From 2e5dc3c7f498cd2874b78c9f624351dc1deeb9bf Mon Sep 17 00:00:00 2001
From: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Date: Thu, 26 Feb 2026 12:06:41 +0000
Subject: [PATCH 1/2] ci: use github-actions[bot] as author for weekly lockfile
 commits

The peter-evans/create-pull-request action defaults author to
${{ github.actor }}. For scheduled workflows, GitHub assigns this to
a human user (the schedule owner), causing weekly dependency update
commits to be incorrectly attributed to a maintainer rather than the
bot.

Github-Issue: #2043
---
 .github/workflows/weekly-lockfile-update.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/weekly-lockfile-update.yml b/.github/workflows/weekly-lockfile-update.yml
index 96507d793..3b9d4df9b 100644
--- a/.github/workflows/weekly-lockfile-update.yml
+++ b/.github/workflows/weekly-lockfile-update.yml
@@ -32,6 +32,7 @@ jobs:
         uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
         with:
           commit-message: "chore: update uv.lock with latest dependencies"
+          author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
           title: "chore: weekly dependency update"
           body-path: pr_body.md
           branch: weekly-lockfile-update

From 0a11666cc277a243745307fdaf74435d0dabb76c Mon Sep 17 00:00:00 2001
From: Max Isbey <224885523+maxisbey@users.noreply.github.com>
Date: Thu, 26 Feb 2026 15:22:36 +0000
Subject: [PATCH 2/2] Use sign-commits instead of hardcoded author

sign-commits: true causes the action to create commits via the GitHub
REST API, automatically using the token identity (github-actions[bot])
for both author and committer. This avoids hardcoding the bot email
and gives commits a Verified badge as a bonus.

The author/committer inputs are ignored when sign-commits is enabled.
---
 .github/workflows/weekly-lockfile-update.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/weekly-lockfile-update.yml b/.github/workflows/weekly-lockfile-update.yml
index 3b9d4df9b..5d79d06d5 100644
--- a/.github/workflows/weekly-lockfile-update.yml
+++ b/.github/workflows/weekly-lockfile-update.yml
@@ -32,7 +32,7 @@ jobs:
         uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v7
         with:
           commit-message: "chore: update uv.lock with latest dependencies"
-          author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
+          sign-commits: true
           title: "chore: weekly dependency update"
           body-path: pr_body.md
           branch: weekly-lockfile-update