From 56ffff401084dd620bd4b0df9af7ff2e951fc79e Mon Sep 17 00:00:00 2001
From: Josh Palmer <joshp123@users.noreply.github.com>
Date: Tue, 3 Feb 2026 01:32:30 +0100
Subject: [PATCH] chore: fix workflow token secret name

- use CLAWDINATOR_WORKFLOW_TOKEN instead of GITHUB_WORKFLOW_TOKEN
- update infra README
---
 .github/workflows/fleet-deploy.yml | 2 +-
 infra/opentofu/aws/README.md       | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/fleet-deploy.yml b/.github/workflows/fleet-deploy.yml
index 000f7e4..62ad595 100644
--- a/.github/workflows/fleet-deploy.yml
+++ b/.github/workflows/fleet-deploy.yml
@@ -29,7 +29,7 @@ jobs:
       TF_BACKEND_DYNAMO_TABLE: clawdinator-terraform-locks
       TF_VAR_control_api_enabled: true
       TF_VAR_control_api_token: ${{ secrets.CONTROL_API_TOKEN }}
-      TF_VAR_github_token: ${{ secrets.GITHUB_WORKFLOW_TOKEN }}
+      TF_VAR_github_token: ${{ secrets.CLAWDINATOR_WORKFLOW_TOKEN }}
     steps:
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/infra/opentofu/aws/README.md b/infra/opentofu/aws/README.md
index 8b1f9c5..ee4dcdf 100644
--- a/infra/opentofu/aws/README.md
+++ b/infra/opentofu/aws/README.md
@@ -63,7 +63,7 @@ export TF_VAR_github_token=...
   - `S3_BUCKET`
   - `CLAWDINATOR_SSH_PUBLIC_KEY`
   - `CONTROL_API_TOKEN`
-  - `GITHUB_WORKFLOW_TOKEN`
+  - `CLAWDINATOR_WORKFLOW_TOKEN`
 
 ## Runtime bootstrap
 - Instances get an IAM role with read access to `s3://${S3_BUCKET}/bootstrap/*` for secrets + repo seeds.