	contents: write

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0

	- name: Get latest tag
	id: latest
	run: \|
	git fetch --tags
	tag=$(git tag --sort=-v:refname \| head -n 1)
	echo "tag=${tag:-v0.0.0}" >> $GITHUB_OUTPUT

	- name: Determine bump
	id: bump
	run: \|
	labels='${{ toJson(github.event.pull_request.labels.*.name) }}'
	if echo "$labels" \| grep -q "bump:major"; then
	echo "type=major" >> $GITHUB_OUTPUT
	elif echo "$labels" \| grep -q "bump:minor"; then
	echo "type=minor" >> $GITHUB_OUTPUT
	elif echo "$labels" \| grep -q "bump:patch"; then
	echo "type=patch" >> $GITHUB_OUTPUT
	else
	echo "No bump label found" >&2
	exit 1
	fi

	- name: Calculate next version
	id: version
	run: \|
	v=${{ steps.latest.outputs.tag }}
	v=${v#v}
	IFS=. read major minor patch <<< "$v"

	case "${{ steps.bump.outputs.type }}" in
	major) major=$((major+1)); minor=0; patch=0 ;;
	minor) minor=$((minor+1)); patch=0 ;;
	patch) patch=$((patch+1)) ;;
	esac

	echo "next=v$major.$minor.$patch" >> $GITHUB_OUTPUT

	- name: Create and push tag
	env:
	PAT: ${{ secrets.ORG_PAT }}
	run: \|
	git config --global user.name "GitHub Actions"
	git config --global user.email "[email protected]"

	TAG=${{ steps.version.outputs.next }}

	git tag "$TAG"

	git push https://x-access-token:${PAT}@github.com/${{ github.repository }}.git \
	"$TAG"

Provide feedback