fix: use Hyper Gonk identity for git commits

[paulbalaji]

Summary

The previous fix (PR #1256) used Hyper Gonk token for authentication but still used github-actions[bot] for git commit identity. This caused commits to still show as github-actions bot.

Changes

update-hyperlane-deps.yml

Uses the app-slug output from create-github-app-token to configure git identity.

release.yml

• Added setupGitUser: false to the changesets action
• Added explicit git config step to use Hyper Gonk identity

combine.yml

Added git config step before commit-changes action calls.

commit-changes action

Removed hardcoded github-actions[bot] git config. The calling workflow is now responsible for configuring git identity.

The git identity format:

• user.name: \${{ steps.generate-token.outputs.app-slug }}[bot]
• user.email: \${{ secrets.HYPER_GONK_APP_ID }}+\${{ steps.generate-token.outputs.app-slug }}[bot]@users.noreply.github.com

Related

• Original PR: fix: use Hyper Gonk GitHub App for CI permissions #1256
• Monorepo PR: fix: use Hyper Gonk identity for git commits in release workflows hyperlane-monorepo#7482 (same fix)

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • CI/CD workflows updated to set commit author dynamically, improving automated commit attribution and bot identification.
  • Workflows now generate and use an app token for actions that perform commits, and require external git identity setup where applicable.
  • Release and combine pipelines include an explicit Git configuration step to ensure consistent author/email for automated changes.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: e1bd70c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

Workflows and an internal action were changed so Git author identity is no longer hardcoded: workflows generate and set git user.name and user.email from the GitHub App token app-slug and HYPER_GONK_APP_ID, while the commit-changes action no longer configures global git identity.

Changes

Cohort / File(s)	Summary
Workflows: dynamic Git config added \.github/workflows/update-hyperlane-deps\.yml, \.github/workflows/combine\.yml, \.github/workflows/release\.yml	Replaced hardcoded Git author values with values derived from steps.generate-token.outputs.app-slug and the HYPER_GONK_APP_ID secret; in release.yml also set setupGitUser: false for the changesets invocation.
Workflows: token generation & token usage \.github/workflows/check-warp-deploy\.yaml	Added a step to create a GitHub App token (actions/create-github-app-token@v2) and replaced uses of secrets.GITHUB_TOKEN with the generated token output.
Action: commit-changes behavior changed \.github/actions/commit-changes/action\.yml	Removed internal global git config user.name/user.email setup; updated action description to require callers to configure git identity before invoking the action.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

• Verify steps.generate-token.outputs.app-slug exists and is produced before the new configure step in each workflow.
• Confirm HYPER_GONK_APP_ID secret is present and the composed email format meets any action/CI expectations.
• Check setupGitUser: false in release.yml doesn't break changesets or downstream steps that expect an author to be set.
• Ensure all invocations of the commit-changes action (including reusable workflows) now set git identity in every code path.

Poem

Ah, the CI bog got spruced up neat,
Tokens sing and authors meet.
No more hardcoded, stiff and grim—
App-slug crowns the commit hymn.
Ogres nod: tidy, sly, and sweet. 🐸✨

Pre-merge checks and finishing touches

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description covers the problem, detailed changes to each file, the git identity format, and related PRs, but is missing the required Backward compatibility and Testing sections from the template.	Add the Backward compatibility and Testing sections from the template to complete the pull request description.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: configuring git commits to use the Hyper Gonk identity instead of the default github-actions[bot].
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch pb/fix-gonk-git-identity

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f561b6e and e1bd70c.

📒 Files selected for processing (1)

• .github/workflows/check-warp-deploy.yaml (1 hunks)

🔇 Additional comments (3)

.github/workflows/check-warp-deploy.yaml (3)

12-18: Token generation step looks well-formed.

The new GitHub App token generation step is properly structured—it's fetchin' the credentials from the right secrets and outputtin' to generate-token for later use. Follows the same pattern from the earlier fix.

---

33-33: Token reference updated correctly.

The GITHUB_TOKEN env var now points to the dynamically generated token. Clean swap, and it means the action's workin' with the Hyper Gonk credentials rather than the default GitHub Actions token.

---

12-33: Verify if git identity configuration is needed.

I notice this workflow generates and uses the new Hyper Gonk token, but—unlike the other workflows mentioned in the PR (release.yml, combine.yml)—there's no explicit git config step to set user.name and user.email.

If ./scripts/check-warp-deploy.sh performs git commits, ye'll want to add a git identity configuration step like the others. If it's just checkin' (not committin'), then we're good as is. Could ye confirm whether this script touches git history?

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}