Use PAT for changeset release PR updates

.github/workflows/release.yml

@@ -24,6 +24,10 @@ jobs:
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          # Avoid persisting the default GITHUB_TOKEN in git config. That token causes
+          # changeset-release/* pushes and PR updates to skip downstream CI.
+          persist-credentials: false
+          token: ${{ secrets.RELEASE_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
 
       - name: Setup Vite+
         uses: voidzero-dev/setup-vp@v1
@@ -42,7 +46,9 @@ jobs:
           title: "chore: release packages"
           commit: "chore: release packages"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          # Use a PAT or GitHub App installation token so release PR pushes trigger
+          # normal pull_request/push workflows on changeset-release/* branches.
+          GITHUB_TOKEN: ${{ secrets.RELEASE_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
       - name: Published packages summary

README.md

@@ -114,4 +114,6 @@ Prefer npm trusted publishing with GitHub Actions OIDC. This workflow already in
 
 If you are not using trusted publishing yet, you can instead provide an `NPM_TOKEN` GitHub Actions secret.
 
+To ensure CI runs on the auto-generated `changeset-release/*` PRs, also configure a `RELEASE_GITHUB_TOKEN` secret (PAT or GitHub App installation token) with repository `Contents: Read and write` and `Pull requests: Read and write`. The release workflow falls back to `GITHUB_TOKEN`, but that fallback will not trigger downstream workflows for release PR updates.
+
 The workflow is defined in `.github/workflows/release.yml`.