Use Valkeyrie Bot for assign-blog-reviewers workflow

[madolson]

The token I was using showed up like it was from me, which does not make sense. Using a new GitHub App so it's not from me!

[coderabbitai]

📝 Walkthrough

Walkthrough

The assign-blog-reviewers workflow is changed to generate a GitHub App installation token via actions/create-github-app-token and pass that token into the actions/github-script step using the github-token input instead of relying on the workflow default token.

Changes

GitHub App Token Integration

Layer / File(s)	Summary
Generate and use GitHub App installation token .github/workflows/assign-blog-reviewers.yml	Top-level permissions set to {}. A new actions/create-github-app-token step is added to produce an installation token from VALKEYRIE_BOT_APP_ID and VALKEYRIE_BOT_PRIVATE_KEY. The actions/github-script step is updated to use the generated token via its github-token input.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is minimal and lacks required sections from the template, including 'Issues Resolved' and the DCO checklist.	Update the description to include the 'Issues Resolved' section (if applicable) and check the DCO signoff requirement. Provide more detail about why the token change was necessary.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main change: adopting Valkeyrie Bot for the assign-blog-reviewers workflow, which matches the PR's core objective.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/assign-blog-reviewers.yml:
- Around line 9-13: The workflow is missing explicit minimal permissions which
widens blast radius for pull_request_target; update the workflow to declare
explicit least-privilege permissions (e.g., set permissions: {} at the workflow
or the assign-reviewers job level) so the assign-reviewers job (and its
"Generate token" step) does not inherit broad GITHUB_TOKEN rights. Ensure the
permissions declaration appears before jobs and applies to the assign-reviewers
job if you only want to limit that job’s token scope.
- Line 15: Replace the mutable reference "actions/create-github-app-token@v1"
with the repository at a specific immutable commit SHA (the full 40-char commit)
to prevent supply-chain risk; find the "uses:
actions/create-github-app-token@v1" entry and update it to the same pinned-SHA
style used for "actions/github-script" in this workflow so the action is
referenced by its exact commit hash instead of a floating tag.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: b49392c4-f5a6-473d-8c4d-912dce4f4bd4

📥 Commits

Reviewing files that changed from the base of the PR and between 27d20eb and 855050a.

📒 Files selected for processing (1)

• .github/workflows/assign-blog-reviewers.yml