ci(release): authenticate semantic-release via Flanksource GitHub App#326
Conversation
The Create Release workflow failed at job setup with "Repository access blocked" and the default GITHUB_TOKEN cannot push release tags / create releases under current org policy, so no semver tag was being cut on push to master. Mint a GitHub App installation token (actions/create-github-app-token) from the Flanksource App credentials (FLANKSOURCE_APP_ID / FLANKSOURCE_APP_SECRET) and use it for both the checkout and the semantic-release step.
|
Warning Review limit reached
Next review available in: 50 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Gavel summary
Totals: 424 passed · 0 failed · 3 skipped · 16.1s |
What
Current, mergeable version of the release-auth fix — supersedes the stale #323
(which predates the
fix(security)commit now on master).commons' Create Release workflow runs
semantic-releaseon push tomaster, butthe default
GITHUB_TOKENis blocked by org policy from pushing tags / creatingreleases. So no semver tag has been cut since
v1.53.1, even though afeat:and two
fix:es have since landed on master (51910b8,516bc6d,a599996).This mints a Flanksource GitHub App installation token and hands it to
checkoutsemantic-release, matching the pattern already used in sibling repos'(clicky-ui, mission-control-oipa) release workflows.
On merge, the workflow re-runs on master with working auth and cuts the pending
release (≈
v1.54.0, driven by thefeat:), which downstream consumers pinning apseudo-version (e.g.
mission-control-oipaat…-516bc6d) can then move to a tag.Cherry-pick of
33419da(#323) onto currentmaster.