From 66929413a8121ae87ed87335612e2aa3ac9fd892 Mon Sep 17 00:00:00 2001
From: Cameron Dutro <camertron@gmail.com>
Date: Mon, 7 Aug 2023 15:58:48 -0700
Subject: [PATCH] Use the Primer GitHub App for auth instead of the
 GPR_AUTH_TOKEN_SHARED (#2194)

---
 .github/workflows/release.yml      | 13 ++++++++++++-
 .github/workflows/static-files.yml | 12 +++++++++++-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f8a0da4537..a5b17b3837 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -37,6 +37,17 @@ jobs:
       # and we cannot add it as dependency because it conflicts with `primer-changesets-cli`
       - run: npm install @changesets/cli@2.26.1
 
+      # Use the primer GitHub App for authentication.
+      # See: https://github.com/organizations/primer/settings/apps/primer
+      - id: get-access-token
+        uses: camertron/github-app-installation-auth-action@v1
+        with:
+          app-id: ${{ vars.PRIMER_APP_ID_SHARED }}
+          private-key: ${{ secrets.PRIMER_APP_PRIVATE_KEY_SHARED }}
+          client-id: ${{ vars.PRIMER_APP_CLIENT_ID_SHARED }}
+          client-secret: ${{ secrets.PRIMER_APP_CLIENT_SECRET_SHARED }}
+          installation-id: ${{ vars.PRIMER_APP_INSTALLATION_ID_SHARED }}
+
       - name: Create release pull request or publish to npm
         id: changesets
         uses: changesets/action@v1
@@ -45,5 +56,5 @@ jobs:
           version: npm run changeset:version
           publish: script/changeset-publish
         env:
-          GITHUB_TOKEN: ${{ secrets.GPR_AUTH_TOKEN_SHARED }}
+          GITHUB_TOKEN: ${{ steps.get-access-token.outputs.access-token }}
           NPM_TOKEN: ${{ secrets.NPM_AUTH_TOKEN_SHARED }}
diff --git a/.github/workflows/static-files.yml b/.github/workflows/static-files.yml
index a4e372928c..1c9081e6b6 100644
--- a/.github/workflows/static-files.yml
+++ b/.github/workflows/static-files.yml
@@ -9,9 +9,19 @@ jobs:
   static:
     runs-on: ubuntu-latest
     steps:
+      # Use the primer GitHub App for authentication.
+      # See: https://github.com/organizations/primer/settings/apps/primer
+      - id: get-access-token
+        uses: camertron/github-app-installation-auth-action@v1
+        with:
+          app-id: ${{ vars.PRIMER_APP_ID_SHARED }}
+          private-key: ${{ secrets.PRIMER_APP_PRIVATE_KEY_SHARED }}
+          client-id: ${{ vars.PRIMER_APP_CLIENT_ID_SHARED }}
+          client-secret: ${{ secrets.PRIMER_APP_CLIENT_SECRET_SHARED }}
+          installation-id: ${{ vars.PRIMER_APP_INSTALLATION_ID_SHARED }}
       - uses: actions/checkout@v3
         with:
-          token: ${{ secrets.GPR_AUTH_TOKEN_SHARED }}
+          token: ${{ steps.get-access-token.outputs.access-token }}
       - uses: ruby/setup-ruby@v1
         with:
           ruby-version: '3.2'