chore(deps): update actions/create-github-app-token action to v3.2.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/create-github-app-token	action	minor	v3.1.1 → v3.2.0

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v3.2.0

Compare Source

Features

• add support for enterprise-level GitHub Apps (#​263) (952a2a7)
• support full repository names in repositories input (#​372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#​364) (43e5c34)
• validate private-key input (#​376) (f24bbd8)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

Features Added:

• Enterprise-level GitHub Apps support (#263): New optional enterprise input parameter enables token generation for enterprise-level GitHub App installations. This is an additive feature that doesn't affect existing usage patterns.
• Full repository names support (#372): The repositories input now accepts both bare repository names (e.g., "sandbox") and full repository names (e.g., "owner/sandbox"). This enhancement maintains backward compatibility with existing bare name usage.

Bug Fixes:

• Dependency update: Updated @actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) - routine maintenance update.
• Private-key validation (#376): Added action-level validation for the private-key input parameter, providing user-friendly error messages instead of exposing Octokit implementation details. This improves error handling without changing functionality.

Breaking Changes:

• None. All changes are backward-compatible and additive.

Security Improvements:

• Enhanced input validation for private-key reduces potential for cryptic error messages and improves security posture by catching invalid inputs earlier in the workflow execution.

🎯 Impact Scope Investigation

Usage Location:

• Single usage found in .github/workflows/release-please.yml:28
• Action is used to generate a GitHub App token for the Release Please workflow

Current Usage Pattern:

- uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
  id: app-token
  with:
    client-id: ${{ vars.RELEASE_PLEASE_APP_ID }}
    private-key: ${{ secrets.RELEASE_PLEASE_APP_PRIVATE_KEY }}
    permission-contents: write
    permission-pull-requests: write
    permission-issues: write

Compatibility Analysis:

• All inputs used (client-id, private-key, permission-*) remain unchanged in v3.2.0
• No deprecated parameters
• No changes to output schema
• New features (enterprise, full repository name format) are optional and do not affect current usage

Impact on Dependencies:

• No transitive dependency impacts on other GitHub Actions workflows
• The update is isolated to the GitHub App token generation step
• No changes required in downstream consumers (release-please-action)

💡 Recommended Actions

Immediate Actions:

• ✅ Safe to merge immediately - No code modifications required
• The PR can be merged without any manual intervention

Optional Considerations:

• Consider reviewing the enhanced private-key validation feature - it will provide better error messages if there are issues with the GitHub App private key format in the future
• No migration steps needed
• No configuration changes required
• No testing beyond standard CI/CD pipeline validation

Post-Merge Verification:

• Monitor the next Release Please workflow run to ensure the token generation step continues to function correctly
• Verify that the workflow completes successfully with the updated action version

🔗 Reference Links

• Release Notes v3.2.0
• Comparison v3.1.1...v3.2.0
• Enterprise-level Apps Support PR #263
• Full Repository Names Support PR #372
• Private-key Validation PR #376
• Action Documentation

Generated by koki-develop/claude-renovate-review