Skip to content

ci: use dedicated GitHub App token instead of shared PAT#1351

Merged
TooTallNate merged 1 commit into
mainfrom
nr/ci-github-app-token
Mar 12, 2026
Merged

ci: use dedicated GitHub App token instead of shared PAT#1351
TooTallNate merged 1 commit into
mainfrom
nr/ci-github-app-token

Conversation

@TooTallNate
Copy link
Copy Markdown
Member

@TooTallNate TooTallNate commented Mar 12, 2026

Summary

  • Replace the shared GH_TOKEN_PULL_REQUESTS PAT with a dedicated GitHub App token generated per-run via actions/create-github-app-token
  • The shared org PAT was being rate limited by GitHub due to noisy neighbors within the company also using the same token
  • The GitHub App gets its own isolated rate limit bucket (5,000 req/hr per installation), uses short-lived auto-rotating tokens, and shows a [bot] badge on PRs/commits

Changes

.github/workflows/release.yml

  • Added Generate GitHub App Token step using RELEASE_APP_ID and RELEASE_APP_PRIVATE_KEY secrets
  • Replaced all 3 GH_TOKEN_PULL_REQUESTS references (checkout, changesets action, GitHub release creation)

.github/workflows/dispatch-front-workflow-release-pr.yml

  • Added Generate GitHub App Token step to both dispatch-front-sync and dispatch-front-close jobs with cross-repo access to vercel/workflow and vercel/front
  • Replaced both GH_TOKEN_PULL_REQUESTS references

Prerequisites

The following have already been set up:

  • GitHub App created and installed on vercel/workflow and vercel/front
  • RELEASE_APP_ID and RELEASE_APP_PRIVATE_KEY repository secrets configured

Follow-up

  • Remove the GH_TOKEN_PULL_REQUESTS secret from this repo once verified working

@TooTallNate
ci: use dedicated GitHub App token instead of shared PAT
2029c64 
Replace GH_TOKEN_PULL_REQUESTS (shared org PAT) with a dedicated GitHub
App token to avoid rate limiting from noisy neighbors. The app token is
generated per-run via actions/create-github-app-token, providing its own
rate limit bucket and short-lived credentials.
@TooTallNate TooTallNate requested a review from a team as a code owner March 12, 2026 18:46
@vercel
Copy link
Copy Markdown
Contributor

vercel Bot commented Mar 12, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
example-nextjs-workflow-turbopack Ready Ready Preview, Comment Mar 12, 2026 6:47pm
example-nextjs-workflow-webpack Ready Ready Preview, Comment Mar 12, 2026 6:47pm
example-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-astro-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-express-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-fastify-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-hono-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-nitro-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-nuxt-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-sveltekit-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workbench-vite-workflow Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workflow-docs Ready Ready Preview, Comment, Open in v0 Mar 12, 2026 6:47pm
workflow-nest Ready Ready Preview, Comment Mar 12, 2026 6:47pm
workflow-swc-playground Ready Ready Preview, Comment Mar 12, 2026 6:47pm

Copilot AI review requested due to automatic review settings March 12, 2026 18:46
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Mar 12, 2026

⚠️ No Changeset found

Latest commit: 2029c64

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 12, 2026
edited
Loading

🧪 E2E Test Results

Some tests failed

Summary

Passed Failed Skipped Total
✅ ▲ Vercel Production 571 0 67 638
✅ 💻 Local Development 612 0 84 696
✅ 📦 Local Production 612 0 84 696
❌ 🐘 Local Postgres 611 1 84 696
✅ 🪟 Windows 55 0 3 58
❌ 🌍 Community Worlds 118 56 15 189
✅ 📋 Other 147 0 27 174
Total 2726 57 364 3147

❌ Failed Tests

🐘 Local Postgres (1 failed)

nextjs-webpack-stable (1 failed):

  • webhookWorkflow
🌍 Community Worlds (56 failed)

mongodb (3 failed):

  • hookWorkflow is not resumable via public webhook endpoint
  • webhookWorkflow
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously

redis (2 failed):

  • hookWorkflow is not resumable via public webhook endpoint
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously

turso (51 failed):

  • addTenWorkflow
  • addTenWorkflow
  • wellKnownAgentWorkflow (.well-known/agent)
  • should work with react rendering in step
  • promiseAllWorkflow
  • promiseRaceWorkflow
  • promiseAnyWorkflow
  • importedStepOnlyWorkflow
  • hookWorkflow
  • hookWorkflow is not resumable via public webhook endpoint
  • webhookWorkflow
  • sleepingWorkflow
  • parallelSleepWorkflow
  • nullByteWorkflow
  • workflowAndStepMetadataWorkflow
  • fetchWorkflow
  • promiseRaceStressTestWorkflow
  • error handling error propagation workflow errors nested function calls preserve message and stack trace
  • error handling error propagation workflow errors cross-file imports preserve message and stack trace
  • error handling error propagation step errors basic step error preserves message and stack trace
  • error handling error propagation step errors cross-file step error preserves message and function names in stack
  • error handling retry behavior regular Error retries until success
  • error handling retry behavior FatalError fails immediately without retries
  • error handling retry behavior RetryableError respects custom retryAfter delay
  • error handling retry behavior maxRetries=0 disables retries
  • error handling retry behavior workflow completes despite transient 5xx on step_completed
  • error handling catchability FatalError can be caught and detected with FatalError.is()
  • hookCleanupTestWorkflow - hook token reuse after workflow completion
  • concurrent hook token conflict - two workflows cannot use the same hook token simultaneously
  • hookDisposeTestWorkflow - hook token reuse after explicit disposal while workflow still running
  • stepFunctionPassingWorkflow - step function references can be passed as arguments (without closure vars)
  • stepFunctionWithClosureWorkflow - step function with closure variables passed as argument
  • closureVariableWorkflow - nested step functions with closure variables
  • spawnWorkflowFromStepWorkflow - spawning a child workflow using start() inside a step
  • health check (queue-based) - workflow and step endpoints respond to health check messages
  • pathsAliasWorkflow - TypeScript path aliases resolve correctly
  • Calculator.calculate - static workflow method using static step methods from another class
  • AllInOneService.processNumber - static workflow method using sibling static step methods
  • ChainableService.processWithThis - static step methods using this to reference the class
  • thisSerializationWorkflow - step function invoked with .call() and .apply()
  • customSerializationWorkflow - custom class serialization with WORKFLOW_SERIALIZE/WORKFLOW_DESERIALIZE
  • instanceMethodStepWorkflow - instance methods with "use step" directive
  • crossContextSerdeWorkflow - classes defined in step code are deserializable in workflow context
  • stepFunctionAsStartArgWorkflow - step function reference passed as start() argument
  • cancelRun - cancelling a running workflow
  • cancelRun via CLI - cancelling a running workflow
  • pages router addTenWorkflow via pages router
  • pages router promiseAllWorkflow via pages router
  • pages router sleepingWorkflow via pages router
  • hookWithSleepWorkflow - hook payloads delivered correctly with concurrent sleep
  • sleepWithSequentialStepsWorkflow - sequential steps work with concurrent sleep (control)

Details by Category

✅ ▲ Vercel Production
App Passed Failed Skipped
✅ astro 51 0 7
✅ example 51 0 7
✅ express 51 0 7
✅ fastify 51 0 7
✅ hono 51 0 7
✅ nextjs-turbopack 56 0 2
✅ nextjs-webpack 56 0 2
✅ nitro 51 0 7
✅ nuxt 51 0 7
✅ sveltekit 51 0 7
✅ vite 51 0 7
✅ 💻 Local Development
App Passed Failed Skipped
✅ astro-stable 49 0 9
✅ express-stable 49 0 9
✅ fastify-stable 49 0 9
✅ hono-stable 49 0 9
✅ nextjs-turbopack-canary 55 0 3
✅ nextjs-turbopack-stable 55 0 3
✅ nextjs-webpack-canary 55 0 3
✅ nextjs-webpack-stable 55 0 3
✅ nitro-stable 49 0 9
✅ nuxt-stable 49 0 9
✅ sveltekit-stable 49 0 9
✅ vite-stable 49 0 9
✅ 📦 Local Production
App Passed Failed Skipped
✅ astro-stable 49 0 9
✅ express-stable 49 0 9
✅ fastify-stable 49 0 9
✅ hono-stable 49 0 9
✅ nextjs-turbopack-canary 55 0 3
✅ nextjs-turbopack-stable 55 0 3
✅ nextjs-webpack-canary 55 0 3
✅ nextjs-webpack-stable 55 0 3
✅ nitro-stable 49 0 9
✅ nuxt-stable 49 0 9
✅ sveltekit-stable 49 0 9
✅ vite-stable 49 0 9
❌ 🐘 Local Postgres
App Passed Failed Skipped
✅ astro-stable 49 0 9
✅ express-stable 49 0 9
✅ fastify-stable 49 0 9
✅ hono-stable 49 0 9
✅ nextjs-turbopack-canary 55 0 3
✅ nextjs-turbopack-stable 55 0 3
✅ nextjs-webpack-canary 55 0 3
❌ nextjs-webpack-stable 54 1 3
✅ nitro-stable 49 0 9
✅ nuxt-stable 49 0 9
✅ sveltekit-stable 49 0 9
✅ vite-stable 49 0 9
✅ 🪟 Windows
App Passed Failed Skipped
✅ nextjs-turbopack 55 0 3
❌ 🌍 Community Worlds
App Passed Failed Skipped
✅ mongodb-dev 3 0 2
❌ mongodb 52 3 3
✅ redis-dev 3 0 2
❌ redis 53 2 3
✅ turso-dev 3 0 2
❌ turso 4 51 3
✅ 📋 Other
App Passed Failed Skipped
✅ e2e-local-dev-nest-stable 49 0 9
✅ e2e-local-postgres-nest-stable 49 0 9
✅ e2e-local-prod-nest-stable 49 0 9

📋 View full workflow run

Some E2E test jobs failed:

  • Vercel Prod: success
  • Local Dev: success
  • Local Prod: success
  • Local Postgres: failure
  • Windows: success

Check the workflow run for details.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 12, 2026
edited
Loading

📊 Benchmark Results

📈 Comparing against baseline from main branch. Green 🟢 = faster, Red 🔺 = slower.

workflow with no steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Nitro 0.032s (~) 1.005s (~) 0.973s 10 1.00x
💻 Local Express 0.033s (-1.5%) 1.005s (~) 0.973s 10 1.02x
🐘 Postgres Nitro 0.047s (+19.4% 🔺) 1.011s (~) 0.963s 10 1.48x
🐘 Postgres Express 0.054s (+5.3% 🔺) 1.013s (~) 0.959s 10 1.69x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 0.439s (-27.8% 🟢) 2.280s (-14.3% 🟢) 1.841s 10 1.00x
▲ Vercel Next.js (Turbopack) 0.464s (-9.8% 🟢) 2.070s (-41.8% 🟢) 1.606s 10 1.06x
▲ Vercel Express 0.494s (-8.8% 🟢) 2.205s (-23.0% 🟢) 1.711s 10 1.13x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

workflow with 1 step

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
💻 Local 🥇 Nitro 1.101s (~) 2.006s (~) 0.904s 10 1.00x
💻 Local Express 1.103s (~) 2.006s (~) 0.903s 10 1.00x
🐘 Postgres Nitro 1.112s (+1.4%) 2.011s (~) 0.899s 10 1.01x
🐘 Postgres Express 1.127s (~) 2.012s (~) 0.885s 10 1.02x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.240s (+3.7%) 3.602s (-24.2% 🟢) 1.361s 10 1.00x
▲ Vercel Next.js (Turbopack) 2.357s (+8.2% 🔺) 3.729s (-21.6% 🟢) 1.372s 10 1.05x
▲ Vercel Express 2.368s (+12.3% 🔺) 3.904s (-20.0% 🟢) 1.536s 10 1.06x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

workflow with 10 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 10.738s (+1.2%) 11.040s (~) 0.302s 3 1.00x
💻 Local Nitro 10.775s (~) 11.023s (~) 0.249s 3 1.00x
💻 Local Express 10.778s (~) 11.023s (~) 0.245s 3 1.00x
🐘 Postgres Express 10.873s (+0.5%) 11.050s (~) 0.177s 3 1.01x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 16.927s (-3.5%) 18.623s (-5.6% 🟢) 1.695s 2 1.00x
▲ Vercel Next.js (Turbopack) 17.729s (+4.4%) 19.741s (+3.7%) 2.012s 2 1.05x
▲ Vercel Express 18.130s (+7.5% 🔺) 19.698s (+5.0%) 1.568s 2 1.07x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

workflow with 25 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 26.768s (+1.4%) 27.052s (~) 0.284s 3 1.00x
🐘 Postgres Express 27.059s (~) 27.401s (+1.3%) 0.342s 3 1.01x
💻 Local Nitro 27.181s (~) 28.050s (~) 0.870s 3 1.02x
💻 Local Express 27.227s (~) 28.054s (~) 0.827s 3 1.02x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 44.202s (+1.0%) 45.239s (-1.6%) 1.037s 2 1.00x
▲ Vercel Express 44.702s (+4.9%) 45.761s (+3.3%) 1.060s 2 1.01x
▲ Vercel Nitro 45.386s (+0.7%) 47.124s (+0.9%) 1.738s 2 1.03x

🔍 Observability: Next.js (Turbopack) | Express | Nitro

workflow with 50 sequential steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 53.517s (+1.4%) 54.092s (+1.9%) 0.575s 2 1.00x
🐘 Postgres Express 53.977s (~) 54.108s (~) 0.131s 2 1.01x
💻 Local Nitro 55.998s (~) 56.098s (~) 0.099s 2 1.05x
💻 Local Express 56.050s (~) 56.102s (-0.9%) 0.052s 2 1.05x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 92.617s (-5.7% 🟢) 94.644s (-5.6% 🟢) 2.027s 1 1.00x
▲ Vercel Express 93.658s (-1.1%) 94.765s (-1.9%) 1.107s 1 1.01x
▲ Vercel Next.js (Turbopack) 99.140s (+3.0%) 99.939s (+2.1%) 0.799s 1 1.07x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Promise.all with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 1.311s (+3.8%) 2.011s (~) 0.700s 15 1.00x
🐘 Postgres Express 1.351s (+0.6%) 2.011s (~) 0.660s 15 1.03x
💻 Local Nitro 1.401s (-1.4%) 2.006s (~) 0.605s 15 1.07x
💻 Local Express 1.412s (-0.5%) 2.006s (~) 0.593s 15 1.08x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.071s (-15.8% 🟢) 3.473s (-13.3% 🟢) 1.402s 9 1.00x
▲ Vercel Express 2.576s (-8.3% 🟢) 3.803s (-14.1% 🟢) 1.227s 8 1.24x
▲ Vercel Next.js (Turbopack) 2.757s (-10.0% 🟢) 3.792s (-16.2% 🟢) 1.036s 9 1.33x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Promise.all with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 2.446s (+0.9%) 3.011s (~) 0.565s 10 1.00x
🐘 Postgres Express 2.478s (~) 3.015s (~) 0.537s 10 1.01x
💻 Local Express 2.608s (-2.1%) 3.008s (~) 0.399s 10 1.07x
💻 Local Nitro 2.613s (~) 3.007s (~) 0.394s 10 1.07x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.534s (-12.0% 🟢) 3.817s (-8.8% 🟢) 1.283s 8 1.00x
▲ Vercel Next.js (Turbopack) 2.650s (-9.7% 🟢) 3.821s (-12.6% 🟢) 1.171s 8 1.05x
▲ Vercel Express 2.936s (~) 4.114s (-4.5%) 1.177s 8 1.16x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Promise.all with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 3.777s (~) 4.143s (+3.2%) 0.365s 8 1.00x
🐘 Postgres Express 3.987s (-2.4%) 4.590s (~) 0.602s 7 1.06x
💻 Local Nitro 7.433s (~) 8.019s (~) 0.587s 4 1.97x
💻 Local Express 7.749s (+3.4%) 8.018s (~) 0.269s 4 2.05x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 3.022s (~) 4.541s (+4.0%) 1.518s 7 1.00x
▲ Vercel Express 3.201s (-22.6% 🟢) 4.385s (-23.3% 🟢) 1.184s 7 1.06x
▲ Vercel Next.js (Turbopack) 3.340s (+14.3% 🔺) 4.550s (+9.5% 🔺) 1.210s 7 1.11x

🔍 Observability: Nitro | Express | Next.js (Turbopack)

Promise.race with 10 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 1.332s (+1.9%) 2.011s (~) 0.679s 15 1.00x
🐘 Postgres Express 1.334s (-0.8%) 2.012s (~) 0.678s 15 1.00x
💻 Local Nitro 1.458s (+2.5%) 2.005s (~) 0.547s 15 1.09x
💻 Local Express 1.475s (+2.9%) 2.005s (~) 0.530s 15 1.11x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 2.232s (-9.3% 🟢) 3.618s (-8.3% 🟢) 1.387s 9 1.00x
▲ Vercel Next.js (Turbopack) 2.287s (-9.3% 🟢) 3.365s (-15.3% 🟢) 1.078s 9 1.02x
▲ Vercel Express 2.366s (+10.2% 🔺) 3.752s (+3.1%) 1.385s 8 1.06x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Promise.race with 25 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 2.445s (+1.0%) 3.010s (~) 0.565s 10 1.00x
🐘 Postgres Express 2.522s (-2.8%) 3.013s (-3.2%) 0.491s 10 1.03x
💻 Local Express 2.723s (-2.3%) 3.008s (~) 0.285s 10 1.11x
💻 Local Nitro 2.745s (+1.3%) 3.008s (~) 0.263s 10 1.12x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Express 2.356s (-0.7%) 3.573s (-9.9% 🟢) 1.217s 9 1.00x
▲ Vercel Nitro 2.536s (-7.8% 🟢) 3.783s (-8.5% 🟢) 1.246s 8 1.08x
▲ Vercel Next.js (Turbopack) 2.750s (-7.8% 🟢) 3.901s (-6.9% 🟢) 1.151s 9 1.17x

🔍 Observability: Express | Nitro | Next.js (Turbopack)

Promise.race with 50 concurrent steps

💻 Local Development

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 3.887s (+2.0%) 4.301s (+3.9%) 0.414s 7 1.00x
🐘 Postgres Express 4.055s (+2.2%) 4.589s (+3.1%) 0.533s 7 1.04x
💻 Local Nitro 8.001s (~) 8.521s (-2.8%) 0.520s 4 2.06x
💻 Local Express 8.126s (+0.9%) 8.774s (+2.9%) 0.648s 4 2.09x
💻 Local Next.js (Turbopack) ⚠️ missing - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - -

▲ Production (Vercel)

World Framework Workflow Time Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Next.js (Turbopack) 2.857s (-3.6%) 4.431s (~) 1.575s 7 1.00x
▲ Vercel Express 3.031s (+0.7%) 5.029s (+14.8% 🔺) 1.997s 6 1.06x
▲ Vercel Nitro 3.141s (+5.0%) 4.933s (+11.3% 🔺) 1.791s 7 1.10x

🔍 Observability: Next.js (Turbopack) | Express | Nitro

Stream Benchmarks (includes TTFB metrics)
workflow with stream

💻 Local Development

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
🐘 Postgres 🥇 Nitro 0.168s (+25.6% 🔺) 0.993s (-0.7%) 0.002s (+23.1% 🔺) 1.012s (~) 0.843s 10 1.00x
💻 Local Express 0.169s (-2.7%) 1.003s (~) 0.011s (+2.7%) 1.017s (~) 0.848s 10 1.00x
💻 Local Nitro 0.170s (~) 1.003s (~) 0.011s (+2.7%) 1.017s (~) 0.847s 10 1.01x
🐘 Postgres Express 0.199s (+9.0% 🔺) 0.995s (~) 0.001s (~) 1.013s (~) 0.814s 10 1.19x
💻 Local Next.js (Turbopack) ⚠️ missing - - - - -
🐘 Postgres Next.js (Turbopack) ⚠️ missing - - - - -

▲ Production (Vercel)

World Framework Workflow Time TTFB Slurp Wall Time Overhead Samples vs Fastest
▲ Vercel 🥇 Nitro 1.537s (-3.5%) 2.306s (-3.9%) 0.005s (-10.5% 🟢) 2.836s (-3.6%) 1.299s 10 1.00x
▲ Vercel Next.js (Turbopack) 1.550s (-8.3% 🟢) 2.557s (-3.9%) 0.005s (-21.5% 🟢) 3.083s (-5.8% 🟢) 1.533s 10 1.01x
▲ Vercel Express 1.663s (+1.2%) 2.308s (-14.8% 🟢) 0.006s (+22.0% 🔺) 2.846s (-13.4% 🟢) 1.183s 10 1.08x

🔍 Observability: Nitro | Next.js (Turbopack) | Express

Summary

Fastest Framework by World

Winner determined by most benchmark wins

World 🥇 Fastest Framework Wins
💻 Local Nitro 9/12
🐘 Postgres Nitro 12/12
▲ Vercel Nitro 9/12
Fastest World by Framework

Winner determined by most benchmark wins

Framework 🥇 Fastest World Wins
Express 🐘 Postgres 5/12
Next.js (Turbopack) ▲ Vercel 12/12
Nitro 🐘 Postgres 8/12
Column Definitions
  • Workflow Time: Runtime reported by workflow (completedAt - createdAt) - primary metric
  • TTFB: Time to First Byte - time from workflow start until first stream byte received (stream benchmarks only)
  • Slurp: Time from first byte to complete stream consumption (stream benchmarks only)
  • Wall Time: Total testbench time (trigger workflow + poll for result)
  • Overhead: Testbench overhead (Wall Time - Workflow Time)
  • Samples: Number of benchmark iterations run
  • vs Fastest: How much slower compared to the fastest configuration for this benchmark

Worlds:

  • 💻 Local: In-memory filesystem world (local development)
  • 🐘 Postgres: PostgreSQL database world (local development)
  • ▲ Vercel: Vercel production/preview deployment
  • 🌐 Turso: Community world (local development)
  • 🌐 MongoDB: Community world (local development)
  • 🌐 Redis: Community world (local development)
  • 🌐 Jazz: Community world (local development)

📋 View full workflow run

Copilot AI reviewed Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the repo’s release-related GitHub Actions workflows to stop using a shared long-lived PAT and instead generate short-lived, per-run GitHub App installation tokens to reduce rate-limit contention and improve credential hygiene.

Changes:

  • Added actions/create-github-app-token@v1 steps to generate a GitHub App token during workflow execution.
  • Replaced prior GH_TOKEN_PULL_REQUESTS usage with the generated token for checkout and GitHub API interactions.
  • Extended the dispatch workflow token to cover cross-repo access to vercel/workflow and vercel/front.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
.github/workflows/release.yml Generates a GitHub App token per run and uses it for checkout, Changesets PR/release operations, and gh release creation.
.github/workflows/dispatch-front-workflow-release-pr.yml Generates a GitHub App token per job with access to workflow,front and uses it for actions/github-script dispatch calls.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

VaguelySerious
VaguelySerious approved these changes Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@VaguelySerious VaguelySerious left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's give it a shot with the next release PR, could go out today

@TooTallNate TooTallNate merged commit 5811beb into main Mar 12, 2026
106 of 108 checks passed
@TooTallNate TooTallNate deleted the nr/ci-github-app-token branch March 12, 2026 19:00
This was referenced Mar 12, 2026
Merged
Merged
pranaygp added a commit that referenced this pull request Mar 13, 2026
@pranaygp
Merge remote-tracking branch 'origin/main' into pgp/serialize-abort-s…
3d76329 
…ignal

* origin/main:
  fix: separate infrastructure vs user code error handling (#1339)
  Revert "Fix e2e CLI SIGTERM flake: use SIGKILL to reliably kill hung processes"
  Fix e2e CLI SIGTERM flake: use SIGKILL to reliably kill hung processes
  ci: fix git identity for changesets Version Packages commit (#1357)
  ci: configure git identity for GitHub App bot account (#1356)
  fix(cli): remove short flag collision on `-e` in health command (#1343)
  Fix flaky Vercel prod e2e tests by skipping CLI update check (#1350)
  Fix Windows `ERR_UNSUPPORTED_ESM_URL_SCHEME` in dynamic imports (#1346)
  Fix flaky hook test by replacing setTimeout with deterministic awaits (#1347)
  ci: use dedicated GitHub App token instead of shared PAT (#1351)
  [world-local] Enforce hook token uniqueness and atomicity, matches other worlds (#1348)
  fix(core): suppress stale WORKFLOW_VERCEL_* env var warning outside serverless runtime (#1345)

# Conflicts:
#	packages/core/src/runtime/step-handler.ts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@VaguelySerious VaguelySerious VaguelySerious approved these changes

@karthikscale3 karthikscale3 karthikscale3 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@TooTallNate @VaguelySerious @karthikscale3