From 382baacd37e28ff6c9f7cf42f47b50ff65cf64c7 Mon Sep 17 00:00:00 2001 From: Doug Richar Date: Sat, 17 Jan 2026 15:59:58 -0500 Subject: [PATCH] chore(ci): use TxnLab Release Bot for release workflow Replace default GitHub Actions token with TxnLab Release Bot GitHub App for generating tokens. This enables the bot to bypass branch protection rules when creating release commits and tags. Changes: - Add token generation step using actions/create-github-app-token@v2 - Pass generated token to checkout action - Use generated token as GITHUB_TOKEN for semantic-release - Update git author/committer to TxnLab Release Bot identity --- .github/workflows/release.yml | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 186f74d..abeac34 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,11 +17,19 @@ jobs: runs-on: ubuntu-latest steps: + - name: Generate release token + id: generate_token + uses: actions/create-github-app-token@v2 + with: + app-id: ${{ vars.RELEASE_BOT_APP_ID }} + private-key: ${{ secrets.RELEASE_BOT_PRIVATE_KEY }} + - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v4 with: fetch-depth: 0 persist-credentials: false + token: ${{ steps.generate_token.outputs.token }} - name: Setup pnpm uses: pnpm/action-setup@v4 @@ -47,9 +55,9 @@ jobs: - name: Release env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GIT_AUTHOR_NAME: github-actions[bot] - GIT_AUTHOR_EMAIL: github-actions[bot]@users.noreply.github.com - GIT_COMMITTER_NAME: github-actions[bot] - GIT_COMMITTER_EMAIL: github-actions[bot]@users.noreply.github.com + GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }} + GIT_AUTHOR_NAME: TxnLab Release Bot[bot] + GIT_AUTHOR_EMAIL: txnlab-release-bot[bot]@users.noreply.github.com + GIT_COMMITTER_NAME: TxnLab Release Bot[bot] + GIT_COMMITTER_EMAIL: txnlab-release-bot[bot]@users.noreply.github.com run: npx semantic-release