Use DBX PR app to create merge-up pull requests

[alcaeus]

As with mongodb/mongo-php-driver#1972, this change modifies the merge-up workflow to no longer rely on a token, but rather uses the DBX PR app to create pull requests.

[Copilot]

Pull request overview

Updates the merge-up GitHub Actions workflow to create merge-up pull requests using the DBX PR app authentication flow instead of a repository token/secret, aligning with the approach used elsewhere in the driver org.

Changes:

• Removes the workflow-level GH_TOKEN configuration tied to MERGE_UP_TOKEN.
• Switches checkout to mongodb-labs/drivers-github-tools/secure-checkout@v3 using GitHub App credentials.
• Adds explicit job permissions needed for OIDC/app auth and PR creation.

Comments suppressed due to low confidence (1)

.github/workflows/merge-up.yml:35

• The workflow no longer sets GH_TOKEN/a PAT, but the alcaeus/automatic-merge-up-action step is not explicitly given an app token either. Unless mongodb-labs/drivers-github-tools/secure-checkout@v3 exports a token in an env var that this action consumes, PR creation may run with the default GITHUB_TOKEN (or fail) and may not meet the goal of using the DBX PR app. Consider explicitly wiring the generated app token into the merge-up action (via its supported token/github_token input or an env var) so authentication is unambiguous.

      - name: Create pull request
        id: create-pull-request
        uses: alcaeus/automatic-merge-up-action@1.0.1
        with:
          ref: ${{ github.ref_name }}
          branchNamePattern: 'v<major>.<minor>'
          devBranchNamePattern: 'v<major>.x'
          ignoredBranches: ${{ vars.IGNORED_MERGE_UP_BRANCHES }}
          enableAutoMerge: true

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 87.91%. Comparing base (70c7645) to head (39da041).
⚠️ Report is 1 commits behind head on v2.2.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@             Coverage Diff              @@
##               v2.2    #1874      +/-   ##
============================================
- Coverage     87.99%   87.91%   -0.09%     
+ Complexity     3228     3208      -20     
============================================
  Files           428      428              
  Lines          6433     6390      -43     
============================================
- Hits           5661     5618      -43     
  Misses          772      772              

Flag	Coverage Δ
6.0-replica_set	86.71% <ø> (-0.09%)	⬇️
6.0-server	82.76% <ø> (+0.42%)	⬆️
6.0-sharded_cluster	86.49% <ø> (-0.10%)	⬇️
8.0-replica_set	87.77% <ø> (-0.09%)	⬇️
8.0-server	83.53% <ø> (+0.43%)	⬆️
8.0-sharded_cluster	87.60% <ø> (-0.09%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.