Skip to content

ci: allow Hypercerts Release Bot GitHub App to bypass branch protection #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aspiers merged 1 commit into from
Jan 6, 2026
Merged

ci: allow Hypercerts Release Bot GitHub App to bypass branch protection #67

aspiers merged 1 commit into from
Jan 6, 2026

Conversation

@aspiers
Copy link
Contributor

@aspiers aspiers commented Jan 6, 2026

The release workflow needs to be able to push commits and tags directly to the repo when making a beta release. The default github-actions[bot] identity can't be added to branch protection ruleset bypass lists, so a new Release Bot GitHub App has been created which should facilitate this bypass mechanism.

@aspiers
ci: allow Hypercerts Release Bot GitHub App to bypass branch protection
87edff0 
The release workflow needs to be able to push commits and tags
directly to the repo when making a beta release.  The default
github-actions[bot] identity can't be added to branch protection
ruleset bypass lists, so a new Release Bot GitHub App has been
created which should facilitate this bypass mechanism.
Copilot AI review requested due to automatic review settings January 6, 2026 17:44
@changeset-bot
Copy link

changeset-bot bot commented Jan 6, 2026

⚠️ No Changeset found

Latest commit: 87edff0

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Copilot AI reviewed Jan 6, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables the Hypercerts Release Bot GitHub App to bypass branch protection rules during the release workflow. The default github-actions[bot] identity cannot be added to branch protection ruleset bypass lists, so this change introduces a GitHub App with appropriate credentials to facilitate automated releases.

Key changes:

  • Add GitHub App token generation step using actions/create-github-app-token@v1 with secrets for app credentials
  • Update checkout action to use the generated app token for authenticated git operations
  • Enable credential persistence to allow subsequent git push operations to bypass branch protection

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/release.yml

- uses: actions/checkout@v6
with:
# Persist releasebot app credentials to ensure that the push
Copy link

Copilot AI Jan 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment refers to "releasebot" but the GitHub App is called "Release Bot" (with a space). Consider using consistent naming, such as "Release Bot app credentials" to match the app name used in the PR title and description.

Suggested change
# Persist releasebot app credentials to ensure that the push
# Persist Release Bot app credentials to ensure that the push

Copilot uses AI. Check for mistakes.
@aspiers aspiers merged commit a6b2ac2 into hypercerts-org:develop Jan 6, 2026
8 checks passed
@aspiers aspiers deleted the develop branch January 6, 2026 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aspiers