chore(deps): update actions/create-github-app-token action to v3.2.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/create-github-app-token	action	minor	v3.1.1 → v3.2.0

---

Release Notes

actions/create-github-app-token (actions/create-github-app-token)

v3.2.0

Compare Source

Features

• add support for enterprise-level GitHub Apps (#​263) (952a2a7)
• support full repository names in repositories input (#​372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#​364) (43e5c34)
• validate private-key input (#​376) (f24bbd8)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

New Features (additive, no breaking changes):

• Enterprise-level GitHub Apps support added (#263) — new optional capability, no impact on existing usage
• Full repository names now accepted in repositories input (#372) — backward-compatible extension

Bug Fixes:

• @actions/core dependency bumped from 3.0.0 → 3.0.1 (production dependency patch)
• Private-key input validation added (#376) — stricter validation at startup; would only be a concern if the existing secret contains a malformed key, but since v3.1.1 was functioning correctly, the key is already valid

Breaking Changes: None identified in the release notes or commit history between v3.1.1 and v3.2.0.

🎯 Impact Scope Investigation

Usage location: Single usage in .github/workflows/ci.yml (line 388)

uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
  app-id: ${{ secrets.WORKER_APP_ID }}
  private-key: ${{ secrets.WORKER_APP_PRIVATE_KEY }}

The action output token is consumed at line 395 as ${{ steps.app-token.outputs.token }} for gh pr merge.

Inputs used:

• app-id — unchanged API, no migration required
• private-key — unchanged API; new validation is additive (would only reject previously-invalid keys)

Inputs NOT used (new in v3.2.0): repositories full-name format, enterprise app support — no action needed.

Other workflows: sync-with-notion.yml and trigger-sync-from-pr-comment.yml do not use create-github-app-token.

Commit hash pinning: The PR correctly updates the pinned SHA from 1b10c78c7865c340bc4f6099eb2f838309f1e8c3 (v3.1.1) to bcd2ba49218906704ab6c1aa796996da409d3eb1 (v3.2.0), maintaining supply-chain security.

💡 Recommended Actions

• No code changes or configuration updates required
• Merge as-is; the diff is a single SHA+tag bump with full backward compatibility

🔗 Reference Links

• v3.2.0 Release Notes
• Diff v3.1.1...v3.2.0
• #263 Enterprise GitHub Apps support
• #372 Full repository names in repositories input
• #376 Validate private-key input

Generated by koki-develop/claude-renovate-review