chore: update CI workflows to use application token action (#9)

Leundai · web-flow · commit 1370381942be · 2025-12-16T08:45:18.000-05:00
- Added a step to retrieve an application token in both `ci.yaml` and
`release-please.yaml`.
- Updated the token usage to include application ID and private key from
secrets, along with necessary permissions for actions and packages.
- Switched the release-please action to use the newly retrieved token
for authentication.
diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml
@@ -13,6 +13,15 @@ jobs:
   release-please:
     runs-on: ubuntu-latest
     steps:
-      - uses: googleapis/release-please-action@7987652d64b4581673a76e33ad5e98e3dd56832f # v4.1.3
+      - name: Get Token
+        id: get_actions_token
+        uses: nominal-io/workflow-application-token-action@86d05551fa394b4b813e0deee328005b45cf5237 # v4.0.1
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          application_id: ${{secrets.NOMBOT_APP_ID}}
+          application_private_key: ${{secrets.NOMBOT_PRIVATE_KEY}}
+          permissions: "actions:write, packages:write, contents:write, pull_requests:write"
+          organization: "nominal-io"
+
+      - uses: nominal-io/release-please-action@main
+        with:
+          token: ${{ steps.get_actions_token.outputs.token }}
