Skip to content

chore(deps): update actions/create-github-app-token action to v3.1.1#54

Merged
koki-develop merged 1 commit intomainfrom
renovate/actions-create-github-app-token-3.x
Apr 22, 2026
Merged

chore(deps): update actions/create-github-app-token action to v3.1.1#54
koki-develop merged 1 commit intomainfrom
renovate/actions-create-github-app-token-3.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Apr 22, 2026

This PR contains the following updates:

Package Type Update Change
actions/create-github-app-token action patch v3.1.0v3.1.1

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v3.1.1

Compare Source

Bug Fixes

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions
Copy link
Copy Markdown

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Version Change: v3.1.0 → v3.1.1 (patch release)

Changes Included:

  • Bug Fix: Improved error message when client-id input is empty or missing
    • Changed from generic "appId option is required" to more descriptive: "The 'client-id' input must be set to a non-empty string. If using a secret or variable, ensure it is available in this workflow context."
    • Resolves issues #362 and #249
  • Internal Maintenance: Removed deprecated publish-immutable-action workflow
  • Security Enhancement: Enabled repository-level immutable releases setting to prevent release tag tampering (addresses GHSA-mrrh-fwg8-r2c3 vulnerability class)

Breaking Changes: None

API Changes: None - all inputs and outputs remain unchanged

Security Fixes: Indirect security improvement through immutable releases feature, which prevents malicious actors from modifying release tags

🎯 Impact Scope Investigation

Usage Locations:

  • Single usage found in .github/workflows/release-please.yml:28
  • Action is used to create a GitHub App token for the Release Please workflow
  • Current usage provides all required inputs: client-id, private-key, and permission scopes

Inputs Used in Codebase:

client-id: ${{ vars.RELEASE_PLEASE_APP_ID }}
private-key: ${{ secrets.RELEASE_PLEASE_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
permission-issues: write

Impact Analysis:

  • ✅ All inputs used are valid and unchanged in v3.1.1
  • ✅ No API modifications affecting current usage
  • ✅ Error message improvement only affects failure scenarios (when client-id is missing)
  • ✅ No dependency chain impact - this is a GitHub Action (not a code dependency)
  • ✅ No configuration changes required

Other Dependencies: No impact on other packages or workflows

💡 Recommended Actions

Immediate Actions:

  • Safe to merge immediately - this is a backward-compatible patch release
  • No code changes required
  • No configuration updates needed
  • No migration steps necessary

Optional Actions:

  • Monitor workflow execution after merge to confirm expected behavior
  • The improved error message will provide better debugging if there are ever issues with the GitHub App credentials

Post-Merge Verification:

  • Verify the next Release Please workflow run completes successfully
  • No specific testing required - existing workflow should continue functioning identically

🔗 Reference Links

Generated by koki-develop/claude-renovate-review

@koki-develop koki-develop merged commit 26c15c1 into main Apr 22, 2026
8 checks passed
@koki-develop koki-develop deleted the renovate/actions-create-github-app-token-3.x branch April 22, 2026 11:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant