From 652a2792ee2f66548c42e040fc9e88a36c2d5e23 Mon Sep 17 00:00:00 2001
From: Dmitry Prudnikov <mail@polaz.com>
Date: Thu, 9 Apr 2026 15:47:29 +0300
Subject: [PATCH] ci(release-please): use sw-release-bot app token for PR
 creation

org-level policy blocks GITHUB_TOKEN from creating PRs;
use RELEASER_APP_ID / RELEASER_APP_PRIVATE_KEY app token
(same pattern as publish.yml in structured-world/repo)
---
 .github/workflows/release-please.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index 78d52ee..28ddd98 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -13,8 +13,16 @@ jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate release bot token
+        id: app-token
+        uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf
+        with:
+          app-id: ${{ secrets.RELEASER_APP_ID }}
+          private-key: ${{ secrets.RELEASER_APP_PRIVATE_KEY }}
+
       - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38  # v4
         id: rp
         with:
+          token: ${{ steps.app-token.outputs.token }}
           config-file: release-please-config.json
           manifest-file: .release-please-manifest.json