From 89a360a0b1f2c7279bb8d57a561f3af566ce19a9 Mon Sep 17 00:00:00 2001 From: Anthony Volk Date: Thu, 26 Mar 2026 23:39:38 +0100 Subject: [PATCH] Migrate versioning workflow from PAT to GitHub App token Fixes #638. The versioning workflow used a PAT (POLICYENGINE_GITHUB) to push the "Update package version" commit, which broke when the token expired. Switch to a GitHub App token via actions/create-github-app-token@v1, matching the pattern used in policyengine-api-v2-alpha. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/versioning.yaml | 8 +++++++- changelog.d/fix-us-data-pypi.fixed.md | 1 + 2 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 changelog.d/fix-us-data-pypi.fixed.md diff --git a/.github/workflows/versioning.yaml b/.github/workflows/versioning.yaml index b6fae4c68..20b8e8d57 100644 --- a/.github/workflows/versioning.yaml +++ b/.github/workflows/versioning.yaml @@ -15,10 +15,16 @@ jobs: if: (github.event.head_commit.message != 'Update package version') runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@v1 + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} - name: Checkout repo uses: actions/checkout@v4 with: - token: ${{ secrets.POLICYENGINE_GITHUB }} + token: ${{ steps.app-token.outputs.token }} fetch-depth: 0 - name: Setup Python uses: actions/setup-python@v5 diff --git a/changelog.d/fix-us-data-pypi.fixed.md b/changelog.d/fix-us-data-pypi.fixed.md new file mode 100644 index 000000000..179735487 --- /dev/null +++ b/changelog.d/fix-us-data-pypi.fixed.md @@ -0,0 +1 @@ +Migrated versioning workflow from expired PAT to GitHub App token for reliable PyPI publishing.