Conversation
Tags pushed by the default GITHUB_TOKEN do not trigger downstream workflows (GitHub's recursive-workflow protection). When v0.7.0 was cut, release-please pushed v0.7.0 with GITHUB_TOKEN — release.yml did not fire and the GH Release shipped with 0 assets until a manual `git push origin --delete v0.7.0 && git push origin v0.7.0` workaround. Replaces the implicit GITHUB_TOKEN with a 1h-TTL installation token minted by actions/create-github-app-token@v1 for the new `beeping-io-release-please` GitHub App. Tag pushes now use the app identity (not GITHUB_TOKEN), so release.yml fires automatically on every release-please merge. * `.github/workflows/release-please.yml` — adds the `app-token` step before release-please-action; passes the minted token via the `token:` input. * `docs/setup/releases.md` (new) — full setup procedure (replicable to beeping-android, beeping-ios, beepbox, etc. when their pipelines arrive) + troubleshooting playbook (manual tag re-push recovery, 401/Bad credentials, manifest drift). The two repo secrets `RELEASE_PLEASE_APP_ID` and `RELEASE_PLEASE_APP_PRIVATE_KEY` are configured on `beeping-io/beeping-core`. The app is installed on this repo with contents/issues/pull-requests write permissions. Validation deferred to the next real release after this lands — release-please.yml runs without auth errors will confirm the token, and the next vX.Y.Z merge will confirm the tag-push trigger fires release.yml automatically. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Single-commit follow-up: brings BEE-2224 (release-please uses GitHub
App token) from develop onto main so the next release-please run picks
up the new auth.
After this merges, release-please.yml fires on main push and runs the
action with the app-token. Either:
cleanly, finds nothing to release, exits silently. This validates
the auth setup.
identity (will be visible as
beeping-io-release-please[bot]on thePR).
The end-to-end trigger validation (tag push fires release.yml
automatically) only happens on the next real release after this lands.
What's in this PR
One commit:
f30b688(squash from PR #31).Merge style
Merge commit (non-squash) — same pattern as #26 and #29.
Test plan
errors in the
actions/create-github-app-token@v1stepwork lands