Use GitHub App Token to merge PRs

[5ouma]

⚠️ Issue

close #

✏️ Description

It's needed to run Actions after merging.

• I agree to follow the Code of Conduct.

[Copilot]

Pull Request Overview

This PR modifies the CI checker workflow to use a GitHub App token instead of the default GITHUB_TOKEN for merging pull requests. This change enables Actions to run after the merge operation, which the default token cannot trigger due to GitHub's security restrictions.

• Adds GitHub App token creation step with necessary permissions
• Updates the merge step to use the App token instead of GITHUB_TOKEN

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[coderabbitai]

Walkthrough

Adds a step in the CI workflow to generate a GitHub App token and switches the PR merge step to use this token instead of GITHUB_TOKEN. No other workflow changes.

Changes

Cohort / File(s)	Change summary
CI workflow update ./.github/workflows/ci-checker.yml	Added step using actions/create-github-app-token@a8d6161 to create an app token with contents and pull-requests write permissions; updated gh pr merge to use ${{ steps.app-token.outputs.token }} instead of secrets.GITHUB_TOKEN.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch ci-ci-checker-app-token

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/ci-checker.yml (1)

36-44: Make the inputs a bit more explicit (owner + vars).

• Prefer storing the numeric App ID in repository/org variables and reference it via vars.
• Explicitly setting owner reduces ambiguity if the App is installed in multiple owners.

Apply:

-          app-id: ${{ secrets.APP_ID }}
+          app-id: ${{ vars.APP_ID }}
           private-key: ${{ secrets.PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}

(github.com)

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0b07022 and d4ca1b1.

📒 Files selected for processing (1)

• .github/workflows/ci-checker.yml (1 hunks)

🔇 Additional comments (3)

.github/workflows/ci-checker.yml (3)

36-44: Good switch to an App token with least-privilege and a pinned action SHA.

• Using actions/create-github-app-token pinned to a commit is supply-chain safe.
• The permission-* inputs are valid and correctly scope the installation token to contents and PRs. (github.com)

---

36-44: Confirm App installation and granted permissions.

Ensure the GitHub App is installed on this repository and that its installation actually has contents: write and pull_requests: write; otherwise the step will error when requesting these permissions. (github.com)

---

48-48: Using the App token for GH CLI will allow post-merge workflows to run.

GITHUB_TOKEN-initiated events (e.g., push from a merge) don’t start new workflow runs, but actions performed with a GitHub App token do. This change achieves the goal of “run Actions after merging.” (docs.github.com)