Use GitHub App token when checking out main in release workflow

[juliusmarminge]

Summary

• Mint a release GitHub App token in the publish_release job before checking out main.
• Pass the minted app token to actions/checkout to ensure main checkout uses release app credentials.
• Regenerate apps/web/public/mockServiceWorker.js with MSW package version bump from 2.12.9 to 2.12.10.

Testing

• Not run (workflow/config-only change).
• Verified workflow wiring: actions/create-github-app-token@v2 output token is used by actions/checkout@v6 in publish_release.
• Verified no additional runtime code changes beyond the generated MSW version update.

---

Note

Medium Risk
Workflow changes affect release automation by altering checkout credentials and the identity used to push to main; misconfiguration could cause releases to fail or push under the wrong actor. Runtime application behavior is otherwise unchanged aside from a regenerated MSW worker version string.

Overview
Release workflow now uses a GitHub App token in the finalize job. It mints an app token via actions/create-github-app-token@v2, uses it for actions/checkout of main (persisting credentials), and configures git author info to the App bot before committing/pushing the post-release version bump.

Regenerates apps/web/public/mockServiceWorker.js, bumping the embedded MSW PACKAGE_VERSION from 2.12.9 to 2.12.10.

^{Written by Cursor Bugbot for commit 1d9bcf6. This will update automatically on new commits. Configure here.}

Note

Use GitHub App token for checkout and commits in release workflow

• The finalize job in release.yml now mints a GitHub App token via actions/create-github-app-token@v2 and uses it for the main branch checkout.
• Resolves the bot identity via the GitHub API and uses the app bot name/email for git commits instead of the default github-actions[bot] identity.
• Behavioral Change: commits made by the release workflow will now be authored under the GitHub App bot identity rather than github-actions[bot].

^{Macroscope summarized 1d9bcf6.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: a4cde4a6-d624-4458-b5a6-0faaf8965015

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch t3code/release-workflow-branch-checks

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}