From 372f81acd5dfc4462b92554823a89c006d134d6c Mon Sep 17 00:00:00 2001
From: motoki317 <motoki317@gmail.com>
Date: Thu, 14 Aug 2025 18:36:37 +0900
Subject: [PATCH 1/2] fix: inherit secrets

---
 .github/workflows/tag.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/tag.yaml b/.github/workflows/tag.yaml
index 2692db6b..56ec2902 100644
--- a/.github/workflows/tag.yaml
+++ b/.github/workflows/tag.yaml
@@ -77,6 +77,7 @@ jobs:
     uses: ./.github/workflows/release.yaml
     with:
       ref_name: ${{ needs.tag.outputs.new-tag }}
+    secrets: inherit
 
   # Bump and release helm chart on app release
   helm-tag:
@@ -84,3 +85,4 @@ jobs:
     uses: ./.github/workflows/release-helm.yaml
     with:
       strategy: ${{ inputs.strategy }}
+    secrets: inherit

From 67ed47267d4506a2e47f0844d465d33365a11f79 Mon Sep 17 00:00:00 2001
From: motoki317 <motoki317@gmail.com>
Date: Thu, 14 Aug 2025 18:37:13 +0900
Subject: [PATCH 2/2] fix: Move dispatch renovate action to helm release

---
 .github/workflows/release-helm.yaml | 15 +++++++++++++++
 .github/workflows/release.yaml      | 16 ----------------
 2 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/release-helm.yaml b/.github/workflows/release-helm.yaml
index bf06beb3..dfe80b76 100644
--- a/.github/workflows/release-helm.yaml
+++ b/.github/workflows/release-helm.yaml
@@ -74,3 +74,18 @@ jobs:
         run: |
           cd charts
           ./publish.sh ${{ inputs.chart }} oci://ghcr.io/${{ env.REGISTRY_USER }}/charts
+
+  dispatch-renovate:
+    runs-on: ubuntu-latest
+    needs: [ release ]
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.DISPATCH_PAT }}
+          script: |
+            await github.rest.actions.createWorkflowDispatch({
+              owner: 'traPtitech',
+              repo: 'manifest',
+              workflow_id: 'renovate.yaml',
+              ref: 'main'
+            })
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0c9102b9..34b36d99 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -97,19 +97,3 @@ jobs:
           # tag_name will default in the current branch name for workflow_dispatch via workflow_call, so we're passing tag value via inputs manually.
           tag_name: ${{ inputs.ref_name || github.ref_name }}
           generate_release_notes: true
-
-  dispatch-renovate:
-    name: Dispatch Renovate
-    runs-on: ubuntu-latest
-    needs: [ image, release ]
-    steps:
-      - uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.DISPATCH_PAT }}
-          script: |
-            await github.rest.actions.createWorkflowDispatch({
-              owner: 'traPtitech',
-              repo: 'manifest',
-              workflow_id: 'renovate.yaml',
-              ref: 'main'
-            })