chore(deps): update actions/create-github-app-token action to v3.1.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending
actions/create-github-app-token	action	minor	v3.0.0 → v3.1.0	v3.1.1

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v3.1.0

Compare Source

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#​357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#​353) (e6bd4e6)
• update permission inputs (#​358) (076e948)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Change: v3.0.0 → v3.1.0 (minor version update)

Key Changes:

1. New client-id Input Added (app-id Deprecated)

   • Introduces client-id as the recommended authentication parameter
   • The existing app-id input remains fully functional and backward compatible
   • No breaking changes; app-id continues to work as before
   • The action falls back to app-id when client-id is not provided

2. Updated Permission Inputs

   • Permission configuration inputs updated to reflect current GitHub API requirements (based on @octokit/openapi v21.0.0 → v22.0.0 upgrade)
   • Added new permission types for cache limits and billing-related API endpoints
   • Removed deprecated GitHub Projects Classic endpoints
   • Existing permission inputs (contents, pull-requests, issues) remain unchanged in format

3. Bug Fixes

   • Dependency update: p-retry upgraded from 7.1.1 to 8.0.0 for improved reliability

Security Considerations:

• No known security vulnerabilities in this release
• No security-related fixes mentioned in release notes
• The update maintains the same security model as v3.0.0

🎯 Impact Scope Investigation

Usage Location:

• Single usage found in .github/workflows/release-please.yml:28
• Current configuration uses:
  • app-id: ${{ vars.RELEASE_PLEASE_APP_ID }} (still supported)
  • private-key: ${{ secrets.RELEASE_PLEASE_APP_PRIVATE_KEY }}
  • permission-contents: write
  • permission-pull-requests: write
  • permission-issues: write

Compatibility Analysis:

• ✅ All current inputs (app-id, private-key, permission-*) remain fully functional
• ✅ No changes required to existing permission configurations
• ✅ The workflow will work identically with v3.1.0 as it did with v3.0.0
• ✅ No API signature changes that affect the current usage pattern

Dependency Impact:

• No impact on other GitHub Actions or dependencies in the repository
• This is an isolated action update with no cascading effects

💡 Recommended Actions

Immediate Action:

• ✅ Safe to merge immediately - No code changes required
• The PR can be merged as-is with full confidence

Future Consideration (Non-Urgent):

• While not required now, consider migrating from app-id to client-id in a future update to align with GitHub's recommended authentication standards
• The migration is simple: replace app-id with client-id in the workflow file
• No urgency since app-id remains supported with no announced deprecation deadline

Migration Example (Optional, for future reference):

# Current (still works):
with:
  app-id: ${{ vars.RELEASE_PLEASE_APP_ID }}

# Future recommended:
with:
  client-id: ${{ vars.RELEASE_PLEASE_APP_ID }}

🔗 Reference Links

• v3.1.0 Release Notes
• GitHub Actions Create GitHub App Token - Official Repository
• GitHub Marketplace - Create GitHub App Token

---

Conclusion: This is a standard minor version update with full backward compatibility. The update brings improved reliability through dependency updates and introduces a new recommended input parameter while maintaining full support for existing configurations. No breaking changes, no required migrations, and safe to merge immediately.

Generated by koki-develop/claude-renovate-review