From 2eb35e94e9de27abf6b624aaf44d589c95e89041 Mon Sep 17 00:00:00 2001
From: Stefano Bertelli <stefano.bertelli@b2z-insurance.com>
Date: Mon, 30 Mar 2026 21:47:25 -0500
Subject: [PATCH] fix: configure git auth for tag push in release job

The manual git clone doesn't set up HTTPS credentials like
actions/checkout did. Configure the extraheader with GITHUB_TOKEN
so git push can authenticate when creating release tags.
---
 .forgejo/workflows/release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml
index b3ea457..7917fdf 100644
--- a/.forgejo/workflows/release.yml
+++ b/.forgejo/workflows/release.yml
@@ -59,6 +59,9 @@ jobs:
           apt-get update && apt-get install -y --no-install-recommends bash git python3 ca-certificates
           git clone ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git .
           git checkout ${GITHUB_SHA}
+          git config --local http.${GITHUB_SERVER_URL}/.extraheader "AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | base64 -w0)"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Determine version bump
         id: version