ci: fix token permissions

[lachlancollins]

🎯 Changes

✅ Checklist

• I have followed the steps in the Contributing guide.
• I have tested this code locally with pnpm test:pr.

🚀 Release Impact

• This change affects published code, and I have generated a changeset.
• This change is docs/CI/dev-only (no release).

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflows to standardize token provisioning. Replaced custom environment variables with standard GitHub-provided token secrets across changeset preview and release comment workflows. No functional changes to existing operations.

[changeset-bot]

⚠️ No Changeset found

Latest commit: cc31023

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1bde43b5-30ea-46cd-b879-8bf24aec0ada

📥 Commits

Reviewing files that changed from the base of the PR and between 6b05c90 and cc31023.

📒 Files selected for processing (3)

• .github/changeset-preview/action.yml
• .github/changeset-preview/upsert-pr-comment.mjs
• .github/comment-on-release/action.yml

---

📝 Walkthrough

Walkthrough

Replaces custom action environment variables (REPOSITORY, GH_TOKEN) with GITHUB_TOKEN from secrets.GITHUB_TOKEN in three GitHub Action-related files and removes the GH_TOKEN fallback in the JS token resolution. No other control flow or error handling changes.

Changes

Cohort / File(s)	Summary
Action workflow files .github/changeset-preview/action.yml, .github/comment-on-release/action.yml	Replaced REPOSITORY and GH_TOKEN env vars with GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} in action definitions; no other step logic changed.
Token resolution logic .github/changeset-preview/upsert-pr-comment.mjs	Removed fallback to process.env.GH_TOKEN; token now resolves only from process.env.GITHUB_TOKEN (or explicit arg).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• ci: fix token permissions #359 — Makes the same CI token changes: replacing REPOSITORY/GH_TOKEN with secrets.GITHUB_TOKEN and removing the GH_TOKEN fallback.

Poem

🐰
Hop-hop, one token to bind,
Secrets now neat, no stray to find,
Workflows whisper, tidy and kind,
A carrot of clarity for Devs to mind 🥕

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch permissions

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit cc31023

Command	Status	Duration	Result
nx affected --targets=test:sherif,test:docs,tes...	✅ Succeeded	<1s	View ↗
nx run-many --target=build	✅ Succeeded	<1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-17 11:37:59 UTC

[pkg-pr-new]

npm i https://pkg.pr.new/@tanstack/eslint-config@359

npm i https://pkg.pr.new/@tanstack/publish-config@359

npm i https://pkg.pr.new/@tanstack/typedoc-config@359

npm i https://pkg.pr.new/@tanstack/vite-config@359

commit: cc31023

[github-actions]

🚀 Changeset Version Preview

No changeset entries found. Merging this PR will not cause a version bump for any packages.