From 953c5923c8079b7e4920ab7a1e876c77bfce287e Mon Sep 17 00:00:00 2001
From: David Hoff-Vanoni <david@vanoni.dev>
Date: Thu, 20 Jun 2024 23:30:18 -0700
Subject: [PATCH] ci: Use GitHub App token to run `release-please` job (#518)

---
 .github/workflows/release.yml | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 51505dd4..f8638ac8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -7,15 +7,20 @@ on:
 jobs:
   release-please:
     runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      pull-requests: write
+    permissions: {}
     outputs:
       release_created: ${{ steps.release-please.outputs.release_created }}
       tag_name: ${{ steps.release-please.outputs.tag_name }}
     steps:
+      - id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
       - id: release-please
-        uses: google-github-actions/release-please-action@v4
+        uses: googleapis/release-please-action@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
   publish-artifacts:
     needs: release-please
     if: needs.release-please.outputs.release_created