ci: use actions/create-github-app-token for workflow access tokens (#…

…285)

.changeset/weak-waves-accept.md

@@ -0,0 +1,6 @@
+---
+"@bfra.me/.github": patch
+---
+
+Switch to `actions/create-github-app-token` to generate workflow access tokens.
+

.github/workflows/main.yaml

@@ -52,11 +52,11 @@ jobs:
     steps:
       - id: get-workflow-access-token
         name: Get Workflow Access Token
-        uses: peter-murray/workflow-application-token-action@baa1ef2638c3d9e5967b7c8b86219f8fc919e1bb # v3.0.1
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
-          application_id: ${{ secrets.APPLICATION_ID }}
-          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
-          permissions: 'contents:write, issues:write, pull_requests:write'
+          app-id: ${{ secrets.APPLICATION_ID }}
+          private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
       - name: Setup Git user
         run: |
           git config --global user.email '118100583+bfra-me[bot]@users.noreply.github.com'

.github/workflows/update-repo-settings.yaml

@@ -44,12 +44,12 @@ jobs:
 
       - id: get-workflow-access-token
         if: github.event_name != 'push' || steps.filter.outputs.changes == 'true'
-        uses: peter-murray/workflow-application-token-action@baa1ef2638c3d9e5967b7c8b86219f8fc919e1bb # v3.0.1
         name: Get Workflow Access Token
+        uses: actions/create-github-app-token@5d869da34e18e7287c1daad50e0b8ea0f506ce69 # v1.11.0
         with:
-          application_id: ${{ secrets.APPLICATION_ID }}
-          application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
-          permissions: 'administration:write, contents:read, issues:write'
+          app-id: ${{ secrets.APPLICATION_ID }}
+          private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+          owner: ${{ github.repository_owner }}
 
       - env:
           GITHUB_TOKEN: ${{ steps.get-workflow-access-token.outputs.token }}