add gh app, change autocommit to verified-bot-commit

[andrew-fleming]

This PR proposes to:

• Integrate GH app
• Replace auto-commit with verified-bot-commit

Fixes #321

Summary by CodeRabbit

• Chores
  • Updated release preparation workflow with enhanced authentication and verification mechanisms to improve release deployment reliability and security.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Important

Review skipped

Auto incremental reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: abd03d78-5329-4dae-be2d-97010e0b60d6

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

Walkthrough

The release preparation workflow is updated to retrieve a GitHub App token during checkout and replace the simple auto-commit step with a two-step process that collects changed files and creates a verified bot commit.

Changes

Cohort / File(s)	Summary
GitHub Actions Workflow Configuration .github/workflows/prepare-release.yml	Added GitHub App token retrieval step using actions/create-github-app-token and passes token to Checkout. Replaced single "Auto-commit changes" step with two-step verified commit process: "Collect changed files" (outputs file list) and "Commit version bump" (uses iarekylew00t/verified-bot-commit action with message, token, ref, and collected files).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 A token appears, shiny and bright,
GitHub App whispers through the night,
Changed files collected, sorted with care,
Verified commits floating through air! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the two main changes: adding GitHub App token retrieval and replacing auto-commit with verified-bot-commit action.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[emnul]

Very nice!