From 618ce89f7e5a299f6e139bdb9bf54ea51d907e0f Mon Sep 17 00:00:00 2001
From: Guilherme Souza <ogrsouza@gmail.com>
Date: Tue, 24 Feb 2026 07:57:45 -0300
Subject: [PATCH 1/3] ci(release): use GitHub App token in release-prepare for
 PR creation

GITHUB_TOKEN is not permitted to create PRs in this repo. Switch to the
GitHub App token (same pattern as release-tag and release-publish) so
melos-action can successfully open the release PR.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release-prepare.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-prepare.yml b/.github/workflows/release-prepare.yml
index b9ba37e2f..0fa713ea3 100644
--- a/.github/workflows/release-prepare.yml
+++ b/.github/workflows/release-prepare.yml
@@ -23,11 +23,18 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
+      - name: Generate token
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+
       - name: Checkout
         uses: actions/checkout@v6
         with:
           fetch-depth: 0
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Setup Flutter
         uses: subosito/flutter-action@v2

From e9852f31dd135ad08a67a323366fbb398efd3097 Mon Sep 17 00:00:00 2001
From: Guilherme Souza <ogrsouza@gmail.com>
Date: Tue, 24 Feb 2026 08:09:11 -0300
Subject: [PATCH 2/3] ci(release): switch to grdsdev/melos-action fork with
 token support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Use grdsdev/melos-action@feat/custom-token-for-create-pr across all three
release workflows. Pass the App token to the melos-action in release-prepare
so peter-evans/create-pull-request uses it directly — the fork's token input
is the correct fix for the GITHUB_TOKEN PR creation restriction.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release-prepare.yml | 3 ++-
 .github/workflows/release-publish.yml | 2 +-
 .github/workflows/release-tag.yml     | 2 +-
 3 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-prepare.yml b/.github/workflows/release-prepare.yml
index 0fa713ea3..7792620ba 100644
--- a/.github/workflows/release-prepare.yml
+++ b/.github/workflows/release-prepare.yml
@@ -42,9 +42,10 @@ jobs:
           cache: true
 
       - name: Setup Melos
-        uses: bluefireteam/melos-action@v3
+        uses: grdsdev/melos-action@feat/custom-token-for-create-pr
         with:
           run-versioning: ${{ inputs.prerelease == false }}
           run-versioning-prerelease: ${{ inputs.prerelease == true }}
           run-versioning-graduate: ${{ inputs.graduate == true }}
           create-pr: true
+          token: ${{ steps.app-token.outputs.token }}
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index b64fdcd9e..c2e2d7928 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -44,7 +44,7 @@ jobs:
           cache: true
 
       - name: Bootstrap with Melos
-        uses: bluefireteam/melos-action@v3
+        uses: grdsdev/melos-action@feat/custom-token-for-create-pr
 
       - name: Publish dry run
         run: melos publish --scope ${{ inputs.package-name }} --dry-run
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index eeaee0719..3def37a56 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -36,7 +36,7 @@ jobs:
           cache: true
 
       - name: Setup Melos
-        uses: bluefireteam/melos-action@v3
+        uses: grdsdev/melos-action@feat/custom-token-for-create-pr
         with:
           tag: true
       - name: Trigger publish workflows

From beb8540a08040855cf759351d6609ba995baa00d Mon Sep 17 00:00:00 2001
From: Guilherme Souza <ogrsouza@gmail.com>
Date: Wed, 25 Mar 2026 14:42:50 -0300
Subject: [PATCH 3/3] ci(release): pin melos-action to upstream v3.6.0 SHA

The fork's token input was merged upstream as v3.6.0. Switch all three
release workflows back to bluefireteam/melos-action, pinned to the
release SHA for supply-chain safety.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/release-prepare.yml | 2 +-
 .github/workflows/release-publish.yml | 2 +-
 .github/workflows/release-tag.yml     | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release-prepare.yml b/.github/workflows/release-prepare.yml
index 7792620ba..c7a13c25e 100644
--- a/.github/workflows/release-prepare.yml
+++ b/.github/workflows/release-prepare.yml
@@ -42,7 +42,7 @@ jobs:
           cache: true
 
       - name: Setup Melos
-        uses: grdsdev/melos-action@feat/custom-token-for-create-pr
+        uses: bluefireteam/melos-action@705015c3d2bc4ab94201ac24accb2bbe070cf533 # v3.6.0
         with:
           run-versioning: ${{ inputs.prerelease == false }}
           run-versioning-prerelease: ${{ inputs.prerelease == true }}
diff --git a/.github/workflows/release-publish.yml b/.github/workflows/release-publish.yml
index c2e2d7928..1d61ef168 100644
--- a/.github/workflows/release-publish.yml
+++ b/.github/workflows/release-publish.yml
@@ -44,7 +44,7 @@ jobs:
           cache: true
 
       - name: Bootstrap with Melos
-        uses: grdsdev/melos-action@feat/custom-token-for-create-pr
+        uses: bluefireteam/melos-action@705015c3d2bc4ab94201ac24accb2bbe070cf533 # v3.6.0
 
       - name: Publish dry run
         run: melos publish --scope ${{ inputs.package-name }} --dry-run
diff --git a/.github/workflows/release-tag.yml b/.github/workflows/release-tag.yml
index 3def37a56..9784e79f0 100644
--- a/.github/workflows/release-tag.yml
+++ b/.github/workflows/release-tag.yml
@@ -36,7 +36,7 @@ jobs:
           cache: true
 
       - name: Setup Melos
-        uses: grdsdev/melos-action@feat/custom-token-for-create-pr
+        uses: bluefireteam/melos-action@705015c3d2bc4ab94201ac24accb2bbe070cf533 # v3.6.0
         with:
           tag: true
       - name: Trigger publish workflows