From 976706835973df547a30647f9f6e78faeccec1a1 Mon Sep 17 00:00:00 2001
From: Aaron Powell <me@aaron-powell.com>
Date: Wed, 4 Mar 2026 13:21:41 +1100
Subject: [PATCH] Fix codeowner-update: remove explicit github-token, use
 default fallback

Without explicit github-token, the compiler generates a proper
fallback chain (GH_AW_GITHUB_TOKEN || GITHUB_TOKEN) ensuring
a valid token is always available for git push operations.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 .github/workflows/codeowner-update.lock.yml | 6 +++---
 .github/workflows/codeowner-update.md       | 1 -
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/codeowner-update.lock.yml b/.github/workflows/codeowner-update.lock.yml
index f7e3cdc3..e7e1b488 100644
--- a/.github/workflows/codeowner-update.lock.yml
+++ b/.github/workflows/codeowner-update.lock.yml
@@ -23,7 +23,7 @@
 #
 # Updates the CODEOWNERS file when a maintainer comments #codeowner on a pull request
 #
-# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"edaff46e25ba674f8512347478438e0c356ed363be139c723815aa6381cca5fd"}
+# gh-aw-metadata: {"schema_version":"v1","frontmatter_hash":"015ef8c7217fdc453ca70bfea824f686343207a99eebdccdb45f31e70700da45"}
 
 name: "Codeowner Update Agent"
 "on":
@@ -1130,7 +1130,7 @@ jobs:
         if: ((!cancelled()) && (needs.agent.result != 'skipped')) && (contains(needs.agent.outputs.output_types, 'create_pull_request'))
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
-          token: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          token: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
           persist-credentials: false
           fetch-depth: 1
       - name: Configure Git credentials
@@ -1138,7 +1138,7 @@ jobs:
         env:
           REPO_NAME: ${{ github.repository }}
           SERVER_URL: ${{ github.server_url }}
-          GIT_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN }}
+          GIT_TOKEN: ${{ secrets.GH_AW_GITHUB_TOKEN || secrets.GITHUB_TOKEN }}
         run: |
           git config --global user.email "github-actions[bot]@users.noreply.github.com"
           git config --global user.name "github-actions[bot]"
diff --git a/.github/workflows/codeowner-update.md b/.github/workflows/codeowner-update.md
index 7bca8bd2..eea1ea7a 100644
--- a/.github/workflows/codeowner-update.md
+++ b/.github/workflows/codeowner-update.md
@@ -16,7 +16,6 @@ safe-outputs:
     base-branch: staged
     title-prefix: "[codeowner] "
     draft: false
-    github-token: ${{ secrets.GH_AW_GITHUB_TOKEN }}
   add-comment:
     max: 1
   noop: