Merge pull request #972 from getsentry/replace-bot-account-with-github-app

Jeffreyhung · web-flow · commit 8d99f609ce8d · 2024-12-11T11:19:09.000-08:00
feat(security): Replace bot account with GitHub App
diff --git a/.github/workflows/auto-merge.yml b/.github/workflows/auto-merge.yml
@@ -7,11 +7,17 @@ jobs:
     if: github.actor == 'getsentry-bot' && startsWith(github.head_ref, 'craft-')
     runs-on: ubuntu-latest
     steps:
+    - name: Get auth token
+      id: token
+      uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+      with:
+        app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
+        private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
     - run: |
         set -x
         GH_TOKEN=$GHA_TOKEN gh pr review --approve --repo "$GITHUB_REPOSITORY" "$PR"
         GH_TOKEN=$BOT_TOKEN gh pr merge --auto --merge --repo "$GITHUB_REPOSITORY" "$PR"
       env:
         PR: ${{ github.event.number }}
         GHA_TOKEN: ${{ github.token }}
-        BOT_TOKEN: ${{ secrets.GH_RELEASE_PAT }}
+        BOT_TOKEN: ${{ steps.token.outputs.token }}
