[TT-17030] Fix git auth: use x-access-token prefix for GitHub App tokens

[buger]

Summary

• Replace url."https://${TOKEN}@github.com".insteadOf with url."https://x-access-token:${TOKEN}@github.com/".insteadOf in release.yml (1 occurrence)
• The bare token format doesn't work when actions/checkout has configured a credential helper; the x-access-token: prefix and trailing slashes fix this

Test plan

• Verify release workflow can pull private Go modules

🤖 Generated with Claude Code

[probelabs]

This pull request addresses a Git authentication issue within the release.yml GitHub Actions workflow. It modifies the git config command to ensure compatibility with GitHub App tokens when a credential helper is configured by the actions/checkout action.

Files Changed Analysis

• .github/workflows/release.yml: A single-line modification was made to this file. The git config command for URL substitution was updated.

Architecture & Impact Assessment

• What this PR accomplishes: It fixes the release workflow's ability to pull private Go modules from GitHub. The previous authentication method using a bare token is incompatible with Git credential helpers, which this PR resolves.

• Key technical changes: The git config command is updated to prepend x-access-token: to the GitHub App token and adds trailing slashes to the URLs. This aligns with the required format for authenticating with GitHub Apps via HTTPS.

• Affected system components: The impact is strictly limited to the CI/CD pipeline, specifically the release workflow. There are no changes to the application's source code or its runtime behavior.

• Workflow Visualization:

  graph TD
      A[Release Workflow Triggered] --> B[Generate GitHub App Token];
      B --> C[Configure Git with Token];
      C --> D[Run GoReleaser];
      D --> E[Publish Release];
  
      subgraph C [Configure Git with Token]
          direction LR
          C1("Old: https://<TOKEN>@...") --> C2{Fails with Credential Helper};
          C3("New: https://x-access-token:<TOKEN>@...") --> C4{Succeeds};
      end
  
  

  Loading

### Scope Discovery & Context Expansion
The change is highly localized to the repository's release automation. Its purpose is to ensure the build process can reliably access private dependencies hosted on GitHub. A search for similar `git config` patterns in other workflow files confirms this is the only instance, limiting the scope of this change to the release workflow.


<details>
  <summary>Metadata</summary>

  - Review Effort: 1 / 5
  - Primary Label: bug


</details>
<!-- visor:section-end id="overview" -->

<!-- visor:thread-end key="TykTechnologies/tyk-pump#988@707c3ef" -->

---

*Powered by [Visor](https://probelabs.com/visor) from [Probelabs](https://probelabs.com)*

*Last updated: 2026-04-23T09:54:22.179Z | Triggered by: pr_opened | Commit: 707c3ef*

💡 **TIP:** You can chat with Visor using `/visor ask <your question>`
<!-- /visor-comment-id:visor-thread-overview-TykTechnologies/tyk-pump#988 -->

[probelabs]

✅ Security Check Passed

No security issues found – changes LGTM.

✅ Architecture Check Passed

No architecture issues found – changes LGTM.

✅ Performance Check Passed

No performance issues found – changes LGTM.

---

Powered by Visor from Probelabs

Last updated: 2026-04-23T09:54:15.059Z | Triggered by: pr_opened | Commit: 707c3ef

💡 TIP: You can chat with Visor using /visor ask <your question>

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud