ci(auto-tag): push version bump to main as the release-bot App (2c)#552
Merged
Conversation
Switches the "Commit version bump to main" push from GITHUB_TOKEN
(github-actions[bot], which the main ruleset rejects with GH013) to a token
minted for the org-owned `dataviking-release-bot` App, which is an Integration
bypass actor on the main ruleset (dataviking-infra synthpanel.tf). This is the
durable fix ("2c") for the release-pipeline GH013 failures and removes the need
to manually pre-bump the version in every release PR.
Only the bump push uses the app token; the tag push intentionally stays on
GITHUB_TOKEN so it does not trigger publish.yml (publish is invoked by the
explicit workflow_dispatch step), avoiding a double publish.
semver:skip — CI plumbing only, no package change to release.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
claude-dataviking
requested review from
openclaw-dv and
the-data-viking
as code owners
Deploying synthpanel with
|
| Latest commit: |
617f278
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://ed320306.synthpanel.pages.dev |
| Branch Preview URL: | https://fix-auto-tag-app-token-push.synthpanel.pages.dev |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Companion to dataviking-infra #64. Completes "2c": the release pipeline now pushes the version-bump commit to
mainas thedataviking-release-botApp (an Integration bypass actor on the main ruleset) instead ofgithub-actions[bot]/GITHUB_TOKEN, which the ruleset rejects withGH013.What changed
actions/create-github-app-token(pinned@bcd2ba4v3.2.0) from theRELEASE_BOT_APP_ID/RELEASE_BOT_PRIVATE_KEYsecrets (already set on this repo).GITHUB_TOKENso it doesn't triggerpublish.yml(publish stays driven by the explicitworkflow_dispatch), avoiding a double publish.Labeled
semver:skipCI plumbing only — no package change, so no release. (Also sidesteps the chicken-and-egg: a
pull_request-triggered workflow runs the base branch's copy, so the new logic only takes effect for the next PR after this lands.)Merge order
semver:patchPR will exercise 2c end-to-end (auto-bump pushed by the App, no pre-bump).🤖 Generated with Claude Code