Skip to content

fix(ci): create skills-sync PR with an App token so required CI runs#1597

Merged
devantler merged 1 commit into
mainfrom
claude/ci-skills-sync-app-token
May 27, 2026
Merged

fix(ci): create skills-sync PR with an App token so required CI runs#1597
devantler merged 1 commit into
mainfrom
claude/ci-skills-sync-app-token

Conversation

@devantler
Copy link
Copy Markdown
Contributor

@devantler devantler commented May 27, 2026

🤖 Generated by the Daily AI Assistant

Problem

The daily Update Copilot Skills workflow (update-skills.yaml) opens its
PR with the default GITHUB_TOKEN. A PR created with GITHUB_TOKEN does not
trigger the caller's on: pull_request / push CI, so the required status
checks never report — the PR (currently #1590)
lands permanently BLOCKED on missing required checks and the skills never
actually sync. It shows only CodeQL / Analyze (actions) succeeding (those run
regardless), with the required CI absent.

Fix

Adopt the reusable workflow's use-app-token: true input with the org
APP_PRIVATE_KEY secret (paired with the existing APP_ID repo variable). The
App-token PR triggers CI normally, so required checks report and the PR can merge.

This mirrors the identical fix already shipped and merged for the plugins repo
(plugins#10) — platform was the
remaining un-migrated caller of the same reusable workflow. The pinned SHA
e173ff69 is already v4.0.1, which supports use-app-token (added in v3.3.0),
so no pin bump is needed. Platform already uses secrets.APP_PRIVATE_KEY in
sync-cluster-policies.yaml, so the credentials are available.

Also corrected the stale/misleading pin comment (# v1.39.0+ (post skills-lock refactor)# v4.0.1) to match the actual pinned SHA and the convention used by
the other reusable-workflow callers in this repo (e.g. release.yaml).

Validation

actionlint .github/workflows/update-skills.yaml → clean (exit 0). Additive and
backward-compatible; affects only how the scheduled skills-sync PR is created.
The change can't be exercised by this PR's own CI (the workflow is
schedule/dispatch-only) — the next scheduled run (or a workflow_dispatch) will
confirm the resulting PR triggers required CI.

@devantler @claude
fix(ci): create skills-sync PR with an App token so required CI runs
30aa8c0 
The daily "Update Copilot Skills" workflow opens its PR with the default
GITHUB_TOKEN, so the caller's required on: pull_request checks never
trigger and the PR (e.g. #1590) lands permanently blocked on missing
required checks. Adopt the reusable workflow's use-app-token: true
(supported since v4.0.1, the SHA already pinned here) with the org
APP_PRIVATE_KEY secret, mirroring the fix already shipped for the plugins
repo. Also correct the stale pin comment (the SHA resolves to v4.0.1,
not v1.39.0+).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings May 27, 2026 11:17
@devantler devantler added automation github_actions Pull requests that update GitHub Actions code labels May 27, 2026
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes the “Update Copilot Skills” scheduled workflow so that the auto-created PR is opened using a GitHub App token (instead of GITHUB_TOKEN), ensuring the repository’s required CI workflows are triggered and required checks can report successfully.

Changes:

  • Enable use-app-token: true when calling the update-copilot-skills reusable workflow.
  • Pass APP_PRIVATE_KEY into the reusable workflow to support GitHub App authentication.
  • Update the pinned reusable-workflow SHA comment to match the repo’s existing # v4.0.1 convention.

@devantler devantler marked this pull request as ready for review May 27, 2026 11:49
@devantler devantler added this pull request to the merge queue May 27, 2026
Merged via the queue into main with commit 8df9449 May 27, 2026
10 checks passed
@devantler devantler deleted the claude/ci-skills-sync-app-token branch May 27, 2026 14:15
@github-project-automation github-project-automation Bot moved this from 🫴 Ready to ✅ Done in 🌊 Project Board May 27, 2026
@botantler
Copy link
Copy Markdown
Contributor

botantler Bot commented May 27, 2026

🎉 This PR is included in version 1.2.3 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@botantler botantler Bot added the released label May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

automation github_actions Pull requests that update GitHub Actions code released

Projects

🌊 Project Board
Status: ✅ Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@devantler