fix(build): use GitHub App token for release-please#166
Merged
WilliamBerryiii merged 1 commit intomainfrom Jan 13, 2026
Merged
Conversation
- Add explicit token input using GITHUB_TOKEN secret - Add issues: write permission for release-to-issue linking Fixes #165 🔧 - Generated by Copilot
Contributor
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.Scanned FilesNone |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR fixes a bug in the release-please GitHub Actions workflow that was failing due to a missing required token parameter. The workflow has restrictive top-level permissions (contents: read), which prevents automatic token inheritance even with elevated job-level permissions.
Changes:
- Added explicit
token: ${{ secrets.GITHUB_TOKEN }}input to the release-please action step - Added
issues: writepermission to enable release-to-issue linking functionality
agreaves-ms
approved these changes
Jan 13, 2026
This was referenced Jan 13, 2026
WilliamBerryiii
pushed a commit
that referenced
this pull request
Jan 19, 2026
🤖 I have created a release *beep* *boop* --- ## [1.1.0](hve-core-v1.0.0...hve-core-v1.1.0) (2026-01-19) ### ✨ Features * **.devcontainer:** add development container configuration ([#24](#24)) ([45debf5](45debf5)) * **.github:** add github metadata and mcp configuration ([#23](#23)) ([1cb898d](1cb898d)) * **agent:** Add automated installation via hve-core-installer agent ([#82](#82)) ([a2716d5](a2716d5)) * **agents:** add brd-builder.agent.md for building BRDs ([#122](#122)) ([bfdc9f3](bfdc9f3)) * **agents:** redesign installer with Codespaces support and method documentation ([#123](#123)) ([6329fc0](6329fc0)) * **ai:** Establish AI-Assisted Development Framework ([#48](#48)) ([f5199a4](f5199a4)) * **build:** implement automated release management with release-please ([#86](#86)) ([90150e2](90150e2)) * **chatmodes:** add architecture diagram builder agent ([#145](#145)) ([db24637](db24637)) * **config:** add development tools configuration files ([#19](#19)) ([9f97522](9f97522)) * **config:** add npm package configuration and dependencies ([#20](#20)) ([fcba198](fcba198)) * **copilot:** add GitHub Copilot instruction files ([#22](#22)) ([4927284](4927284)) * **copilot:** add specialized chat modes for development workflows ([#21](#21)) ([ae8495f](ae8495f)) * **docs:** add comprehensive AI artifact contribution documentation ([#76](#76)) ([d81cf96](d81cf96)) * **docs:** add getting started guide for project configuration ([#57](#57)) ([3b864fa](3b864fa)) * **docs:** add repository foundation and documentation files ([#18](#18)) ([ad7efb6](ad7efb6)), closes [#2](#2) * **docs:** add RPI workflow documentation and restructure docs folder ([#102](#102)) ([c3af708](c3af708)) * **extension:** hve core vs code extension ([#149](#149)) ([041a1fd](041a1fd)) * **extension:** implement pre-release versioning with agent maturity filtering ([#179](#179)) ([fb38233](fb38233)) * **instructions:** add authoring standards for prompt engineering artifacts ([#177](#177)) ([5de3af9](5de3af9)) * **instructions:** add extension quick install and enhance installer agent ([#176](#176)) ([48e3d58](48e3d58)) * **instructions:** add VS Code variant prompt and gitignore recommendation to installer ([#185](#185)) ([b400493](b400493)) * **instructions:** add writing style guide for markdown content ([#151](#151)) ([02df6a8](02df6a8)) * **instructions:** consolidate C# guidelines and update prompt agent fields ([#158](#158)) ([65342d4](65342d4)) * **instructions:** provide guidance on using safe commands to reduce interactive prompting ([#117](#117)) ([1268580](1268580)) * **linting:** add linting and validation scripts ([#26](#26)) ([66be136](66be136)) * **prompt-builder:** enhance prompt engineering instructions and validation protocols ([#155](#155)) ([bc5004f](bc5004f)) * **prompts:** add ADR placement planning and update template paths ([#69](#69)) ([380885f](380885f)) * **prompts:** add git workflow prompts from edge-ai ([#84](#84)) ([56d66b6](56d66b6)) * **prompts:** add github-add-issue prompt and github-issue-manager chatmode with delegation pattern ([#55](#55)) ([d0e1789](d0e1789)) * **prompts:** add PR template discovery and integration to pull-request prompt ([#141](#141)) ([b8a4c7a](b8a4c7a)) * **prompts:** add task research initiation prompt and rpi agent([#124](#124)) ([5113e3b](5113e3b)) * **release:** implement release management strategy ([#161](#161)) ([6164c3b](6164c3b)) * Risk Register Prompt ([#146](#146)) ([843982c](843982c)) * **scripts:** enhanced JSON Schema validation for markdown frontmatter ([#59](#59)) ([aba152c](aba152c)) * **security:** add checksum validation infrastructure ([#106](#106)) ([07528fb](07528fb)) * **security:** add security scanning scripts ([#25](#25)) ([82de5a1](82de5a1)) * **workflows:** add CodeQL security analysis to PR validation ([#132](#132)) ([e5b6e8f](e5b6e8f)) * **workflows:** add orchestration workflows and documentation ([#29](#29)) ([de442e0](de442e0)) * **workflows:** add security reusable workflows ([#28](#28)) ([2c74399](2c74399)) * **workflows:** add validation reusable workflows ([#27](#27)) ([f52352d](f52352d)) ### 🐛 Bug Fixes * **build:** add token parameter to release-please action ([#166](#166)) ([c9189ec](c9189ec)) * **build:** disable MD012 lint rule in CHANGELOG for release-please compatibility ([#173](#173)) ([54502d8](54502d8)), closes [#172](#172) * **build:** pin npm commands for OpenSSF Scorecard compliance ([#181](#181)) ([c29db54](c29db54)) * **build:** remediate GHSA-g9mf-h72j-4rw9 undici vulnerability ([#188](#188)) ([634bf36](634bf36)) * **build:** seed CHANGELOG.md with version entry for release-please frontmatter preservation ([#170](#170)) ([2b299ac](2b299ac)) * **build:** use GitHub App token for release-please ([#167](#167)) ([070e042](070e042)) * **build:** use hashtable splatting for named parameters ([#164](#164)) ([02a965f](02a965f)) * **devcontainer:** remove unused Python requirements check ([#78](#78)) ([f17a872](f17a872)), closes [#77](#77) * **docs:** fix broken links and update validation for .vscode/README.md ([#118](#118)) ([160ae7a](160ae7a)) * **docs:** improve language consistency in Automated Installation section ([#139](#139)) ([a932918](a932918)) * **docs:** replace install button anchor with VS Code protocol handler ([#111](#111)) ([41a265e](41a265e)) * **docs:** update install badges to use aka.ms redirect URLs ([#114](#114)) ([868f655](868f655)) * **linting:** use cross-platform path separators in gitignore pattern matching ([#121](#121)) ([3f0aa1b](3f0aa1b)) * **scripts:** accepts the token (YYYY-MM-dd) in frontmatter validation ([#133](#133)) ([2648215](2648215)) * **tools:** correct Method 5 path resolution in hve-core-installer ([#129](#129)) ([57ef20d](57ef20d)) ### 📚 Documentation * add comprehensive RPI workflow documentation ([#153](#153)) ([cbaa4a9](cbaa4a9)) * enhance README with contributing, responsible AI, and legal sections ([#52](#52)) ([a424adc](a424adc)) ### ♻️ Refactoring * **instructions:** consolidate and enhance AI artifact guidelines ([#206](#206)) ([54dd959](54dd959)) * migrate chatmodes to agents architecture ([#210](#210)) ([712b0b7](712b0b7)) ### 🔧 Maintenance * **build:** clean up workflow permissions for Scorecard compliance ([#183](#183)) ([64686e7](64686e7)) * **deps-dev:** bump cspell in the npm-dependencies group ([#61](#61)) ([38650eb](38650eb)) * **deps-dev:** bump glob from 10.4.5 to 10.5.0 ([#74](#74)) ([b3ca9fd](b3ca9fd)) * **deps-dev:** bump markdownlint-cli2 from 0.19.1 to 0.20.0 in the npm-dependencies group ([#134](#134)) ([ebfbe84](ebfbe84)) * **deps-dev:** bump the npm-dependencies group across 1 directory with 2 updates ([#109](#109)) ([936ab84](936ab84)) * **deps-dev:** bump the npm-dependencies group with 2 updates ([#30](#30)) ([cf99cbf](cf99cbf)) * **deps:** bump actions/upload-artifact from 5.0.0 to 6.0.0 in the github-actions group ([#142](#142)) ([91eac8a](91eac8a)) * **deps:** bump js-yaml, markdown-link-check and markdownlint-cli2 ([#75](#75)) ([af03d0e](af03d0e)) * **deps:** bump the github-actions group with 2 updates ([#108](#108)) ([3e56313](3e56313)) * **deps:** bump the github-actions group with 2 updates ([#135](#135)) ([4538a03](4538a03)) * **deps:** bump the github-actions group with 2 updates ([#62](#62)) ([d1e0c09](d1e0c09)) * **deps:** bump the github-actions group with 3 updates ([#87](#87)) ([ed550f4](ed550f4)) * **deps:** bump the github-actions group with 6 updates ([#162](#162)) ([ec5bb12](ec5bb12)) * **devcontainer:** enhance gitleaks installation with checksum verification ([#100](#100)) ([5a8507d](5a8507d)) * **devcontainer:** refactor setup scripts for improved dependency management ([#94](#94)) ([f5f50d1](f5f50d1)), closes [#98](#98) * **security:** configure GitHub branch protection for OpenSSF compliance ([#191](#191)) ([90aab1a](90aab1a)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: hve-core-release-please[bot] <254602402+hve-core-release-please[bot]@users.noreply.github.com>
This was referenced Jan 28, 2026
This was referenced Feb 6, 2026
This was referenced Feb 13, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
fix(build): use GitHub App token for release-please
Description
Replace
GITHUB_TOKENwith a GitHub App installation token for the release-please workflow to bypass the organization-level restriction that preventsGITHUB_TOKENfrom creating pull requests. The organization policy "Allow GitHub Actions to create and approve pull requests" is disabled at the enterprise level and cannot be changed at the repository level.actions/create-github-app-token@v2step to generate installation token from GitHub Apptoken: ${{ secrets.GITHUB_TOKEN }}withtoken: ${{ steps.app-token.outputs.token }}contents: write, pull-requests: write, issues: writetocontents: readsince the app token provides necessary write accessRelated Issue(s)
Fixes #165
Type of Change
Select all that apply:
Code & Documentation:
Infrastructure & Configuration:
AI Artifacts:
prompt-builderchatmode and addressed all feedback.github/instructions/*.instructions.md).github/prompts/*.prompt.md).github/chatmodes/*.chatmode.md)Other:
.ps1,.sh,.py)Testing
RELEASE_APP_IDvariable andRELEASE_APP_PRIVATE_KEYsecret to be configuredChecklist
Required Checks
Required Automated Checks
The following validation commands must pass before merging:
npm run lint:mdnpm run spell-checknpm run lint:frontmatternpm run lint:md-linksnpm run lint:psSecurity Considerations
Additional Notes
Prerequisites before merging:
RELEASE_APP_IDas a repository variable with value2646666RELEASE_APP_PRIVATE_KEYas a repository secret with the PEM file contentsWhy this approach:
GITHUB_TOKENby GitHub's permission systemGITHUB_TOKENfrom creating PRs🤖 - Generated by Copilot