diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml
index 7692be0..ba0554b 100644
--- a/.github/workflows/semantic-release.yml
+++ b/.github/workflows/semantic-release.yml
@@ -5,7 +5,7 @@ on:
     secrets:
       GH_TOKEN:
         description: 'PAT with repo access, required to trigger workflows on tag push'
-        required: true
+        required: false
 
 jobs:
   release:
@@ -17,14 +17,26 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2
         with:
           fetch-depth: 0
-          token: ${{ secrets.GH_TOKEN }}
+          token: ${{ secrets.GH_TOKEN || github.token }}
 
       - name: Setup semantic-release
         uses: https://gitea.ldpt.fr/actions/semantic-release/setup-semrel@main
         with:
           node-version: "24"
 
-      - name: Run semantic-release
+      - name: Configure git remote with PAT
+        if: ${{ secrets.GH_TOKEN != '' }}
+        shell: bash
         env:
           GH_TOKEN: ${{ secrets.GH_TOKEN }}
+        run: |
+          set -euo pipefail
+          REMOTE_URL=$(git remote get-url origin)
+          # Inject PAT so tag pushes come from the PAT user, not the Actions runner token
+          NEW_URL=$(echo "$REMOTE_URL" | sed "s|https://|https://oauth2:${GH_TOKEN}@|")
+          git remote set-url origin "$NEW_URL"
+
+      - name: Run semantic-release
+        env:
+          GITEA_TOKEN: ${{ secrets.GH_TOKEN || github.token }}
         run: semantic-release
\ No newline at end of file