From 73691c4ecc9bb7adb94b3c4ce23c519eacc322e9 Mon Sep 17 00:00:00 2001
From: Joao Marcal <jmarcal@redhat.com>
Date: Tue, 1 Oct 2024 11:34:48 +0100
Subject: [PATCH] chore(operator): fix CI to use new Github app instead of PAT

---
 .../operator-publish-operator-hub.yml          | 17 +++++++++++++++--
 .github/workflows/operator-release-please.yml  | 18 +++++++++++++++---
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/operator-publish-operator-hub.yml b/.github/workflows/operator-publish-operator-hub.yml
index c3fa69b466298..04e4a938d7774 100644
--- a/.github/workflows/operator-publish-operator-hub.yml
+++ b/.github/workflows/operator-publish-operator-hub.yml
@@ -4,6 +4,19 @@ on:
     types: [published]
 
 jobs:
+  getGithubToken:
+    runs-on: ubuntu-latest
+    outputs:
+      token: ${{ steps.get_github_app_token.outputs.token }}
+    steps:
+      - id: "get_github_app_token"
+        name: "get github token"
+        uses: "actions/create-github-app-token@v1"
+        with:
+          app-id: "${{ secrets.APP_ID }}"
+          owner: "${{ github.repository_owner }}"
+          private-key: "${{ secrets.APP_PRIVATE_KEY }}"
+
   operator-hub-prod-release:
     if: startsWith(github.event.release.tag_name, 'operator/')
     uses: ./.github/workflows/operator-reusable-hub-release.yml
@@ -11,7 +24,7 @@ jobs:
       org: redhat-openshift-ecosystem
       repo: community-operators-prod
     secrets:
-      GRAFANABOT_GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+      GRAFANABOT_GITHUB_TOKEN: ${{ needs.getGithubToken.outputs.token }}
 
   operator-hub-community-release:
     if: startsWith(github.event.release.tag_name, 'operator/')
@@ -20,4 +33,4 @@ jobs:
       org: k8s-operatorhub
       repo: community-operators
     secrets:
-      GRAFANABOT_GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+      GRAFANABOT_GITHUB_TOKEN: ${{ needs.getGithubToken.outputs.token }}
diff --git a/.github/workflows/operator-release-please.yml b/.github/workflows/operator-release-please.yml
index 77be2bc58a237..095c72b4a2cd0 100644
--- a/.github/workflows/operator-release-please.yml
+++ b/.github/workflows/operator-release-please.yml
@@ -12,18 +12,30 @@ permissions:
   pull-requests: write
 
 jobs:
+  getGithubToken:
+    runs-on: ubuntu-latest
+    outputs:
+      token: ${{ steps.get_github_app_token.outputs.token }}
+    steps:
+      - id: "get_github_app_token"
+        name: "get github token"
+        uses: "actions/create-github-app-token@v1"
+        with:
+          app-id: "${{ secrets.APP_ID }}"
+          owner: "${{ github.repository_owner }}"
+          private-key: "${{ secrets.APP_PRIVATE_KEY }}"
   releasePlease:
     runs-on: ubuntu-latest
     outputs:
       release_created: ${{ steps.release.outputs.operator--release_created }}
       release_name: ${{ steps.release.outputs.operator--tag_name }}
     steps:
-      - uses: google-github-actions/release-please-action@v4
+      - uses: googleapis/release-please-action@v4
         id: release
         with:
           path: operator
           config-file: operator/release-please-config.json
-          token: ${{ secrets.GH_TOKEN }}
+          token: ${{ needs.getGithubToken.outputs.token }}
   publishRelease:
     needs:
     - "releasePlease"
@@ -36,7 +48,7 @@ jobs:
           path: "release"
       - name: "publish release"
         env:
-          GH_TOKEN: ${{ secrets.GH_TOKEN }}
+          GH_TOKEN: ${{ needs.getGithubToken.outputs.token }}
         working-directory: "release"
         run: |
           gh release edit "${{ needs.releasePlease.outputs.release_name }}" --draft=false --latest=false
\ No newline at end of file