Conversation
The GitHub App credential secret is stored as `CODEGEN_APP_CLIENT_ID` in both Actions and Dependabot stores, but the workflows that landed in #130 referenced `CODEGEN_APP_ID` (the template's name). With the wrong name, `actions/create-github-app-token` gets an empty `app-id` and the merge-bot + codegen fail on first invocation. `actions/create-github-app-token` v1.12+ accepts either an App ID or a Client ID at the `app-id` input, so this is a pure secret-lookup fix.
Contributor
There was a problem hiding this comment.
Pull request overview
This PR hotfixes the repository’s CI/CD configuration by renaming the GitHub App credential secret reference from CODEGEN_APP_ID to CODEGEN_APP_CLIENT_ID, aligning the workflows and documentation with the actual secret name stored in the repo’s Actions + Dependabot secret stores. This ensures actions/create-github-app-token receives a non-empty app-id input so the merge-bot and codegen automation can mint installation tokens successfully.
Changes:
- Update reusable codegen workflow secret name and its usage (
CODEGEN_APP_ID→CODEGEN_APP_CLIENT_ID). - Update merge-bot workflow to use the corrected secret name in all token-minting steps.
- Update README secret setup documentation to reflect the corrected secret name and clarify Client ID usage.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| README.md | Updates repository setup documentation to reference CODEGEN_APP_CLIENT_ID and clarify what value it holds. |
| .github/workflows/run-codegen-pull-request-task.yml | Renames the reusable workflow’s required secret and uses it for create-github-app-token. |
| .github/workflows/merge-bot-pull-request.yml | Replaces all CODEGEN_APP_ID references with CODEGEN_APP_CLIENT_ID for App token generation. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hotfix release: rename
CODEGEN_APP_ID→CODEGEN_APP_CLIENT_IDin the merge-bot and codegen workflows to match the actual secret name stored in the repo's Actions + Dependabot stores. With the old name,actions/create-github-app-tokenwould get an emptyapp-idand the bot workflows would fail on first invocation.This is the second develop → main release under the new merge-commit model. Clean fast-forward — no conflicts.
Includes:
CODEGEN_APP_IDreferences toCODEGEN_APP_CLIENT_IDinmerge-bot-pull-request.yml,run-codegen-pull-request-task.yml, andREADME.md.Test plan