From 15c28f31283f06762bddf92f53c99eb788200e0c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ziegler=20Andr=C3=A1s?= <andras.ziegler@silabs.com>
Date: Thu, 8 May 2025 14:57:42 +0200
Subject: [PATCH] SOSC-165 updated workflow to use gh app now
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Ziegler András <andras.ziegler@silabs.com>
---
 .github/workflows/01-CLA-Assistant.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/01-CLA-Assistant.yml b/.github/workflows/01-CLA-Assistant.yml
index 8a20d26..23bd11a 100644
--- a/.github/workflows/01-CLA-Assistant.yml
+++ b/.github/workflows/01-CLA-Assistant.yml
@@ -1,6 +1,5 @@
 name: 01-CLA-Assistant
-## This workflow is used to check the CLA validation for the pull requests.concurrency: 
-## Source: https://github.com/SiliconLabsSoftware/action-cla-assistant/tree/silabs_flavour_v2
+## This workflow is used for public repositories
 
 on:
   issue_comment:
@@ -8,7 +7,6 @@ on:
   pull_request_target:
     types: [opened,closed,synchronize,reopened]
 
-# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
 permissions:
   actions: write
   contents: read # this can be 'read' if the signatures are in remote repository
@@ -17,20 +15,26 @@ permissions:
 
 jobs:
   CLAAssistant:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
+      - name: Create CLA Assistant Lite bot token
+        uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: SiliconLabsInternal
+          repositories: contributor-license-agreements
+
       - name: "CLA Assistant"
         if: ${{ contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA') }} || github.event_name == 'pull_request_target'
         uses: SiliconLabsSoftware/action-cla-assistant@silabs_flavour_v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # the below token should have repo scope and must be manually added by you in the repository's secret
-          # This token is required only if you have configured to store the signatures in a remote repository/organization
-          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
         with:
           path-to-signatures: "cla_signatures_db.json"
           path-to-document: "https://github.com/SiliconLabsSoftware/agreements-and-guidelines/blob/main/contributor_license_agreement.md"
-          # branch should not be protected
           branch: 'cla-database'
           allowlist: silabs-*,bot*
           # the following are the optional inputs - If the optional inputs are not given, then default values will be taken