[generate_manifest] use GITHUB_TOKEN to create PR & improve commit message

[GabrielDrapor]

PR Type

Enhancement

---

Description

• Switch from personal access token to GITHUB_TOKEN

• Update commit co-author from Claude to Lucien

• Remove Claude Code generation reference

---

Diagram Walkthrough

flowchart LR
  PAT["Personal Access Token"] -- "replaced with" --> GITHUB["GITHUB_TOKEN"]
  Claude["Co-Authored-By: Claude"] -- "updated to" --> Lucien["Co-Authored-By: Lucien"]
  Reference["Claude Code reference"] -- "removed" --> Clean["Clean commit message"]

Loading

File Walkthrough

	Relevant files
Configuration changes	generate-manifest.yml Update token and commit author configuration                          .github/workflows/generate-manifest.yml Replace MCPM_PERSONAL_ACCESS_TOKEN with GITHUB_TOKEN for PR creation Update commit co-author from Claude to Lucien Remove Claude Code generation reference from commit message +2/-4

---

Summary by CodeRabbit

• Chores
  • Updated the authentication method used by automated pull requests in CI to improve reliability and align permissions.
  • Refined the automated PR body content by removing third-party attribution and adding appropriate co-author credit for clarity.

[coderabbitai]

Walkthrough

Authentication in the CI workflow’s Create Pull Request step switches from secrets.MCPM_PERSONAL_ACCESS_TOKEN to secrets.GITHUB_TOKEN. The auto-generated PR body text is updated: removal of Claude-related attribution lines and addition of “Co-Authored-By: Lucien.” No other workflow logic changes.

Changes

Cohort / File(s)	Summary
CI Workflow PR Auth and Attribution .github/workflows/generate-manifest.yml	Change PR creation token to secrets.GITHUB_TOKEN. Update PR body: remove Claude attribution lines; add “Co-Authored-By: Lucien”.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• [generate-manifest] add repository_dispatch Trigger #234 — Also updates the same workflow’s PR-creation token and attribution, mirroring this PR’s changes.

Suggested labels

Review effort 2/5

Poem

I thump my paws—commit takes flight,
Tokens swapped by moonlit night.
Claude hops off, Lucien in,
PRs bloom with tidy spin.
In burrows deep, our pipeline hums—
Merge me softly—here it comes! 🐇✨

Tip

🔌 Remote MCP (Model Context Protocol) integration is now available!

Pro plan users can now connect to remote MCP servers from the Integrations page. Connect with popular remote MCPs such as Notion and Linear to add more context to your reviews and chats.

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch Jiarui/smart-registry-workflow

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[qodo-merge-pro]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 No security concerns identified

⚡ Recommended focus areas for review Permission Scope Verify that using the default GITHUB_TOKEN has sufficient permissions to create a PR on the target repo and from workflow context (especially for forked repos or when the repo has restrictive permissions). You may need appropriate permissions settings or fine-grained PAT if cross-repo. uses: peter-evans/create-pull-request@v5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: | Co-author Format The co-author trailer usually includes a name and email in the format 'Co-Authored-By: Name email@domain'. Confirm that downstream tooling recognizes the current value without an email, or add a valid email if needed. Co-Authored-By: Lucien title: "feat: Add MCP manifest for ${{ steps.repo-info.outputs.repo_name }}"

[qodo-merge-pro]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: codex

Failed stage: Run Codex [❌]

Failure summary: The action failed because a permission check for the GitHub app/user qodo-merge-pro[bot] did not pass. The script fetched the collaborator permission via: - gh api "/repos/${GITHUB_REPOSITORY}/collaborators/qodo-merge-pro[bot]/permission" | jq -r '.permission' - It then exited with status 1 if PERMISSION was not admin or write. The resulting permission was neither admin nor write, causing the conditional to trigger and the job to exit with code 1.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 116: ##[endgroup] 117: ##[group]Run set -euo pipefail 118: �[36;1mset -euo pipefail�[0m 119: �[36;1m�[0m 120: �[36;1mPERMISSION=$(gh api \�[0m 121: �[36;1m "/repos/${GITHUB_REPOSITORY}/collaborators/qodo-merge-pro[bot]/permission" \�[0m 122: �[36;1m | jq -r '.permission')�[0m 123: �[36;1m�[0m 124: �[36;1mif [[ "$PERMISSION" != "admin" && "$PERMISSION" != "write" ]]; then�[0m 125: �[36;1m exit 1�[0m 126: �[36;1mfi�[0m 127: shell: /usr/bin/bash --noprofile --norc -e -o pipefail {0} 128: env: 129: GH_TOKEN: *** 130: ##[endgroup] 131: ##[error]Process completed with exit code 1. 132: Post job cleanup.

[qodo-merge-pro]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Fix co-author trailer format Use the canonical "Co-authored-by" trailer casing to ensure Git recognizes the co-author. Include a valid email, even a no-reply alias, so the co-authorship is attributed properly. .github/workflows/generate-manifest.yml [60] -Co-Authored-By: Lucien +Co-authored-by: Lucien <[email protected]> Apply / Chat Suggestion importance[1-10]: 8 __ Why: The suggestion correctly identifies that the Co-Authored-By trailer is malformed; it lacks the required email address, which would prevent GitHub from correctly attributing the co-author on the commit.	Medium
Possible issue	Set required GITHUB_TOKEN permissions Ensure the GITHUB_TOKEN has the required permissions for creating branches and pull requests. Explicitly set permissions: contents: write, pull-requests: write at the workflow/job level to avoid failures in repositories with restricted default token permissions. .github/workflows/generate-manifest.yml [54] -token: ${{ secrets.GITHUB_TOKEN }} +permissions: + contents: write + pull-requests: write +... +- name: Create Pull Request + uses: peter-evans/create-pull-request@v5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: | + feat: add manifest for ${{ steps.repo-info.outputs.repo_name }} + + Generated manifest JSON for repository: ${{ github.event.inputs.repo_url || github.event.client_payload.repo_url }} + + Co-Authored-By: Lucien + title: "feat: Add MCP manifest for ${{ steps.repo-info.outputs.repo_name }}" + body: | + ## Summary [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 7 __ Why: This is a valid suggestion as explicitly setting permissions for the GITHUB_TOKEN is a best practice that ensures the workflow runs correctly, even in repositories with restricted default token permissions.	Medium
More

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

.github/workflows/generate-manifest.yml (5)

55-61: Fix YAML lint errors: remove trailing spaces in commit message block

YAMLlint flags trailing spaces on Line 57 and Line 59. Clean up the multiline scalar to avoid CI lint failures.

Apply this diff to normalize whitespace:

           commit-message: |
             feat: add manifest for ${{ steps.repo-info.outputs.repo_name }}
-            
+
             Generated manifest JSON for repository: ${{ github.event.inputs.repo_url || github.event.client_payload.repo_url }}
-            
+
             Co-Authored-By: Lucien

---

80-80: The Claude attribution line is still present; remove to match PR objective

Per the PR objective and summary, the Claude attribution should be removed. It remains in the PR body.

Apply this diff to remove it:

-            🤖 Generated with [Claude Code](https://claude.ai/code)

---

26-29: Consider upgrading setup-python to v5 and enabling pip cache

Optional DX/perf tweak: actions/setup-python@v5 supports built-in caching, which will speed up repeated runs.

-      - name: Set up Python
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.11'
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+          cache: 'pip'

---

46-49: Harden repo name extraction against trailing slashes and whitespace

Minor robustness. If repo_url ends with a slash or has stray whitespace, branch naming can be impacted.

-          REPO_URL="${{ github.event.inputs.repo_url || github.event.client_payload.repo_url }}"
-          REPO_NAME=$(echo "$REPO_URL" | sed 's/.*github\.com[:/]//' | sed 's/\.git$//' | tr '/' '-')
+          REPO_URL="$(echo "${{ github.event.inputs.repo_url || github.event.client_payload.repo_url }}" | sed 's/[[:space:]]//g')"
+          # Strip protocol/host, optional trailing ".git" and any trailing slash
+          REPO_NAME=$(echo "$REPO_URL" \
+            | sed 's/.*github\.com[:/]//' \
+            | sed 's/\.git$//' \
+            | sed 's:/*$::' \
+            | tr '/' '-')

---

21-25: Checkout token is optional here

actions/checkout uses the workflow’s GITHUB_TOKEN by default. Passing it explicitly is fine; you can also omit the token key to reduce noise.

       - name: Checkout repository
         uses: actions/checkout@v4
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 12b8341 and 723e5cd.

📒 Files selected for processing (1)

• .github/workflows/generate-manifest.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.37.1)

.github/workflows/generate-manifest.yml

[error] 57-57: trailing spaces

(trailing-spaces)

---

[error] 59-59: trailing spaces

(trailing-spaces)

🔇 Additional comments (1)

.github/workflows/generate-manifest.yml (1)

54-54: Switch to GITHUB_TOKEN looks correct given permissions are set

Using GITHUB_TOKEN here is appropriate, and the job-level permissions include contents: write and pull-requests: write, which are required by peter-evans/create-pull-request.

[mcpm-semantic-release]

🎉 This PR is included in version 2.7.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀