Skip to content

ci(release): use GitHub App for signed release-please commits#109

Merged
FSM1 merged 1 commit into
mainfrom
fix/release-please-github-app
Feb 11, 2026
Merged

ci(release): use GitHub App for signed release-please commits#109
FSM1 merged 1 commit into
mainfrom
fix/release-please-github-app

Conversation

@FSM1

@FSM1 FSM1 commented Feb 11, 2026

Copy link
Copy Markdown
Owner

Summary

  • Replace PAT with GitHub App token for release-please workflow
  • Commits created by the app are automatically marked "verified" by GitHub
  • Fixes release-please PR merge failures due to unsigned commit branch protection

Test plan

  • Merge this PR, then close the existing release-please PR (chore: release 0.7.3 #108)
  • Next push to main triggers release-please with the app token
  • New release PR has verified/signed commits
  • CI triggers automatically on the release PR

🤖 Generated with Claude Code

Summary by CodeRabbit

  • Chores
    • Updated release automation workflow to use a dynamically generated authentication token, replacing the previous static token-based approach for improved security and reliability of automated releases.

Replace PAT with GitHub App token so release-please commits are
automatically marked as verified by GitHub, satisfying the signed
commits branch protection rule.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented Feb 11, 2026

Copy link
Copy Markdown

Walkthrough

This change modifies the GitHub Actions release-please workflow to replace secret-based token authentication with a dynamically generated GitHub App token. A new step using actions/create-github-app-token@v1 is added to generate the app token, and the release-please action is updated to use this generated token instead of the static secret.

Changes

Cohort / File(s) Summary
GitHub Actions Workflow
.github/workflows/release-please.yml
Added step to generate GitHub App token via actions/create-github-app-token@v1 and updated release-please action to use the dynamically generated token instead of secrets.RELEASE_PLEASE_TOKEN.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly and specifically describes the main change: switching from PAT authentication to GitHub App token for signed commits in the release-please CI workflow.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/release-please-github-app

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@FSM1 FSM1 merged commit 219ca0e into main Feb 11, 2026
12 checks passed
@FSM1 FSM1 deleted the fix/release-please-github-app branch February 11, 2026 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant