From f004d83f2d3e22e6e433e6d9f9489760b53f7773 Mon Sep 17 00:00:00 2001
From: John McBride <john@opensauced.pizza>
Date: Fri, 1 Sep 2023 14:21:56 -0600
Subject: [PATCH] fix: Use generated token for semantic release (#45)

Signed-off-by: John McBride <john@opensauced.pizza>
---
 .github/workflows/release.yaml | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index c3ea375..b70ddf1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -11,20 +11,25 @@ jobs:
   release:
     name: Semantic release
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
     timeout-minutes: 10
     steps:
+      - name: "🔐 Generate token"
+        id: generate_token
+        uses: tibdex/github-app-token@v1
+        with:
+          app_id: ${{ secrets.OS_GITHUB_APP_ID }}
+          private_key: ${{ secrets.OS_GITHUB_APP_PRIVATE_KEY }}
 
       - name: "☁️  Checkout repository"
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ steps.generate_token.outputs.token }}
 
       - name: "🚀 Release tag"
         id: semantic-release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.generate_token.outputs.token }}
           SKIP_NPM_PUBLISH: true
           SKIP_DOCKER_PUBLISH: true
         uses: open-sauced/release@v2