Refactor release workflow to use GITHUB_TOKEN and track release status#5
Refactor release workflow to use GITHUB_TOKEN and track release status#5
Conversation
The release workflow failed with "[@octokit/auth-app] appId option is required" because AUTOMATION_GITHUB_APP_ID/PRIVATE_KEY secrets were not configured. The release job only needs contents:write on the current repo, which the built-in GITHUB_TOKEN already provides. GitHub App auth is only needed for the update-homebrew job (cross-repo access). Also adds: - released output to track whether a new release was actually created - Conditional execution of upload and homebrew steps when no release - Git user config for github-actions[bot] https://claude.ai/code/session_01M87EMaBqu28SAXpir3WLUV
|
🤖 Pseudo Review — Jack Oat Overall AssessmentVerdict: APPROVE with minor notes This is a solid, well-scoped fix. The root cause is clear (GitHub App secrets not configured), the solution correctly identifies what actually needs the App token (cross-repo homebrew access) vs. what does not (same-repo release commit). The release detection logic is a genuine improvement over the previous all-or-nothing approach. No blocking issues. File:
|
| Severity | Count | Items |
|---|---|---|
| Critical | 0 | — |
| Major | 0 | — |
| Minor | 1 | Hard-coded bot identity without explanatory comment |
| Nit | 1 | No-release path could surface to Actions summary |
The change is correct, the scope is appropriate, and the release detection logic is an improvement over the previous approach. The minor note about the hard-coded user ID is cosmetic — the values are correct today.
Co-Authored-By: Jack Oat <jack-nsheaps[bot]@users.noreply.github.com>
Summary
This PR refactors the GitHub Actions release workflow to simplify authentication and add proper release status tracking. The workflow now uses the default
GITHUB_TOKENinstead of a custom GitHub App, and introduces areleasedoutput to conditionally run dependent jobs.Key Changes
GITHUB_TOKENsecret, eliminating the need for thegithub-app-authactionrelease-itreleasedoutput to the release job to indicate whether a release was createdupdate-homebrewandUpload release assets) to only run whenreleased == 'true', preventing unnecessary executions when no release is createdImplementation Details
release-itcommandreleasedis set totrueand outputs are populatedreleasedis set tofalseand a message is loggedif: needs.release.outputs.released == 'true') to skip unnecessary workhttps://claude.ai/code/session_01M87EMaBqu28SAXpir3WLUV