From d43e358e863b01e52583a7bea51f398f6a8da3b6 Mon Sep 17 00:00:00 2001
From: Kody Stribrny <kstribrn@amazon.com>
Date: Mon, 30 Mar 2026 16:26:47 -0700
Subject: [PATCH] Remove github_token input

Inputs need to be literal, static values.
Instead we should simply use `${{ secrets.GITHUB_TOKEN }}`
which is resolved at runtime
---
 .github/workflows/auto-release.yml | 18 +++++++-----------
 1 file changed, 7 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml
index c1786ac22..664f5db71 100644
--- a/.github/workflows/auto-release.yml
+++ b/.github/workflows/auto-release.yml
@@ -15,10 +15,6 @@ on:
         description: "Version String for task.h on main branch (leave empty to leave as-is)."
         required: false
         default: ''
-      github_token:
-        description: 'GitHub token for creating releases and pushing changes'
-        required: false
-        default: ${{ github.token }}
 
 jobs:
   release-packager:
@@ -35,7 +31,7 @@ jobs:
         with:
           architecture:   x64
         env:
-          GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install GitHub CLI
         run: |
@@ -90,7 +86,7 @@ jobs:
           VERSION_NUMBER: ${{ github.event.inputs.version_number }}
           MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }}
           COMMIT_SHA_1: ${{ env.COMMIT_SHA_1 }}
-          GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           # Install deps and run
           pip install -r ./tools/.github/scripts/release-requirements.txt
@@ -126,7 +122,7 @@ jobs:
       - name: Create pull request
         env:
           VERSION_NUMBER: ${{ github.event.inputs.version_number }}
-          GH_TOKEN: ${{ github.event.inputs.github_token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           REPO_FULL_NAME: ${{ github.repository }}
         working-directory: ./local_kernel
         run: |
@@ -140,7 +136,7 @@ jobs:
 
       - name: Wait for PR to be merged
         env:
-          GH_TOKEN: ${{ github.event.inputs.github_token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           REPO_FULL_NAME: ${{ github.repository }}
         working-directory: ./local_kernel
         run: |
@@ -179,7 +175,7 @@ jobs:
       - name: Commit SBOM file
         env:
           VERSION_NUMBER: ${{ github.event.inputs.version_number }}
-          GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         working-directory: ./local_kernel
         run: |
           git add .
@@ -193,7 +189,7 @@ jobs:
           MAIN_BR_VERSION_NUMBER: ${{ github.event.inputs.main_br_version }}
           COMMIT_SHA_2: ${{ env.COMMIT_SHA_2 }}
           REPO_OWNER: ${{ github.repository_owner }}
-          GITHUB_TOKEN: ${{ github.event.inputs.github_token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           # Install deps and run
           pip install -r ./tools/.github/scripts/release-requirements.txt
@@ -212,7 +208,7 @@ jobs:
         if: always()
         env:
           VERSION_NUMBER: ${{ github.event.inputs.version_number }}
-          GH_TOKEN: ${{ github.event.inputs.github_token }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         working-directory: ./local_kernel
         run: |
           # Only delete release-prep branch if the PR was already merged