From 08fe741bc81958b54e66696b9d376c700370a4d9 Mon Sep 17 00:00:00 2001
From: tehw0lf <tehwolf@protonmail.com>
Date: Sun, 15 Mar 2026 14:27:56 +0100
Subject: [PATCH] feat: pass GH_PAT secret through to publish-python-libraries
 for tag push trigger

---
 .github/workflows/build-test-publish.yml       | 4 ++++
 .github/workflows/publish-python-libraries.yml | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build-test-publish.yml b/.github/workflows/build-test-publish.yml
index d904383..81a4461 100755
--- a/.github/workflows/build-test-publish.yml
+++ b/.github/workflows/build-test-publish.yml
@@ -11,6 +11,8 @@ on:
         required: false
       NX_CLOUD_ACCESS_TOKEN:
         required: false
+      GH_PAT:
+        required: false
     inputs:
       root_dir:
         description: "path to project root"
@@ -310,6 +312,8 @@ jobs:
       runner: ${{ inputs.runner }}
       artifact_path: ${{ inputs.artifact_path }}
       tool: ${{ inputs.tool }}
+    secrets:
+      GH_PAT: ${{ secrets.GH_PAT }}
 
   publish_firefox_extension:
     if: ${{ github.event_name == 'push' && inputs.addon_guid != '' && inputs.xpi_path != '' }}
diff --git a/.github/workflows/publish-python-libraries.yml b/.github/workflows/publish-python-libraries.yml
index a5c81d4..8adfc61 100644
--- a/.github/workflows/publish-python-libraries.yml
+++ b/.github/workflows/publish-python-libraries.yml
@@ -2,6 +2,9 @@ name: publish python libraries
 
 on:
   workflow_call:
+    secrets:
+      GH_PAT:
+        required: true
     inputs:
       runner:
         description: "workflow-runner"
@@ -83,4 +86,4 @@ jobs:
             echo "::notice::[PyPI] Created and pushed tag ${{ steps.extract_version.outputs.release_tag }}"
           fi
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ secrets.GH_PAT }}