chore: automate checkpoints updates

[LesnyRumcajs]

Summary of changes

Changes introduced in this pull request:

• automate checkpoint generation - no more manual ones!

Reference issue to close (if applicable)

Closes #3264

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• Chores
  • Transitioned checkpoint maintenance from monthly issues to daily automated pull requests for more frequent updates.
  • Updated automation schedule to run daily at midnight UTC, improving Forest checkpoint refresh frequency.
  • Enhanced checkpoint submission workflow and streamlined automated maintenance process.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 31518cc and a8cfb28.

📒 Files selected for processing (2)

• .github/CHECKPOINT_ISSUE_TEMPLATE.md
• .github/workflows/checkpoints.yml

💤 Files with no reviewable changes (1)

• .github/CHECKPOINT_ISSUE_TEMPLATE.md

---

Walkthrough

Removed the manual checkpoint issue template and replaced the monthly issue-based process with a daily GitHub Actions workflow that runs a Dockerized update-checkpoints step, obtains a GitHub App token, and opens automated pull requests to update Forest checkpoints.

Changes

Cohort / File(s)	Summary
Template Removal ​.github/CHECKPOINT_ISSUE_TEMPLATE.md	Deleted the Markdown issue template that documented the manual checkpoint procedure and included a script snippet for updating build/known_blocks.yaml.
Workflow Automation ​.github/workflows/checkpoints.yml	Reworked the workflow: trigger changed to daily schedule, job renamed to update-checkpoints, removed issue-creation step, added actions/create-github-app-token@v2 to mint a GitHub App token, runs a Docker container to perform update-checkpoints, and creates PRs using peter-evans/create-pull-request@v8 with a dedicated branch and signed commits.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor Scheduler as "GitHub Actions (cron)"
    participant Workflow as "checkpoints.yml"
    participant AppToken as "GitHub App Token Service"
    participant Runner as "Actions Runner (Docker)"
    participant GitHub as "GitHub API (PR)"

    Scheduler->>Workflow: trigger (daily)
    Workflow->>AppToken: request app token (app-id + private-key)
    AppToken-->>Workflow: return token
    Workflow->>Runner: run Docker job (mount workspace, run update-checkpoints) 
    Runner->>Runner: download snapshots / compute checkpoints
    Runner->>Workflow: produce changes (branch refs / commit)
    Workflow->>GitHub: create/update PR using token
    GitHub-->>Workflow: respond with PR metadata

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• chore: update known blocks #6228: Related checkpoint/template automation changes affecting the same workflow and template.
• Update known blocks subcommand #6604: Implements the update_checkpoints CLI subcommand and wiring that the new workflow is intended to run.
• chore: update known blocks #6017: Contains updates to build/known_blocks.yaml that this automated workflow would produce.

Suggested reviewers

• hanabi1224
• akaladarshi

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: automate checkpoints updates' clearly and concisely describes the main change—automating checkpoint updates—which is the primary objective of the PR.
Linked Issues check	✅ Passed	The PR implements both requirements from issue #3264: creates a cron workflow for checkpoint generation and configures it to propose automated PRs with updated checkpoints instead of requiring manual updates.
Out of Scope Changes check	✅ Passed	All changes are directly aligned with the objective to automate checkpoints: removing the manual template, updating the workflow trigger to daily schedule, and implementing automated PR creation via GitHub App token.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch automate-checkpoints

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

.github/workflows/checkpoints.yml (1)

14-16: Pin the Docker image digest for reproducible checkpoint updates.

The mutable :edge tag can point to different image versions across scheduled runs, potentially causing nondeterministic checkpoint outputs. Since this workflow commits generated checkpoints to a pull request, pinning to a specific digest ensures consistent, reproducible results.

Consider updating the image reference:

-          docker run --rm -v $PWD:/app -w /app --entrypoint forest-dev ghcr.io/chainsafe/forest:edge update-checkpoints
+          docker run --rm -v $PWD:/app -w /app --entrypoint forest-dev ghcr.io/chainsafe/forest@sha256:<DIGEST> update-checkpoints

Replace <DIGEST> with the actual digest of the desired image version (e.g., from docker inspect ghcr.io/chainsafe/forest:edge).

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/checkpoints.yml around lines 14 - 16, The workflow step
named "Update checkpoints" uses the mutable image tag
ghcr.io/chainsafe/forest:edge; replace that tag with a pinned digest
(ghcr.io/chainsafe/forest@sha256:<DIGEST>) to ensure reproducible runs—obtain
the correct <DIGEST> via docker inspect or registry lookup for the desired image
version and update the docker run command in the "Update checkpoints" step to
use the `@sha256`:<DIGEST> form.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In @.github/workflows/checkpoints.yml:
- Around line 14-16: The workflow step named "Update checkpoints" uses the
mutable image tag ghcr.io/chainsafe/forest:edge; replace that tag with a pinned
digest (ghcr.io/chainsafe/forest@sha256:<DIGEST>) to ensure reproducible
runs—obtain the correct <DIGEST> via docker inspect or registry lookup for the
desired image version and update the docker run command in the "Update
checkpoints" step to use the `@sha256`:<DIGEST> form.

---

ℹ️ Review info

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a2f11be and 31518cc.

📒 Files selected for processing (2)

• .github/CHECKPOINT_ISSUE_TEMPLATE.md
• .github/workflows/checkpoints.yml

💤 Files with no reviewable changes (1)

• .github/CHECKPOINT_ISSUE_TEMPLATE.md