Skip to content

ci: replace PAT with GitHub App token in compile-agentic-workflows#6

Open
a6i-palo wants to merge 1 commit intomainfrom
feat/github-app-auth-compile-workflow
Open

ci: replace PAT with GitHub App token in compile-agentic-workflows#6
a6i-palo wants to merge 1 commit intomainfrom
feat/github-app-auth-compile-workflow

Conversation

@a6i-palo
Copy link
Copy Markdown
Collaborator

@a6i-palo a6i-palo commented Apr 10, 2026

  • Add actions/create-github-app-token@v1.12.0 step to generate a short-lived installation token from GH_APP_ID + GH_APP_PRIVATE_KEY
  • Replace all secrets.GH_PAT references with steps.app-token.outputs.token (checkout, gh-aw install, compile step, git remote set-url, gh pr create)
  • Tighten built-in GITHUB_TOKEN permissions to contents: read since all write operations now go through the GitHub App installation token

@a6i-palo
ci: replace PAT with GitHub App token in compile-agentic-workflows
de5dd43 
- Add actions/create-github-app-token@v1.12.0 step to generate a
  short-lived installation token from GH_APP_ID + GH_APP_PRIVATE_KEY
- Replace all secrets.GH_PAT references with steps.app-token.outputs.token
  (checkout, gh-aw install, compile step, git remote set-url, gh pr create)
- Tighten built-in GITHUB_TOKEN permissions to contents: read since all
  write operations now go through the GitHub App installation token
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@a6i-palo