fix: use bot user ID for proper avatar attribution in commits

[paulbalaji]

Summary

• Fixes hyper-gonk[bot] commits showing default robot avatar instead of the GitHub App's custom logo
• Updates all workflows that use the Hyper Gonk bot to fetch the bot user ID via API before configuring git

Problem

GitHub requires the bot user ID (not app ID) in the commit email to properly display the GitHub App's avatar.

Before: {APP_ID}+{app-slug}[bot]@users.noreply.github.com
After: {BOT_USER_ID}+{app-slug}[bot]@users.noreply.github.com

Test plan

• Merge this PR and verify the next automated commit from hyper-gonk[bot] shows the correct avatar

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated GitHub Actions workflows to improve automated git configuration handling across multiple build pipelines.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[changeset-bot]

⚠️ No Changeset found

Latest commit: defb5f8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

📝 Walkthrough

Walkthrough

Three GitHub workflows are updated to retrieve the GitHub App bot user ID via API call instead of pulling it from secrets, then use this ID when configuring git credentials. The same pattern is applied consistently across combine.yml, release.yml, and update-hyperlane-deps.yml.

Changes

Cohort / File(s)	Summary
GitHub Workflow Updates .github/workflows/combine.yml, .github/workflows/release.yml, .github/workflows/update-hyperlane-deps.yml	Added new step "Get GitHub App User ID" that calls GitHub API to fetch bot user ID and exposes it as user-id output. Updated "Configure Git for Hyper Gonk" step to use retrieved user-id instead of HYPER_GONK_APP_ID secret for git user email configuration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

• All three files follow the identical refactoring pattern, reducing cognitive load
• Changes are straightforward: API call addition and string substitution in git config
• Low logic density with no complex branching or state management

Possibly related PRs

• fix: use Hyper Gonk identity for git commits #1258: Modifies the same "Configure Git" steps in workflows to update Hyper Gonk's git identity configuration, directly addressing the same git email setup patterns.

Poem

Like an ogion's got layers, so too this commit—
Fetch the user ID straight from the GitHub pit.
No more secrets in plain sight, friend,
Just API calls and git config to mend. 🧅

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main fix: using bot user ID instead of app ID for proper GitHub App avatar display in commits.
Description check	✅ Passed	The PR description covers the essential sections with clear problem explanation and test plan, though it lacks explicit backward compatibility confirmation as per template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/gonk-bot-avatar

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/combine.yml (1)

33-42: Cross-workflow suggestion: add error handling to the API calls.

Now that you've got three workflows using the same pattern, consider adding error handling to catch API failures early. Here's a refactor you could apply to all three:

-      - name: Get GitHub App User ID
-        id: get-user-id
-        run: echo "user-id=$(gh api /users/${{ steps.generate-token.outputs.app-slug }}[bot] --jq .id)" >> "$GITHUB_OUTPUT"
+      - name: Get GitHub App User ID
+        id: get-user-id
+        run: |
+          set -o pipefail
+          USER_ID=$(gh api /users/${{ steps.generate-token.outputs.app-slug }}[bot] --jq .id)
+          if [ -z "$USER_ID" ]; then
+            echo "Error: Failed to retrieve GitHub App user ID" >&2
+            exit 1
+          fi
+          echo "user-id=$USER_ID" >> "$GITHUB_OUTPUT"

This would catch and fail fast if something goes wrong instead of silently continuing with an empty email.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2a4d0a7 and defb5f8.

📒 Files selected for processing (3)

• .github/workflows/combine.yml (1 hunks)
• .github/workflows/release.yml (1 hunks)
• .github/workflows/update-hyperlane-deps.yml (1 hunks)

🔇 Additional comments (3)

.github/workflows/release.yml (1)

39-48: Solid approach to fetching the bot user ID from the API.

The implementation correctly retrieves the bot user ID via the GitHub API and uses it to construct the git email. The token handling and output variable setup look good.

One thing worth considering: there's no error handling if the gh api call fails. If it silently fails (maybe network hiccup or permission issue), the user-id output would be empty, and line 48 would end up with a malformed email like +hyper-gonk[bot]@users.noreply.github.com. Not a deal-breaker, but you might want to add set -o pipefail or explicit error handling to catch that case early.

.github/workflows/update-hyperlane-deps.yml (1)

30-39: Clean and consistent with the other workflows.

This follows the exact same pattern as the release workflow, which is nice for maintainability. The step placement—after checkout but before any git operations—makes sense. Same caveat as the other files: consider adding error handling in case the API call doesn't return what we expect.

.github/workflows/combine.yml (1)

33-42: Consistently applied across all three workflows.

Good to see the same pattern implemented here. The git config gets set up before the combine-data and commit-changes steps, which is what you need. Like the others, this would benefit from error handling on that API call, but the implementation itself is spot-on.