ci(update-copilot-skills): use App token so update PRs trigger CI#10
Merged
Conversation
Bump the reusable update-copilot-skills caller to v3.3.0 and set use-app-token: true (passing the org APP_PRIVATE_KEY secret). A PR opened with the default GITHUB_TOKEN does not trigger this repo's on: pull_request CI, so the daily skills-update PR landed permanently blocked on missing required checks; an App-minted token fires CI normally.
There was a problem hiding this comment.
Pull request overview
Updates the scheduled “Update Copilot Skills” workflow to create its update PR using a GitHub App token (via the reusable workflow), ensuring the resulting PR triggers this repository’s CI and required checks.
Changes:
- Bump
devantler-tech/reusable-workflowsupdate-copilot-skillsreusable workflow fromv3.2.0tov3.3.0. - Enable
use-app-token: trueand passAPP_PRIVATE_KEYto allow the reusable workflow to mint and use an App token for PR creation.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This was referenced May 27, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The daily
🔄 Update Copilot Skillsworkflow opens its update PR with the defaultGITHUB_TOKEN. GitHub deliberately does not fireon: pull_request/pushworkflows for events created withGITHUB_TOKEN, so the skills-update PR never gets its🧪 CIrun, its requiredCI - Required Checksnever reports, and it lands permanently blocked. (plugins #9 had to be closed+reopened by hand to merge.)Fix
Bump the reusable
update-copilot-skillscallerv3.2.0→v3.3.0and opt into the newuse-app-token: trueinput (added in reusable-workflows #240), passing the org-levelAPP_PRIVATE_KEYsecret. The reusable workflow then mints a scoped GitHub App token (paired withvars.APP_ID) and creates the PR with it, so the PR triggers CI normally.APP_ID(variable) andAPP_PRIVATE_KEY(secret) are org-level withvisibility: all, so no repo-level config is needed. The v3.3.0 App token is scoped to least privilege (contents: write+pull-requests: write) and is not persisted in git config.Validated with
actionlint. This is the durable fix for the recurring skills-sync CI block.