diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 316b40c04..e32fd6d1a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,21 +18,13 @@ permissions:
   contents: write
 
 jobs:
-  # this job is just here as a fail-safe to make sure that the invoking user has the necessary permissions
-  # before we start the release process. This way we hopefully don't have to clean up incomplete release processes.
-  permission-check:
-    runs-on: ubuntu-latest
-    environment: deploy-release
-    steps:
-      - run: echo "ok"
-
   release:
-    needs: permission-check
+    environment: deploy-release
     runs-on: ubuntu-latest
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     steps:
       - uses: actions/checkout@v3
+        with:
+          token: ${{ secrets.GH_PUSH_TOKEN }}  # this token works to push to the protected main branch.
       - uses: actions/setup-node@v3
         with:
           node-version-file: .github/node-version.txt
@@ -40,3 +32,5 @@ jobs:
         with:
           python-version-file: .github/python-version.txt
       - run: ./release/release.py ${{ inputs.version }} ${{ inputs.skip-branch-status-check }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # this token works with the GraphQL API
diff --git a/release/release.py b/release/release.py
index a26daebdb..6f3b597c8 100755
--- a/release/release.py
+++ b/release/release.py
@@ -98,8 +98,11 @@ if __name__ == "__main__":
                     "--title", f"mitmproxy {version}",
                     "--notes-file", "release/github-release-notes.txt"], cwd=root, check=True)
 
-    print("➡️ Dispatching release workflow...")
-    subprocess.run(["gh", "workflow", "run", "main.yml", "--ref", version], cwd=root, check=True)
+    # We currently have to use a personal access token, which auto-triggers CI.
+    # The default GITHUB_TOKEN cannot push to protected branches,
+    # see https://github.com/community/community/discussions/13836.
+    # print("➡️ Dispatching release workflow...")
+    # subprocess.run(["gh", "workflow", "run", "main.yml", "--ref", version], cwd=root, check=True)
 
     print("")
     print("✅ CI is running now. Make sure to approve the deploy step: https://github.com/mitmproxy/mitmproxy/actions")