Skip to content

ci(auto-tag): push version bump to main as the release-bot App (2c)#552

Merged
the-data-viking merged 1 commit into
mainfrom
fix/auto-tag-app-token-push
Jun 5, 2026
Merged

ci(auto-tag): push version bump to main as the release-bot App (2c)#552
the-data-viking merged 1 commit into
mainfrom
fix/auto-tag-app-token-push

Conversation

@claude-dataviking

@claude-dataviking claude-dataviking commented Jun 5, 2026

Copy link
Copy Markdown
Contributor

Companion to dataviking-infra #64. Completes "2c": the release pipeline now pushes the version-bump commit to main as the dataviking-release-bot App (an Integration bypass actor on the main ruleset) instead of github-actions[bot]/GITHUB_TOKEN, which the ruleset rejects with GH013.

What changed

  • New step mints a token via actions/create-github-app-token (pinned @bcd2ba4 v3.2.0) from the RELEASE_BOT_APP_ID / RELEASE_BOT_PRIVATE_KEY secrets (already set on this repo).
  • The bump push uses that app token. Only the bump push — the tag push deliberately stays on GITHUB_TOKEN so it doesn't trigger publish.yml (publish stays driven by the explicit workflow_dispatch), avoiding a double publish.
  • Removes the need to manually pre-bump every release PR (the no-op escape-hatch branch still works if a PR is pre-bumped, but it's no longer required).

Labeled semver:skip

CI plumbing only — no package change, so no release. (Also sidesteps the chicken-and-egg: a pull_request-triggered workflow runs the base branch's copy, so the new logic only takes effect for the next PR after this lands.)

Merge order

  1. Apply dataviking-infra feat: add temperature, top_p, and prompt template controls (sp-tune) #64 (makes the App a bypass actor).
  2. Merge this PR.
  3. The next normal semver:patch PR will exercise 2c end-to-end (auto-bump pushed by the App, no pre-bump).

🤖 Generated with Claude Code

@the-data-viking @claude
ci(auto-tag): push the version bump to main as the release-bot App
617f278 
Switches the "Commit version bump to main" push from GITHUB_TOKEN
(github-actions[bot], which the main ruleset rejects with GH013) to a token
minted for the org-owned `dataviking-release-bot` App, which is an Integration
bypass actor on the main ruleset (dataviking-infra synthpanel.tf). This is the
durable fix ("2c") for the release-pipeline GH013 failures and removes the need
to manually pre-bump the version in every release PR.

Only the bump push uses the app token; the tag push intentionally stays on
GITHUB_TOKEN so it does not trigger publish.yml (publish is invoked by the
explicit workflow_dispatch step), avoiding a double publish.

semver:skip — CI plumbing only, no package change to release.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@claude-dataviking claude-dataviking added the semver:skip Skip version bump on merge label Jun 5, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jun 5, 2026

Copy link
Copy Markdown

Deploying synthpanel with  Cloudflare Pages  Cloudflare Pages

Latest commit: 617f278
Status: ✅  Deploy successful!
Preview URL: https://ed320306.synthpanel.pages.dev
Branch Preview URL: https://fix-auto-tag-app-token-push.synthpanel.pages.dev

View logs

@the-data-viking the-data-viking merged commit 4ec5573 into main Jun 5, 2026
19 checks passed
@the-data-viking the-data-viking deleted the fix/auto-tag-app-token-push branch June 5, 2026 19:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@the-data-viking the-data-viking Awaiting requested review from the-data-viking the-data-viking is a code owner

@openclaw-dv openclaw-dv Awaiting requested review from openclaw-dv openclaw-dv is a code owner

Assignees

No one assigned

Labels

semver:skip Skip version bump on merge

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@claude-dataviking @the-data-viking