Summary
Currently, when the Changesets release workflow creates "Version Packages" PRs, CI doesn't automatically trigger because the default GITHUB_TOKEN doesn't trigger workflows on bot-created PRs. This requires manual intervention (close/reopen) to run CI before merging.
Problem
- Version PRs created by
github-actions[bot] don't trigger CI workflows
- Requires manual action to trigger CI on every version PR
- Not sustainable for automated releases
Proposed Solution
Use a Personal Access Token (PAT) or GitHub App token instead of the default GITHUB_TOKEN when creating version PRs. PRs created with a PAT do trigger CI workflows.
Benefits
- Fully automated releases with no manual intervention
- CI protection on all PRs including version bumps
- Sustainable workflow for the long term
Implementation Overview
- Create a fine-grained PAT with
contents: write and pull-requests: write permissions
- Add it as a repository secret (e.g.,
CHANGESETS_TOKEN)
- Update
.github/workflows/release.yml to use the PAT:
env:
GITHUB_TOKEN: ${{ secrets.CHANGESETS_TOKEN }}
Alternative: GitHub App
For better security, consider using a GitHub App that generates short-lived tokens instead of a long-lived PAT.
Tasks
Summary
Currently, when the Changesets release workflow creates "Version Packages" PRs, CI doesn't automatically trigger because the default
GITHUB_TOKENdoesn't trigger workflows on bot-created PRs. This requires manual intervention (close/reopen) to run CI before merging.Problem
github-actions[bot]don't trigger CI workflowsProposed Solution
Use a Personal Access Token (PAT) or GitHub App token instead of the default
GITHUB_TOKENwhen creating version PRs. PRs created with a PAT do trigger CI workflows.Benefits
Implementation Overview
contents: writeandpull-requests: writepermissionsCHANGESETS_TOKEN).github/workflows/release.ymlto use the PAT:Alternative: GitHub App
For better security, consider using a GitHub App that generates short-lived tokens instead of a long-lived PAT.
Tasks