Merge pull request #219 from chiukapoor/github-app-token

Add support for app token to acquire `GITHUB_TOKEN`

Author: snasovich

.github/workflows/add_new_versions.yml

@@ -5,12 +5,10 @@ on:
   schedule: 
    - cron: "0 0 * * 3"
 
-
 permissions:
   contents: write
   pull-requests: write
 
-
 jobs:
   generate_and_raise_pr:
     runs-on: ubuntu-latest
@@ -34,11 +32,25 @@ jobs:
           python -u workflow_scripts/check-for-new-versions.py
         env:
           EXCLUDED_VERSIONS: "v20.10.x,v23.0.x,v25.0.x,v26.1.x"
+
+      - name: Read App Secrets
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials appId | APP_ID ;
+            secret/data/github/repo/${{ github.repository }}/github/app-credentials privateKey | PRIVATE_KEY
+
+      - name: Create App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ env.APP_ID }}
+          private-key: ${{ env.PRIVATE_KEY }}
 
       - name: check if the PR exist
         if: ${{ env.PR_TITLE != '' }}
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           PR_TITLE: ${{env.PR_TITLE}}
         run: |
           EXISTING_PR=$(gh pr list --limit 1500 --json title,url | jq --arg title "${PR_TITLE}" -r '.[] | select(.title==$title) | .url')
@@ -76,7 +88,7 @@ jobs:
         id: cpr
         env:
           SOURCE_BRANCH: ${{ steps.branch.outputs.branch }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
           PR_TITLE: ${{env.PR_TITLE}}
           PR_BODY: autogenerated PR to add docker ${{env.NEW_VERSIONS}}
         run: |