fix: use app token instead of action token so we can push to main branch

Author: zejd-cicak

.github/workflows/publish.yaml

@@ -19,8 +19,41 @@ jobs:
       id-token: write
       contents: read
     steps:
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: arn:aws:iam::048781935247:role/GH-APP-OIDC-CBMyFrontDesk
+          aws-region: us-west-2
+
+      - name: Get app private key from SSM and apply mask
+        id: app-private-key
+        shell: bash
+        run: |
+          aws ssm get-parameter --name /github/app/CBMyFrontDesk/private-key --output text --with-decryption --query Parameter.Value > private.key
+          {
+            echo "key<<EOF"
+            cat private.key
+            echo "EOF"
+          } >> $GITHUB_OUTPUT
+          while read -r line;
+          do
+            if [[ -n "${line}" ]]; then
+              echo "::add-mask::${line}"
+            fi
+          done < private.key
+          rm private.key
+
+      - name: Generate token
+        id: generate-token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: 391670
+          private_key: ${{ steps.app-private-key.outputs.key }}
+
       - name: Checkout code
         uses: actions/checkout@v4
+        with:
+          token: ${{ steps.generate-token.outputs.token }}
 
       - name: Get API docs
         run: |