diff --git a/.github/workflows/sync-readme-versions.yml b/.github/workflows/sync-readme-versions.yml
index a88da57d..77527fb3 100644
--- a/.github/workflows/sync-readme-versions.yml
+++ b/.github/workflows/sync-readme-versions.yml
@@ -15,6 +15,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      pull-requests: write
     timeout-minutes: 5
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
@@ -25,10 +26,19 @@ jobs:
           node-version: 24
       - name: Sync action version references
         run: pnpm run sync:readme
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       - name: Commit and push version reference updates
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git add README.md delete/README.md .github/workflow-templates/deploy.yml .github/workflow-templates/delete.yml
-          git diff --staged --quiet || git commit -m "docs: update action version references [skip ci]"
-          git push
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 #v8.1.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'docs: update action version references [skip ci]'
+          sign-commits: true
+          title: 'docs: update action version references'
+          branch: docs/sync-action-versions
+          delete-branch: true
+          add-paths: |
+            README.md
+            delete/README.md
+            .github/workflow-templates/deploy.yml
+            .github/workflow-templates/delete.yml
diff --git a/bin/sync-readme-versions.ts b/bin/sync-readme-versions.ts
index a99c9efd..8604f542 100644
--- a/bin/sync-readme-versions.ts
+++ b/bin/sync-readme-versions.ts
@@ -11,6 +11,7 @@ import {graphql} from '@/gql/gql.js'
 import packageJson from '../package.json' with {type: 'json'}
 
 const GITHUB_GRAPHQL_API = 'https://api.github.com/graphql'
+const TOKEN = process.env['GITHUB_TOKEN']
 
 /**
  * Replaces all `andykenward/github-actions-cloudflare-pages` action version
@@ -53,14 +54,13 @@ const request = async <TResult, TVariables>(
   query: TypedDocumentString<TResult, TVariables>,
   variables: TVariables
 ): Promise<TResult> => {
-  const token = process.env['GITHUB_TOKEN']
-  const headers: Record<string, string> = {'Content-Type': 'application/json'}
-  if (token) headers['authorization'] = `bearer ${token}`
-
   const res = await fetch(GITHUB_GRAPHQL_API, {
     method: 'POST',
-    headers,
-    body: JSON.stringify({query: query.toString(), variables})
+    headers: {
+      authorization: `bearer ${TOKEN}`,
+      'Content-Type': 'application/json'
+    },
+    body: JSON.stringify({query, variables})
   })
   assert.ok(res.ok, `GitHub API request failed: ${res.status}`)
   const {data, errors} = (await res.json()) as {data: TResult; errors?: unknown}