To perform a push to a GitHub repository, you must be authenticated. It's important to note that GitHub does not verify if the authenticated user's email address matches the one in the commit. To clearly identify the author of a commit for reviewers, commit signing is recommended. GitHub actions such as semantic-release-action do not automatically sign commits and may encounter issues as a result. To address this, you can refer to a working configuration example in the workflow folder of DSOMM, which demonstrates how to use semantic release action in conjunction with planetscale/ghcommit-action. For added security, consider using Fine-grained personal access tokens provided by your organization for a specific repository. Store the Personal Access Token (PAT) as a secret in your project.