Problem
app_bot_login fails to initialize because the code uses get_user().login — an endpoint (GET /user) that is not available to GitHub App installation tokens. This is a GitHub platform limitation, not a permissions issue. Installation tokens authenticate as an app, not a user, so GET /user always returns 403.
Root Cause
webhook_server/libs/github_api.py line 555:
lambda: _github_app_api.get_user().login # always 403 for app tokens
Impact
| Feature |
Normal behavior |
When app_bot_login is empty |
/cherry-pick-retry |
Finds old failed cherry-pick PR → closes it → creates fresh retry |
Skips close → duplicate cherry-pick PRs pile up |
/rebase on bot PRs |
Only assignee or maintainer can rebase |
Any valid command runner can rebase (auth degradation) |
Additionally, the error traceback is logged on every webhook event, spamming server logs.
Proposed Fix
Replace get_user().login with GET /app → {app.slug}[bot]:
app = _github_app_api.get_app()
self.app_bot_login = f"{app.slug}[bot]"
GET /app is designed for app tokens and returns the app metadata including slug.
Done
Problem
app_bot_loginfails to initialize because the code usesget_user().login— an endpoint (GET /user) that is not available to GitHub App installation tokens. This is a GitHub platform limitation, not a permissions issue. Installation tokens authenticate as an app, not a user, soGET /useralways returns 403.Root Cause
webhook_server/libs/github_api.pyline 555:Impact
app_bot_loginis empty/cherry-pick-retry/rebaseon bot PRsAdditionally, the error traceback is logged on every webhook event, spamming server logs.
Proposed Fix
Replace
get_user().loginwithGET /app→{app.slug}[bot]:GET /appis designed for app tokens and returns the app metadata includingslug.Done
get_user().loginwithget_app().slug+[bot]suffix ingithub_api.pyget_user()on app installation tokens