Push to PR trick: Consider switching from token-based commit to GitHub app/bot

Question

Push to PR trick: Consider switching from token-based commit to GitHub app/bot

Opened this issue 8 months ago · 0 comments

Consider switching the GitHub Actions: Push to Pull Request and Re-Run Workflows trick (which uses an annoying personal token-based commit workflow)

One option is to use a hosted service:

autofix.ci
- https://autofix.ci/
- TanStack/query#7755

Taking autofix.ci as an example, there are some downsides:

Because the GitHub app/bot is closed source and cannot be self-hosted, this would however have the downsides of:

need to trust security of external service + closed source code which could change at any time without any notification or warning
need to trust reliability and long-term existence of external service

So the best would be to create a new super simple self-hosted GitHub app / bot replacement.

(or if GitHub were to add a less finicky workflow for writing GitHub Actions that commit and push to a PR - eg. without personal access tokens - would also adopt that)