fix(ci-cd): use token-bureau (#1914)

gary-van-woerkens · web-flow · commit 7ab4b98bddde · 2025-02-03T10:05:36.000+01:00
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -5,12 +5,22 @@ on:
   push:
     branches: [main, alpha, beta, next]
 
+permissions:
+  id-token: write  # Required for OIDC token generation
+
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
     steps:
 
+    - name: Get GitHub App Token
+      id: token
+      uses: SocialGouv/token-bureau@main
+      with:
+        token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
+        audience: socialgouv
+
     - name: Checkout repository
       uses: actions/checkout@v3
       with:
@@ -38,4 +48,4 @@ jobs:
         GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
         GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
         GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
-        GITHUB_TOKEN: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
+        GITHUB_TOKEN: ${{ steps.token.outputs.token }}
