From 9887707b069eef483350abedb20c70045b07757f Mon Sep 17 00:00:00 2001 From: robcohen Date: Wed, 28 Jan 2026 15:10:52 -0600 Subject: [PATCH] fix: use bot app token in update-flake-sources workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PRs created with GITHUB_TOKEN don't trigger CI workflows, which blocked auto-merge on the required "build" status check. Use the org-wide rustledger bot app token instead. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .github/workflows/update-flake-sources.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/update-flake-sources.yml b/.github/workflows/update-flake-sources.yml index 15e1d7ae8..6f07e223a 100644 --- a/.github/workflows/update-flake-sources.yml +++ b/.github/workflows/update-flake-sources.yml @@ -18,7 +18,16 @@ jobs: update-sources: runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.BOT_APP_ID }} + private-key: ${{ secrets.BOT_PRIVATE_KEY }} + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + token: ${{ steps.app-token.outputs.token }} - name: Install Nix uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 @@ -93,9 +102,12 @@ jobs: echo "Updated desktop-sources.json:" cat desktop-sources.json + # Use app token so the PR triggers CI workflows automatically + # (GITHUB_TOKEN can't trigger other workflows) - name: Create Pull Request uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: + token: ${{ steps.app-token.outputs.token }} base: main commit-message: "chore: update desktop sources for ${{ steps.version.outputs.tag }}" title: "chore: update desktop sources for ${{ steps.version.outputs.tag }}"