hyperlane-xyz · paulbalaji · Nov 26, 2025 · Nov 26, 2025
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -55,14 +55,22 @@ jobs:
       - name: Install Dependencies
         run: yarn install --immutable
 
+      - name: Generate GitHub App Token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.HYPER_GONK_APP_ID }}
+          private-key: ${{ secrets.HYPER_GONK_PRIVATE_KEY }}
+
       - name: Create Release PR
         id: changesets
         uses: changesets/action@v1
         with:
           version: yarn version:prepare
+          title: 'chore: release npm packages'
         env:
           NPM_CONFIG_PROVENANCE: true
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   check-latest-published:

diff --git a/.github/workflows/rust-release.yml b/.github/workflows/rust-release.yml
@@ -170,9 +170,15 @@ jobs:
           cd ../sealevel
           cargo update --workspace --offline 2>/dev/null || cargo update --workspace
           echo "Updated rust/sealevel/Cargo.lock"
+      - name: Generate GitHub App Token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.HYPER_GONK_APP_ID }}
+          private-key: ${{ secrets.HYPER_GONK_PRIVATE_KEY }}
       - name: Create or update release PR
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }}
           NEW_VERSION: ${{ steps.next_version.outputs.new_version }}
           BUMP_TYPE: ${{ steps.next_version.outputs.bump_type }}
           CHANGELOG: ${{ steps.changelog.outputs.changelog }}