Use PAT for Changesets workflow to auto-trigger CI on version PRs

[prosdev]

Summary

Currently, when the Changesets release workflow creates "Version Packages" PRs, CI doesn't automatically trigger because the default GITHUB_TOKEN doesn't trigger workflows on bot-created PRs. This requires manual intervention (close/reopen) to run CI before merging.

Problem

• Version PRs created by github-actions[bot] don't trigger CI workflows
• Requires manual action to trigger CI on every version PR
• Not sustainable for automated releases

Proposed Solution

Use a Personal Access Token (PAT) or GitHub App token instead of the default GITHUB_TOKEN when creating version PRs. PRs created with a PAT do trigger CI workflows.

Benefits

• Fully automated releases with no manual intervention
• CI protection on all PRs including version bumps
• Sustainable workflow for the long term

Implementation Overview

1. Create a fine-grained PAT with contents: write and pull-requests: write permissions
2. Add it as a repository secret (e.g., CHANGESETS_TOKEN)
3. Update .github/workflows/release.yml to use the PAT:

   env:
     GITHUB_TOKEN: ${{ secrets.CHANGESETS_TOKEN }}

Alternative: GitHub App

For better security, consider using a GitHub App that generates short-lived tokens instead of a long-lived PAT.

Tasks

• Create PAT or GitHub App
• Add token as repository secret
• Update release workflow to use the token
• Test with a release to verify CI triggers
• Document the setup in CI.md