refactor(security): move GIST_PAT from CLI args to environment variables

[GajendraSingh33]

This PR refactors how the GIST_PAT secret is handled across the automation scripts and GitHub Actions workflows to improve security. Previously, the token was passed as a command-line argument, which poses a risk of exposure in process listings and logs. This change moves the token passing mechanism to use Environment Variables, which is the recommended best practice for handling secrets in CI/CD pipelines.

Summary by CodeRabbit

• Chores
  • Updated CI/CD workflows to remove command-line argument passing for authentication credentials.
  • Modified internal scripts to retrieve authentication credentials from environment variables instead of accepting them as arguments.
  • Simplified authentication flow across contributor management processes in GitHub Actions workflows.
  • Updated error handling for missing authentication credentials.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR refactors credential handling in the contributor manager workflow automation. It removes explicit --gist-pat command-line arguments from three workflow files and updates the script to read GIST_PAT from environment variables by default, simplifying credential passing mechanisms.

Changes

Cohort / File(s)	Summary
Workflow Files - GIST_PAT Argument Removal .github/workflows/reusable-process-response.yml, .github/workflows/reusable-request-info.yml, .github/workflows/reusable-update-pr.yml	Removed --gist-pat "$GIST_PAT" arguments from multiple contributor_manager.py invocations across GitHub Actions workflow steps. Changes are consistent across all three workflow files.
Script - Environment-Based Credential Handling scripts/contributor_manager.py	Updated ContributorManager.__init__() to accept optional gist_pat parameter (defaults to None). Script now reads GIST_PAT from environment variables if not explicitly provided, with error handling for missing credentials.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• add resuable workflow #6: Directly related to the same contributor_manager workflow integration changes; this PR removes arguments introduced in that change.
• add scripts #4: Related as both PRs modify the ContributorManager constructor signature and CLI usage for credential handling.

Suggested reviewers

• Zahnentferner

Poem

🐰 A rabbit hops through workflow ways,
Gathering credentials from env each day,
No more arguments cluttering the call,
Environment variables handle it all!
Cleaner, simpler, hopping with grace. 🌿

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: moving GIST_PAT from CLI arguments to environment variables across multiple workflow files and the Python script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[GajendraSingh33]

How Has This Been Tested?

Local Verification:
Ran the script locally using export GIST_PAT="dummy_val" && python scripts/contributor_manager.py ... without the CLI flag.
Confirmed the script successfully initialized and attempted to use the env var (verified by checking for expected exit codes/logs).

Workflow Verification:
Reviewed YAML syntax to ensure correct environment variable injection in the run context.