fix(ci): use GitHub App token for release-please PRs

[aRustyDev]

Summary

Fix release-please PRs having pending required checks that never start.

Problem

PRs created by GITHUB_TOKEN don't trigger other workflows - this is a GitHub security feature to prevent infinite loops. This causes release-please PRs to sit with "Expected" checks that never run.

Solution

Use a GitHub App token instead of GITHUB_TOKEN for release-please. PRs created by GitHub Apps DO trigger workflows.

Required Setup (before merging)

1. Install the GitHub App

Ensure x-repo-auth is installed on this repository.

2. Generate a Private Key

1. Go to https://github.com/settings/apps/x-repo-auth
2. Scroll to "Private keys" section
3. Click "Generate a private key"
4. Save the downloaded .pem file

3. Add Repository Secret

1. Go to https://github.com/aRustyDev/helm-charts/settings/secrets/actions
2. Click "New repository secret"
3. Name: X_REPO_AUTH_PRIVATE_KEY
4. Value: Paste the entire contents of the .pem file

4. Add Repository Variable

1. Go to https://github.com/aRustyDev/helm-charts/settings/variables/actions
2. Click "New repository variable"
3. Name: X_REPO_AUTH_APP_ID
4. Value: 2608951

After Merging

Future release-please PRs will be created by the GitHub App and will automatically trigger the lint-test workflow.

Test Plan

• Secrets and variables configured
• Merge this PR
• Verify next release-please PR triggers workflows automatically

Fixes #39

🤖 Generated with Claude Code

[cloudflare-workers-and-pages]

Deploying helm-charts with    Cloudflare Pages

Latest commit:	99d0b40
Status:	✅  Deploy successful!
Preview URL:	https://9b1662c5.helm-charts-76l.pages.dev
Branch Preview URL:	https://fix-release-please-app-token.helm-charts-76l.pages.dev

View logs