Skip to content

Create Changesets PR with GitHub App#215

Merged
yamcodes merged 3 commits intomainfrom
open-changesets-pr-with-github-app
Oct 12, 2025
Merged

Create Changesets PR with GitHub App#215
yamcodes merged 3 commits intomainfrom
open-changesets-pr-with-github-app

Conversation

@yamcodes
Copy link
Owner

@yamcodes yamcodes commented Oct 12, 2025

  • Added a step to generate a GitHub App token for improved authentication.
  • Updated the GITHUB_TOKEN environment variable to use the generated token, enhancing security and access control during the release process.
  • Create Changesets PR with GitHub App instead of GitHub Actions, to allow workflows to run on this PR, like pkg.pr.new. See: https://github.com/orgs/community/discussions/65321#discussioncomment-8003574

Summary by CodeRabbit

  • Chores
    • Updated the release workflow to generate and use an app-based token for publishing.
    • Replaced the previous token source with the newly generated token during the publish step.
    • Streamlined token handling in the CI to reduce release failures.
    • No user-facing features or behavior changes.

- Added a step to generate a GitHub App token for improved authentication.
- Updated the GITHUB_TOKEN environment variable to use the generated token, enhancing security and access control during the release process.
@changeset-bot
Copy link

changeset-bot bot commented Oct 12, 2025

⚠️ No Changeset found

Latest commit: 870fbe2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@vercel
Copy link

vercel bot commented Oct 12, 2025

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
arkenv Ready Ready Preview Comment Oct 12, 2025 5:29pm

@yamcodes yamcodes added the infra Infrastructure related issue or pull request label Oct 12, 2025
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Oct 12, 2025

Walkthrough

A new step in the release GitHub Actions workflow generates a GitHub App token via actions/create-github-app-token@v2 and the release step now uses that generated token instead of the built-in GITHUB_TOKEN. No other workflow behavior changes.

Changes

Cohort / File(s) Summary
CI/CD Release Workflow
.github/workflows/release.yml
Add step "Generate GitHub App Token" (uses actions/create-github-app-token@v2 with app-id and private-key); modify release/publish step to use steps.generate-token.outputs.token instead of secrets.GITHUB_TOKEN.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Dev as Developer
    participant Runner as GitHub Actions Runner
    participant App as GitHub App
    participant Publish as Release/Publish Step

    Dev->>Runner: Trigger release workflow
    Runner->>App: Request app token (actions/create-github-app-token@v2)
    Note over Runner,App: New token generation step
    App-->>Runner: returns token
    Runner->>Publish: Run release using generated token
    Publish-->>Runner: Publish release
Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

I twitch my whiskers—tokens anew,
A tiny hop, a coded cue.
I fetch the key, then skip and run,
Watch the release gleam in sun.
Carrots for commits, a joyful thrum. 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title succinctly and accurately describes the primary change, which is switching the creation of the Changesets PR to use a GitHub App, and it is concise, clear, and specific enough to convey the main update.
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch open-changesets-pr-with-github-app

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8f52839 and 870fbe2.

📒 Files selected for processing (1)
  • .github/workflows/release.yml (1 hunks)
🔇 Additional comments (1)
.github/workflows/release.yml (1)

33-38: Token step wired correctly

The step now conforms to action syntax and cleanly exposes the generated app token for downstream use. Looks good.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bfe08f6 and 8f52839.

📒 Files selected for processing (1)
  • .github/workflows/release.yml (1 hunks)
🧰 Additional context used
🪛 actionlint (1.7.7)
.github/workflows/release.yml

38-38: step must run script with "run" section or run action with "uses" section

(syntax-check)

yamcodes and others added 2 commits October 12, 2025 22:28
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
@yamcodes yamcodes merged commit a25d071 into main Oct 12, 2025
15 checks passed
@yamcodes yamcodes deleted the open-changesets-pr-with-github-app branch October 12, 2025 17:31
@coderabbitai coderabbitai bot mentioned this pull request Oct 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

infra Infrastructure related issue or pull request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant