From ab12ed00ccbd89e1793641453a42b2a2f767a3be Mon Sep 17 00:00:00 2001
From: Nikola Irinchev <irinchev@me.com>
Date: Wed, 27 Nov 2024 14:31:47 +0100
Subject: [PATCH] chore(ci): use github app token instead of bot user

---
 .github/workflows/codeql.yml          | 2 +-
 .github/workflows/prepare-release.yml | 8 +++++++-
 .github/workflows/publish-release.yml | 8 +++++++-
 3 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 3f84948..5c3a41e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/prepare-release.yml b/.github/workflows/prepare-release.yml
index 810398a..ad1a973 100644
--- a/.github/workflows/prepare-release.yml
+++ b/.github/workflows/prepare-release.yml
@@ -19,6 +19,12 @@ jobs:
   prepare:
     runs-on: ubuntu-latest
     steps:
+      - uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
+        id: app-token
+        with:
+          app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
+          private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
 
       - name: Use Node.js 20.x
@@ -36,7 +42,7 @@ jobs:
         with:
           branch: release/${{ steps.version.outputs.new-version }}
           title: 'chore: bump version to ${{ steps.version.outputs.new-version }}'
-          token: ${{ secrets.SVC_DEVTOOLSBOT_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           draft: false
           body: |
             An automated PR for next release.
diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml
index 7d23068..604d452 100644
--- a/.github/workflows/publish-release.yml
+++ b/.github/workflows/publish-release.yml
@@ -11,6 +11,12 @@ jobs:
       name: Production
       url: https://www.npmjs.com/package/@mongodb-js/oidc-plugin/v/${{ steps.get-version.outputs.package_version }}
     steps:
+      - uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
+        id: app-token
+        with:
+          app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
+          private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
 
       - name: Use Node.js 20.x
@@ -44,7 +50,7 @@ jobs:
       - name: Merge Pull Request
         uses: juliangruber/merge-pull-request-action@9234b8714dda9a08f3d1df5b2a6a3abd7b695353 # 1.3.1
         with:
-          github-token: ${{ secrets.SVC_DEVTOOLSBOT_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           number: ${{ steps.find-pull-request.outputs.number }}
           method: squash