Skip to content

ci: use new gh app for pr bypass when publishing#2412

Merged
jakehobbs merged 1 commit intomainfrom
jake/use-default-token-for-publishing
Mar 23, 2026
Merged

ci: use new gh app for pr bypass when publishing#2412
jakehobbs merged 1 commit intomainfrom
jake/use-default-token-for-publishing

Conversation

@jakehobbs
Copy link
Collaborator

@jakehobbs jakehobbs commented Mar 20, 2026
edited
Loading

PR-Codex overview

This PR updates the .github/workflows/publish-package.yml workflow to generate a GitHub app token dynamically instead of using a static personal access token. This enhances security by leveraging GitHub's app authentication.

Detailed summary

  • Added a step to generate an app token using actions/create-github-app-token@v1.
  • Set the app-id and private-key using secrets.
  • Replaced the static token with the generated token from the app token step in the checkout process.

✨ Ask PR-Codex anything about this PR by commenting with /codex {your question}

@jakehobbs @claude
ci: use new gh app for pr bypass when publishing
1413800 
Co-Authored-By: Claude <noreply@anthropic.com>
@jakehobbs jakehobbs marked this pull request as ready for review March 23, 2026 18:52
Copilot AI review requested due to automatic review settings March 23, 2026 18:52
Copilot AI reviewed Mar 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the package publishing workflow to use a dynamically generated GitHub App installation token instead of a long-lived personal access token, improving credential security for repository writes during publish.

Changes:

  • Added a step to generate a GitHub App token via actions/create-github-app-token@v1.
  • Switched actions/checkout authentication to use the generated app token output.

@jakehobbs jakehobbs merged commit a79fbfe into main Mar 23, 2026
14 checks passed
@jakehobbs jakehobbs deleted the jake/use-default-token-for-publishing branch March 23, 2026 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@0xfourzerofour 0xfourzerofour 0xfourzerofour approved these changes

@dancoombs dancoombs Awaiting requested review from dancoombs dancoombs is a code owner

@niveda-krish niveda-krish Awaiting requested review from niveda-krish niveda-krish is a code owner

@pavelm pavelm Awaiting requested review from pavelm pavelm is a code owner

@florrdv florrdv Awaiting requested review from florrdv florrdv is a code owner

@Richard-Dang Richard-Dang Awaiting requested review from Richard-Dang Richard-Dang is a code owner

@clinder777 clinder777 Awaiting requested review from clinder777 clinder777 is a code owner

@avarobinson avarobinson Awaiting requested review from avarobinson avarobinson is a code owner

@blakecduncan blakecduncan Awaiting requested review from blakecduncan blakecduncan is a code owner

@thebrianchen thebrianchen Awaiting requested review from thebrianchen thebrianchen is a code owner

@SahilAujla SahilAujla Awaiting requested review from SahilAujla SahilAujla is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jakehobbs @0xfourzerofour