fix(ci): revert broken PAT, make manifest bump non-fatal

[slashben]

Summary

• GH_PERSONAL_ACCESS_TOKEN is expired/invalid — checkout fails with "could not read Username"
• Revert to default GITHUB_TOKEN for checkout
• Make the manifest bump git push non-fatal (|| warning) so the release (tag, goreleaser, S3, CloudFront) proceeds even if branch protection blocks the direct push
• Manifest version bump can be done manually after release if needed

Test plan

• Merge with release label → v0.0.12 release completes successfully

Summary by CodeRabbit

• Chores
  • Enhanced workflow reliability to gracefully handle branch protection restrictions with fallback messaging, ensuring the automated process continues even when manual intervention may be needed.

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Free

Run ID: caa2dca6-b0b5-422c-ae79-312c496f7dd8

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The PR merge workflow is simplified and hardened: the checkout step removes explicit token configuration to use GitHub Actions' default token, and the manifest push command now gracefully degrades on failure with a warning instead of halting the workflow.

Changes

Checkout and Push Reliability

Layer / File(s)	Summary
Checkout token and push resilience .github/workflows/pr-merged.yaml	actions/checkout@v4 no longer supplies an explicit personal access token, and the manifest bump git push is wrapped with a fallback || echo clause to emit a warning and continue if the push fails due to branch protection or other issues.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Poem

🐰 A workflow refined with graceful care,
No token bloat in the air,
When pushes fail, we gently pass,
With warnings logged for safety's glass! 🌿

---

Note

🎁 Summarized by CodeRabbit Free

Your organization is on the Free plan. CodeRabbit will generate a high-level summary and a walkthrough for each pull request. For a comprehensive line-by-line review, please upgrade your subscription to CodeRabbit Pro by visiting https://app.coderabbit.ai/login.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR adjusts the release workflow to avoid relying on an expired PAT and to let releases continue when manifest version bump pushes are blocked.

Changes:

• Removes the custom checkout token so actions/checkout uses the default GITHUB_TOKEN.
• Makes the manifest bump git push best-effort by converting push failure into a workflow warning.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.