[BUG] Release workflow fails due to branch protection rule blocking direct pushes to main

[kami619]

Bug Description

The Release workflow (release.yml) has been failing since March 4, 2026 because @semantic-release/git cannot push release commits (CHANGELOG.md, pyproject.toml, CLAUDE.md updates) directly to the main branch. GitHub repository rules now require all changes to go through a pull request, blocking the automated release process.

To Reproduce

1. Merge any commit with a releasable type (e.g., fix:, feat:) to main
2. Observe the Release workflow trigger automatically
3. Watch the "Run semantic-release" step fail at the @semantic-release/git prepare phase
4. See error: GH013: Repository rule violations found for refs/heads/main

Expected Behavior

semantic-release should successfully:

1. Analyze commits and determine the next version
2. Update CHANGELOG.md, pyproject.toml, and CLAUDE.md
3. Push the release commit to main
4. Create a GitHub release with the new tag
5. Publish to PyPI

Actual Behavior

semantic-release fails at step 3 with:

remote: error: GH013: Repository rule violations found for refs/heads/main. remote: - Changes must be made through a pull request. ! [remote rejected] HEAD -> main (push declined due to repository rule violations)

The release is not created, PyPI is not updated, and the fix commit remains unreleased.

Environment

• OS: ubuntu-latest (GitHub Actions runner)
• Version: 2.29.5 (last successful release)
• semantic-release: 25.0.3
• @semantic-release/git: latest (unpinned)
• Node.js: 24.14.0

Additional Context

• Last successful run:
  Run #204 on 2026-03-03 (released v2.29.5)
• First failed run:
  Run #205 on 2026-03-04
• Affected runs: fix: add bounded retry logic for LLM rate limit handling #205, fix: make E2E test timeouts configurable and add sensitive directory test #206, [P0] Comprehensive Testing Strategy Refactor #207 (all fail at same step)
• Unreleased commits: fix(assessors): support project-named directories... should be v2.29.6

Branch protection rules were likely added or modified between March 3-4, 2026.

Possible Solution

Option 1 (Recommended): Add a bypass rule for github-actions[bot] in the repository ruleset:

• Go to Settings → Rules → Rulesets
• Edit the ruleset protecting main
• Add bypass for "GitHub Actions" or the specific workflow actor

Option 2: Use a Personal Access Token (PAT) with admin/bypass permissions instead of GITHUB_TOKEN:

- name: Checkout code
  uses: actions/checkout@v6
  with:
    token: ${{ secrets.RELEASE_PAT }}  # PAT with bypass permissions

[kami619]

https://github.com/ambient-code/agentready/actions/runs/22732968660

This issue is fixed by Gage !