Change GITHUB_TOKEN secret for publish workflow

[curquiza]

Try to fix bug of CI not running

Summary by CodeRabbit

• Chores

  • Updated the release publishing workflow to use a new authentication token for creating release PRs or publishing to npm. This improves reliability of the release process without altering application behavior.

• No User-Facing Changes

  • No features, fixes, or UI updates in this release. No action required for end users.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 2656f07

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

The GitHub Actions publish workflow updates the environment variable for the release/publish step, switching GITHUB_TOKEN from secrets.GITHUB_TOKEN to secrets.MEILI_BOT_GH_PAT. No other steps, environment variables, or control flow are modified.

Changes

Cohort / File(s)	Summary
CI/CD Workflow \.github/workflows/publish.yml	Updated the "Create Release Pull Request or Publish to npm" step to use secrets.MEILI_BOT_GH_PAT for GITHUB_TOKEN instead of secrets.GITHUB_TOKEN; all other env and steps unchanged.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

A twitch of a whisker, a token swap,
In pipelines’ burrow—no extra hop.
I thump approval, ears held high,
Releases leap, the carrots fly.
Tiny tweak, smooth nightly run—
Ship it, ship it—job well done! 🥕🐇

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Change GITHUB_TOKEN secret for publish workflow" directly and concisely describes the primary change in the diff, which replaces secrets.GITHUB_TOKEN with secrets.MEILI_BOT_GH_PAT in the publish workflow file. It is specific to the publish workflow and clearly communicates the intent to change the token used for publishing. The phrasing is short, readable, and appropriate for scanning project history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch curquiza-patch-1

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/publish.yml (1)

39-42: Switching to a PAT is fine—verify scopes and harden the workflow.

• Ensure MEILI_BOT_GH_PAT is a fine‑grained PAT limited to this repo, with only needed scopes: at minimum contents:write and pull_requests:write. Add workflows:write only if you truly need to modify/trigger workflows.
• Set an expiration and rotation policy for the PAT; store it at org level if multiple repos share it.
• Consider protecting it behind an Actions environment with required reviewers (e.g., environment: release), and move the secret into that environment.

Optional hardening:

• Because you’re not using the default GITHUB_TOKEN, set minimal default permissions to reduce blast radius:

# Add near the top level of the workflow (sibling of `on:`)
permissions:
  contents: read

• Or restrict at the job level similarly if preferred.

Checklist to confirm:

• The secret MEILI_BOT_GH_PAT exists in the repo/org and is available to this workflow.
• The PAT scopes are minimal (contents/pull_requests write; workflows write only if required).
• Environment protection (optional) is configured if you want human approval before publishing.
• This change indeed resolves the CI trigger issue with changesets/action@v1 (expected when replacing the default GITHUB_TOKEN).

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 91f3262 and 2656f07.

📒 Files selected for processing (1)

• .github/workflows/publish.yml (1 hunks)