fix: use personal token for auto-merge workflow

[HavenDV]

Summary by CodeRabbit

• Chores
  • Updated GitHub workflow authentication configuration to use an alternative secret method for automated processes.

[coderabbitai]

Walkthrough

A GitHub Actions workflow configuration was updated to replace GITHUB_TOKEN with GH_TOKEN using a PERSONAL_TOKEN secret across two workflow steps, along with an explanatory comment for downstream workflow usage.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow .github/workflows/auto-merge.yml	Replaced GITHUB_TOKEN references with GH_TOKEN in the "Approve a PR" and "Enable auto-merge" steps, now using PERSONAL_TOKEN secret. Added documentation comment for downstream workflow usage.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A token swap, so swift and clean,
From GH to Personal, a secret scene,
Auto-merge flows with newfound grace,
Comments guide each downstream place! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix: use personal token for auto-merge workflow' directly and accurately describes the main change: replacing GITHUB_TOKEN with PERSONAL_TOKEN in the auto-merge workflow.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/fix-auto-merge-personal-token

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/auto-merge.yml (1)

34-35: Use a fine-grained PAT with minimal permissions and short expiry.

Since Line 35 and Line 41 rely on a PAT for gh pr review --approve and gh pr merge --auto --merge, ensure the token is fine-grained, scoped to only this repository, with minimum permissions: Pull requests (Read and Write) and Contents (Read and Write). Set a short expiry date. Note that workflow permissions do not constrain PAT scope.

Also applies to: 41-41

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/auto-merge.yml around lines 34 - 35, Update the GH_TOKEN
secret used by the workflow (env var GH_TOKEN) to be a fine-grained personal
access token limited to this repository with minimal scopes: Pull requests (Read
& Write) and Contents (Read & Write), and set a short expiry; ensure the token
used by the `gh pr review --approve` and `gh pr merge --auto --merge` steps is
this fine‑grained PAT so downstream workflows can run while minimizing
permissions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/auto-merge.yml:
- Around line 34-35: Update the GH_TOKEN secret used by the workflow (env var
GH_TOKEN) to be a fine-grained personal access token limited to this repository
with minimal scopes: Pull requests (Read & Write) and Contents (Read & Write),
and set a short expiry; ensure the token used by the `gh pr review --approve`
and `gh pr merge --auto --merge` steps is this fine‑grained PAT so downstream
workflows can run while minimizing permissions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0a90f8e4-9022-4454-9579-271eff345b67

📥 Commits

Reviewing files that changed from the base of the PR and between 6db935f and 94d6ddc.

📒 Files selected for processing (1)

• .github/workflows/auto-merge.yml