From dab70b14e6d73500678d953a942fdec953060a43 Mon Sep 17 00:00:00 2001
From: Todd Anderson <tanderson@launchdarkly.com>
Date: Mon, 12 Feb 2024 13:51:06 -0600
Subject: [PATCH] Updating token in release-please workflow so it can trigger
 the publish workflow after pushing the tag

---
 .github/workflows/release-please.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml
index a7e7f86..d8fa24e 100644
--- a/.github/workflows/release-please.yml
+++ b/.github/workflows/release-please.yml
@@ -16,8 +16,18 @@ jobs:
       pull-requests: write
 
     steps:
+      # Normally a workflow cannot trigger another workflow. For this workflow we need to create a
+      # tag that will trigger another workflow. Github determines that something is created by
+      # a workflow/bot based on the token. So to allow the tag creation to trigger a workflow
+      # we must use a personal access token.
+      - uses: launchdarkly/gh-actions/actions/release-secrets@release-secrets-v1.0.1
+        name: "Get PAT"
+        with:
+          aws_assume_role: ${{ vars.AWS_ROLE_ARN }}
+          ssm_parameter_pairs: "/production/common/releasing/flutter_gh_pat = GITHUB_PAT"
+
       - uses: google-github-actions/release-please-action@v4
         id: release
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ env.GITHUB_PAT }}
           target-branch: ${{ github.ref_name }}