Skip to content

ci(release-please): pin reusable @1.0.0 and use secrets: inherit#60

Merged
kojiromike merged 1 commit into
mainfrom
kojiromike/release-please-secrets-inherit
May 20, 2026
Merged

ci(release-please): pin reusable @1.0.0 and use secrets: inherit#60
kojiromike merged 1 commit into
mainfrom
kojiromike/release-please-secrets-inherit

Conversation

@kojiromike
Copy link
Copy Markdown
Contributor

@kojiromike kojiromike commented May 20, 2026

Summary

  • Bump the release-please-reusable.yml pin to @1.0.0.
  • Replace the explicit app-client-id / app-private-key block (or add a missing secrets: block) with secrets: inherit.

Why

1.0.0 of github-workflows-public reads the App credentials from the org-level RELEASE_PLEASE_CLIENT_ID variable and RELEASE_PLEASE_PRIVATE_KEY secret automatically. With this change, release-please PRs are opened by the oce-release-please App identity, which triggers downstream pull_request workflows. PRs opened by the default GITHUB_TOKEN are suppressed by GitHub's anti-recursion rule, which is why release PRs on repos with required checks have been unmergeable.

Verified end-to-end against openCoreEMR/release-please-test before tagging 1.0.0 — see openCoreEMR/github-workflows-public#16 for the run.

Test plan

  • Merge
  • Wait for the next release-please run; confirm the resulting release PR is authored by oce-release-please[bot] (not github-actions[bot]) and that downstream checks run on it

@kojiromike
ci(release-please): pin reusable @1.0.0 and use secrets: inherit
ce2c1e1 
github-workflows-public 1.0.0 reads the App credentials from the org-level
RELEASE_PLEASE_CLIENT_ID variable and RELEASE_PLEASE_PRIVATE_KEY secret
automatically, so callers only need `secrets: inherit`. PRs opened by the
App identity trigger downstream pull_request workflows; PRs opened by the
default GITHUB_TOKEN do not (GitHub anti-recursion), which previously left
release PRs unmergeable on repos with required checks.

Assisted-by: Claude Code
msummers42
msummers42 approved these changes May 20, 2026
View reviewed changes
Copy link
Copy Markdown

@msummers42 msummers42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved automatically in bulk.

@kojiromike kojiromike merged commit 282da03 into main May 20, 2026
3 checks passed
@kojiromike kojiromike deleted the kojiromike/release-please-secrets-inherit branch May 20, 2026 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@msummers42 msummers42 msummers42 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kojiromike @msummers42