auto-cleanup PR does not trigger CI (GITHUB_TOKEN suppresses workflow events)

[ThomasK33]

Problem

PR #2244 (created by the auto-cleanup.yml workflow) has no CI runs. The pr.yml workflow — which triggers on pull_request for all branches — should have run, but it didn't.

Root Cause

The auto-cleanup.yml workflow authenticates with ${{ secrets.GITHUB_TOKEN }} (mapped to GH_TOKEN). GitHub's security model deliberately suppresses downstream workflow triggers for events created by GITHUB_TOKEN:

When you use the repository's GITHUB_TOKEN to perform tasks, events triggered by the GITHUB_TOKEN will not create a new workflow run.

This means all push and pull_request events from the auto-cleanup bot are silently dropped, so pr.yml (and chromatic.yml, etc.) never execute on these PRs.

Evidence

Signal	Value
PR Author	app/github-actions (bot)
Fork?	No — internal coder/mux branch
Token used	secrets.GITHUB_TOKEN
Check runs on head commit	Only Mintlify Deployment (skipped) — no pr.yml jobs
pr.yml trigger	on: pull_request (all branches) — should match but is suppressed

Suggested Fix

Replace GITHUB_TOKEN with a GitHub App token so that events created by the workflow trigger downstream CI. For example, using actions/create-github-app-token:

steps:
  - uses: actions/create-github-app-token@v1
    id: app-token
    with:
      app-id: ${{ vars.BOT_APP_ID }}
      private-key: ${{ secrets.BOT_PRIVATE_KEY }}

  - name: Cleanup with mux
    env:
      GH_TOKEN: ${{ steps.app-token.outputs.token }}
      ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
    run: |
      bunx mux@next run \
        --model anthropic:claude-opus-4-6 \
        --thinking xhigh \
        < .github/prompts/auto-cleanup.md

Alternatively, a PAT stored as a secret works but is less ideal (broader scope, manual rotation).

---

Generated with mux • Model: anthropic:claude-opus-4-6 • Thinking: xhigh

https://mux.md/2y5eg#nM4T5o8cOO6W3A