From af4de8caa0e77ceb5abc1582feed957716d95ab1 Mon Sep 17 00:00:00 2001
From: Jeffrey Hung <17494876+Jeffreyhung@users.noreply.github.com>
Date: Wed, 11 Dec 2024 12:32:48 -0800
Subject: [PATCH] feat(release): Replace release bot with GH app (#621)

The `getsentry-release` is a GitHub bot account that is used in various
automation, and the `${{ secrets.GH_RELEASE_PAT }}` is a personal access
token from that bot account. We are using a regular GitHub account as a
bot while it should be a non-human account since there are no humans
behind it. Hence, we are replacing it with a GitHub App.

Functionality wise, there will be no difference.

More details:
https://www.notion.so/sentry/DACI-Replace-GitHub-bot-accounts-with-GitHub-Apps-getsentry-release-15109965d1204a91b9be71c49e8b66e0?pvs=4

#skip-changelog
---
 .github/workflows/prepare-publish.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/prepare-publish.yml b/.github/workflows/prepare-publish.yml
index 241e187b..fac2be8b 100644
--- a/.github/workflows/prepare-publish.yml
+++ b/.github/workflows/prepare-publish.yml
@@ -25,6 +25,13 @@ jobs:
       - name: Setup dependencies
         run: pnpm install
 
+      - name: Get auth token
+        id: token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
+        with:
+          app-id: ${{ vars.SENTRY_RELEASE_BOT_CLIENT_ID }}
+          private-key: ${{ secrets.SENTRY_RELEASE_BOT_PRIVATE_KEY }}
+
       - name: Create Release Pull Request
         id: changesets
         uses: changesets/action@v1
@@ -33,4 +40,4 @@ jobs:
           commit: 'meta(changelog): Update package versions'
           title: 'meta(changelog): Update package versions'
         env:
-          GITHUB_TOKEN: ${{ secrets.GH_RELEASE_PAT }}
+          GITHUB_TOKEN: ${{ steps.token.outputs.token }}