fix(ci): add gh auth setup-git to release-plz.sh

[jdx]

Summary

• Follow-up to #471: the release-plz checkout now uses persist-credentials: false, so the token isn't written to .git/config and git push origin release --force in scripts/release-plz.sh would 403.
• Mirror the workaround already applied to scripts/postversion.sh:9 by calling gh auth setup-git after the git config user.{name,email} block, before any git push.

Flagged by Cursor Bugbot on #471 (review).

Test plan

• Next scheduled release-plz run (or manual workflow_dispatch) successfully pushes the release branch without a 403.

🤖 Generated with Claude Code

---

Note

Low Risk
Low risk CI-only change that affects the release automation path; main impact is whether the workflow can successfully push the release branch.

Overview
Fixes the scripts/release-plz.sh release automation to run gh auth setup-git after setting the git author, ensuring git push works when actions/checkout uses persist-credentials: false.

This prevents 403 failures when pushing the forced release branch during automated version bump PR creation.

^{Reviewed by Cursor Bugbot for commit f694191. Bugbot is set up for automated code reviews on this repo. Configure here.}

[greptile-apps]

Greptile Summary

Adds gh auth setup-git to scripts/release-plz.sh so the GitHub CLI credential helper is active before git push origin release --force. This is needed because the checkout action now uses persist-credentials: false, which means no token is written to .git/config.

• The fix is correctly placed after git config user.{name,email} and before any git push, mirroring the identical call already present at the top of scripts/postversion.sh.
• No other code paths in the script call git push, so the placement covers the only affected operation.

Confidence Score: 5/5

Safe to merge — single-line addition that directly mirrors the pattern in postversion.sh with no side-effects outside the git push path.

The change is a one-line call to gh auth setup-git, already proven in the same repo via postversion.sh. It is inserted in the only code path that performs a git push, after all guard clauses and before the push itself, so there is no risk of unintended side effects.

No files require special attention.

Important Files Changed

Filename	Overview
scripts/release-plz.sh	Adds gh auth setup-git after the git config user.{name,email} block and before git push origin release --force, matching the identical pattern in postversion.sh to fix 403s caused by persist-credentials: false on the checkout step.

_{Reviews (1): Last reviewed commit: "fix(ci): add gh auth setup-git to releas..." | Re-trigger Greptile}

[gemini-code-assist]

Code Review

This pull request updates the scripts/release-plz.sh script to include gh auth setup-git, ensuring proper authentication for git operations when persistent credentials are disabled. The reviewer suggested explicitly specifying the hostname in the setup command to improve robustness in CI environments.

[gemini-code-assist]

While gh auth setup-git correctly configures the credential helper for the default host, it is generally more robust in CI scripts to explicitly specify the hostname to avoid ambiguity or potential prompts in environments with multiple configured hosts.

Suggested change

	gh auth setup-git
	gh auth setup-git --hostname github.com