From 1f4b224ab62da68d35fd2d0463a38459bea290fd Mon Sep 17 00:00:00 2001
From: Michele Dolfi <97102151+dolfim-ibm@users.noreply.github.com>
Date: Fri, 20 Sep 2024 17:02:27 +0200
Subject: [PATCH] chore: switch to gh apps user (#92)

Signed-off-by: Michele Dolfi <dol@zurich.ibm.com>
---
 .github/workflows/cd.yml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 0524898..31a6e95 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -47,14 +47,19 @@ jobs:
     runs-on: ubuntu-latest
     concurrency: release
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/create-github-app-token@v1
+        id: app-token
         with:
-          token: ${{ secrets.GH_PAT }}
+          app-id: ${{ vars.CI_APP_ID }}
+          private-key: ${{ secrets.CI_PRIVATE_KEY }}
+      - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
           fetch-depth: 0  # for fetching tags, required for semantic-release
       - uses: ./.github/actions/setup-poetry
       - name: Run release script
         env:
-          GH_TOKEN: ${{ secrets.GH_PAT }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           TARGET_VERSION: ${{ needs.pre-release-check.outputs.TARGET_TAG_V }}
           CHGLOG_FILE: CHANGELOG.md
         run: ./.github/scripts/release.sh