Problem

CI run fails with "Duplicate header: Authorization" (HTTP 400):

remote: Duplicate header: "Authorization"
fatal: unable to access 'https://github.com/structured-world/gitlab-mcp/': The requested URL returned error: 400

This was caused by #298 which added an extra Authorization header, but actions/checkout already sets one via http.extraheader.

Root Cause

Three authorization methods conflict:

1. actions/checkout with token sets http.extraheader
2. Step from fix(ci): configure git credentials for semantic-release tag upload #298 adds ANOTHER http.extraheader
3. semantic-release embeds token in URL (x-access-token:[email protected])

Solution

1. Remove the "Configure git credentials" step from fix(ci): configure git credentials for semantic-release tag upload #298
2. Add persist-credentials: false to checkout
3. Let semantic-release manage auth via GITHUB_TOKEN env var

References

• Failed run: https://github.com/structured-world/gitlab-mcp/actions/runs/21698052138
• Caused by: fix(ci): configure git credentials for semantic-release tag upload #298