chore(ci): update create-github-app-token to suport Node.js 24

[Thalarion]

See

here
https://github.com/trezor/trezor-firmware/actions/runs/24768702531

I tested Crowdin - pull translations (manual) action and it worked as expected.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 53b09df9-9007-4ca0-8977-b74efa3ff88a

📥 Commits

Reviewing files that changed from the base of the PR and between 07f456f and 8d4dace.

📒 Files selected for processing (4)

• .github/workflows/bot-common-sync.yml
• .github/workflows/bot-needs-qa.yml
• .github/workflows/bot-project-automation.yml
• .github/workflows/crowdin-pull.yml

🚧 Files skipped from review as they are similar to previous changes (2)

• .github/workflows/bot-project-automation.yml
• .github/workflows/bot-needs-qa.yml

---

Walkthrough

Four GitHub Actions workflows (.github/workflows/{bot-common-sync, bot-needs-qa, bot-project-automation, crowdin-pull}.yml) update the "Generate GitHub App token" step to a pinned v3.1.1 revision of actions/create-github-app-token (specific commit). The step input key is changed from app-id to client-id and now references TREZOR_BOT_CLIENT_ID where applicable; private-key continues to use TREZOR_BOT_PRIVATE_KEY. No other workflow logic, outputs, or exported/public entities were modified.

Sequence Diagram(s)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is incomplete and lacks required sections from the template. It does not follow the structured format for core developers, missing PR setup details, development status assignment, and post-merge status.	Add PR assignment, project setup details, and status information as outlined in the template. Include whether testing is required and add 'Notes for QA' if applicable.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: updating the create-github-app-token action to support Node.js 24, which aligns with the changeset updating the action version across multiple workflows.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch thalarion/fix_nodejs_20_warning_in_crowdin_pull

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

en main(all)

model	device_test	click_test	persistence_test
T2T1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3B1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3T1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3W1	test(all) main(all)	test(all) main(all)	test(all) main(all)

Latest CI run: 25424291564

[M1nd3r]

• The commit hashes are valid and expected.
• I was not able to verify, whether the secret TREZOR_BOT_APP_ID is of type client-id.

nit:
Consider being more verbose in commit messages - e.g. specifying from-to versions when updating something and using the actual name of what you are updating. (example)

[M1nd3r]

utACK

[Thalarion]

successful test run, with the new TREZOR_BOT_CLIENT_ID, here