Updated release workflow with deploy keys

.github/workflows/release.yml

@@ -22,7 +22,7 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v4
       with:
-        token: ${{ secrets.ADMIN_TOKEN }}
+        ssh-key: ${{ secrets.DEPLOY_KEY }}
         fetch-depth: 0
 
     - name: Configure Git
@@ -65,7 +65,7 @@ jobs:
     - name: Create GitHub Release
       uses: actions/create-release@v1
       env:
-        GITHUB_TOKEN: ${{ secrets.ADMIN_TOKEN }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         tag_name: v${{ steps.version.outputs.new_version }}
         release_name: Release v${{ steps.version.outputs.new_version }}

README.md

@@ -185,21 +185,18 @@ Releases are automated via GitHub Actions. Only the repository owner can create
 
 #### Prerequisites (one-time setup)
 
-1. **Create Fine-Grained Personal Access Token**:
-   - Go to GitHub.com → Settings → Developer settings → Personal access tokens → Fine-grained tokens
-   - Click "Generate new token"
-   - Set Resource owner to your account
-   - Set Repository access to "Selected repositories" and choose this repo
-   - Set expiration (recommend 1 year)
-   - **Required permissions**:
-     - Contents: Read and write
-     - Metadata: Read
-     - Pull requests: Read
-     - Actions: Read
+1. **Create Deploy Key with Write Access**:
+   - Generate SSH key pair: `ssh-keygen -t ed25519 -f release_key -N ""`
+   - Go to repository → Settings → Deploy keys
+   - Click "Add deploy key"
+   - Title: "Release Automation"
+   - Key: Contents of `release_key.pub`
+   - ✅ Check "Allow write access"
+   - Configure to bypass repository rules (Settings → Rules)
 
 2. **Add Repository Secrets**:
    - Go to repository → Settings → Secrets and variables → Actions
-   - Add `ADMIN_TOKEN` with your personal access token
+   - Add `DEPLOY_KEY` with contents of private key file (`release_key`)
    - Add `NPM_TOKEN` with your npm automation token
 
 #### Creating a Release