Create Changesets PR with GitHub App

[yamcodes]

• Added a step to generate a GitHub App token for improved authentication.
• Updated the GITHUB_TOKEN environment variable to use the generated token, enhancing security and access control during the release process.
• Create Changesets PR with GitHub App instead of GitHub Actions, to allow workflows to run on this PR, like pkg.pr.new. See: https://github.com/orgs/community/discussions/65321#discussioncomment-8003574

Summary by CodeRabbit

• Chores
  • Updated the release workflow to generate and use an app-based token for publishing.
  • Replaced the previous token source with the newly generated token during the publish step.
  • Streamlined token handling in the CI to reduce release failures.
  • No user-facing features or behavior changes.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 870fbe2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
arkenv	Ready	Preview	Comment	Oct 12, 2025 5:29pm

[coderabbitai]

Walkthrough

A new step in the release GitHub Actions workflow generates a GitHub App token via actions/create-github-app-token@v2 and the release step now uses that generated token instead of the built-in GITHUB_TOKEN. No other workflow behavior changes.

Changes

Cohort / File(s)	Summary
CI/CD Release Workflow .github/workflows/release.yml	Add step "Generate GitHub App Token" (uses actions/create-github-app-token@v2 with app-id and private-key); modify release/publish step to use steps.generate-token.outputs.token instead of secrets.GITHUB_TOKEN.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant Runner as GitHub Actions Runner
    participant App as GitHub App
    participant Publish as Release/Publish Step

    Dev->>Runner: Trigger release workflow
    Runner->>App: Request app token (actions/create-github-app-token@v2)
    Note over Runner,App: New token generation step
    App-->>Runner: returns token
    Runner->>Publish: Run release using generated token
    Publish-->>Runner: Publish release

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I twitch my whiskers—tokens anew,
A tiny hop, a coded cue.
I fetch the key, then skip and run,
Watch the release gleam in sun.
Carrots for commits, a joyful thrum. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title succinctly and accurately describes the primary change, which is switching the creation of the Changesets PR to use a GitHub App, and it is concise, clear, and specific enough to convey the main update.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch open-changesets-pr-with-github-app

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f52839 and 870fbe2.

📒 Files selected for processing (1)

• .github/workflows/release.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/release.yml (1)

33-38: Token step wired correctly

The step now conforms to action syntax and cleanly exposes the generated app token for downstream use. Looks good.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bfe08f6 and 8f52839.

📒 Files selected for processing (1)

• .github/workflows/release.yml (1 hunks)

🧰 Additional context used

🪛 actionlint (1.7.7)

.github/workflows/release.yml

38-38: step must run script with "run" section or run action with "uses" section

(syntax-check)