From d866d3a217e36e43e03e4e144cbc679551854824 Mon Sep 17 00:00:00 2001 From: Rafael Garcia Date: Mon, 9 Feb 2026 18:27:24 -0500 Subject: [PATCH] fix: use GitHub App token instead of deploy key - Add app token generation step using kernel-internal app - Replace SSH key checkout with token-based checkout - Update git identity to kernel-internal[bot] - Remove SSH URL setup (no longer needed with HTTPS token auth) Co-Authored-By: Claude Sonnet 4.5 --- .github/workflows/publish.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 6b52a24..17fab52 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -9,15 +9,22 @@ jobs: version-bump: runs-on: ubuntu-latest steps: + - name: Generate app token + id: app-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.ADMIN_APP_ID }} + private-key: ${{ secrets.ADMIN_APP_PRIVATE_KEY }} + - uses: actions/checkout@v4 with: fetch-depth: 0 # Required for version bumping - ssh-key: ${{ secrets.DEPLOY_KEY }} # Use deploy key to bypass branch protection - + token: ${{ steps.app-token.outputs.token }} # Use app token to bypass branch protection + - name: Setup Git run: | - git config --global user.name 'GitHub Actions' - git config --global user.email 'github-actions@github.com' + git config --global user.name 'kernel-internal[bot]' + git config --global user.email '260533166+kernel-internal[bot]@users.noreply.github.com' - name: Setup Node.js uses: actions/setup-node@v4 @@ -41,8 +48,6 @@ jobs: - name: Bump version and push run: | - # Use SSH URL for the repository - git remote set-url origin git@github.com:${GITHUB_REPOSITORY}.git # Bump version npm version patch -m "chore: bump version to %s [skip ci]" # Push directly to main