From 0f99b6310869e031034fa096026b94ac04497d36 Mon Sep 17 00:00:00 2001
From: Remco Vermeulen <rvermeulen@github.com>
Date: Wed, 28 Aug 2024 13:01:42 -0700
Subject: [PATCH] Use GitHub App for authz

---
 .github/workflows/update-release-branch.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml
index 05fc4c43c1..c823a38c2a 100644
--- a/.github/workflows/update-release-branch.yml
+++ b/.github/workflows/update-release-branch.yml
@@ -104,6 +104,7 @@ jobs:
   backport:
     timeout-minutes: 45
     runs-on: ubuntu-latest
+    environment: Automation
     needs: [prepare]
     if: ${{ (github.event_name == 'push') && needs.prepare.outputs.backport_target_branches != '[]' }}
     strategy:
@@ -114,17 +115,24 @@ jobs:
       SOURCE_BRANCH: ${{ needs.prepare.outputs.backport_source_branch }}
       TARGET_BRANCH: ${{ matrix.target_branch }}
     steps:
+    - uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4
+      id: app-token
+      with:
+        app-id: ${{ vars.AUTOMATION_APP_ID }}
+        private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
     - uses: actions/checkout@v4
       with:
         fetch-depth: 0  # Need full history for calculation of diffs
     - uses: ./.github/actions/release-initialise
 
     - name: Update older release branch
+      env:
+        GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
       run: |
         echo SOURCE_BRANCH=${SOURCE_BRANCH}
         echo TARGET_BRANCH=${TARGET_BRANCH}
         python .github/update-release-branch.py \
-          --github-token ${{ secrets.GITHUB_TOKEN }} \
+          --github-token ${GITHUB_TOKEN} \
           --repository-nwo ${{ github.repository }} \
           --source-branch ${SOURCE_BRANCH} \
           --target-branch ${TARGET_BRANCH} \