From 361f08faeb8c9b22180c8cef96b057b8298ef661 Mon Sep 17 00:00:00 2001
From: Nikola Irinchev <irinchev@me.com>
Date: Fri, 11 Apr 2025 19:41:44 +0200
Subject: [PATCH 1/2] chore(release): use app token to create the release PR

---
 .github/workflows/prepare_release.yaml | 43 ++++++++++++++++++++++++++
 .github/workflows/publish.yaml         | 10 +-----
 2 files changed, 44 insertions(+), 9 deletions(-)
 create mode 100644 .github/workflows/prepare_release.yaml

diff --git a/.github/workflows/prepare_release.yaml b/.github/workflows/prepare_release.yaml
new file mode 100644
index 00000000..1bec2fc2
--- /dev/null
+++ b/.github/workflows/prepare_release.yaml
@@ -0,0 +1,43 @@
+name: Prepare release
+description: |
+  Bumps the version in package.json and creates a release PR. Once merged, the new
+  version will be published to npm.
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "Exact version to bump to or one of major, minor, patch"
+        required: true
+        default: "patch"
+
+jobs:
+  create-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
+        id: app-token
+        with:
+          app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
+          private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}
+      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: package.json
+          registry-url: "https://registry.npmjs.org"
+          cache: "npm"
+      - name: Bump version
+        id: bump-version
+        run: |
+          echo "NEW_VERSION=$(npm version ${{ inputs.version }} --no-git-tag-version)" >> $GITHUB_OUTPUT
+      - name: Create release PR
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # 7.0.8
+        with:
+          title: "Release v${{ steps.bump-version.outputs.NEW_VERSION }}"
+          token: ${{ steps.app-token.outputs.token }}
+          commit-message: "Bump version to v${{ steps.bump-version.outputs.NEW_VERSION }}"
+          body: |
+            This PR bumps the package version to v${{ steps.bump-version.outputs.NEW_VERSION }}.
+            Once merged, the new version will be published to npm.
+          base: main
+          branch: release/v${{ steps.bump-version.outputs.NEW_VERSION }}
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 77d6dbdf..655d7195 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -15,8 +15,6 @@ jobs:
     steps:
       - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
       - uses: actions/setup-node@v4
         with:
           node-version-file: package.json
@@ -63,14 +61,8 @@ jobs:
         run: npm publish
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-      - name: Publish git tag
-        run: |
-          git config --global user.name 'github-actions[bot]'
-          git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
-          git tag ${{ needs.check.outputs.VERSION }}
-          git push origin --tags
       - name: Publish git release
         env:
           GH_TOKEN: ${{ github.token }}
         run: |
-          gh release create ${{ needs.check.outputs.VERSION }} --title "${{ needs.check.outputs.VERSION }}" --generate-notes
+          gh release create ${{ needs.check.outputs.VERSION }} --title "${{ needs.check.outputs.VERSION }}" --generate-notes --target ${{ github.sha }}

From 23020d29b6e56382123b6e2d479c79649fbecfb9 Mon Sep 17 00:00:00 2001
From: Nikola Irinchev <irinchev@me.com>
Date: Sat, 12 Apr 2025 22:10:59 +0200
Subject: [PATCH 2/2] set author and committer

---
 .github/workflows/prepare_release.yaml | 2 ++
 .github/workflows/publish.yaml         | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/prepare_release.yaml b/.github/workflows/prepare_release.yaml
index 1bec2fc2..b016237f 100644
--- a/.github/workflows/prepare_release.yaml
+++ b/.github/workflows/prepare_release.yaml
@@ -41,3 +41,5 @@ jobs:
             Once merged, the new version will be published to npm.
           base: main
           branch: release/v${{ steps.bump-version.outputs.NEW_VERSION }}
+          author: "${{ steps.app-token.outputs.app-slug}}[bot] <${{ steps.app-token.outputs.app-email }}>"
+          committer: "${{ steps.app-token.outputs.app-slug}}[bot] <${{ steps.app-token.outputs.app-email }}>"
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 655d7195..2742c649 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -15,6 +15,8 @@ jobs:
     steps:
       - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       - uses: actions/setup-node@v4
         with:
           node-version-file: package.json