From c76da1c3527302fe40c7d036b28c27aed9814f62 Mon Sep 17 00:00:00 2001
From: Oliver Sun <73540835+oliversun9@users.noreply.github.com>
Date: Fri, 10 Nov 2023 17:13:08 -0500
Subject: [PATCH] Use GitHub app token to draft release (#178)

---
 .github/workflows/draft-release.yaml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/draft-release.yaml b/.github/workflows/draft-release.yaml
index b35c3f6..e948bd9 100644
--- a/.github/workflows/draft-release.yaml
+++ b/.github/workflows/draft-release.yaml
@@ -9,6 +9,8 @@ on:
         description: The released CLI version without 'v'. For example, 1.0.0.
 permissions:
   contents: write
+env:
+  APP_ID: 257262
 jobs:
   draft_release:
     runs-on: ubuntu-latest
@@ -24,10 +26,16 @@ jobs:
         run: |
           VERSION="${{ github.event.inputs.version || github.head_ref}}"
           echo "VERSION=${VERSION##*/v}" >> $GITHUB_ENV
+      - name: Get GitHub app token
+        uses: actions/create-github-app-token@v1
+        id: app_token
+        with:
+          app-id: ${{ env.APP_ID }}
+          private-key: ${{ secrets.TOKEN_EXCHANGE_GH_APP_PRIVATE_KEY }}
       - name: Checkout repository code
         uses: actions/checkout@v3
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.app_token.outputs.token }}
           fetch-depth: 0
       - name: Sync v1 branch
         run: |
@@ -38,4 +46,4 @@ jobs:
       - name: Release
         run: gh release create --draft --title "v${VERSION}" "v${VERSION}"
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ steps.app_token.outputs.token }}