Use app tokens in other github actions

Author: grst

.github/workflows/deploy-instance-pr-actions.yml

@@ -9,9 +9,19 @@ jobs:
 
     env:
       INSTANCE_REPO_GITHUB: scverse/cookiecutter-scverse-instance
-      GH_TOKEN: ${{ secrets.BOT_GH_TOKEN }} # for gh cli
 
     steps:
+      - name: Generate tokens
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.PR_CREATOR_APP_ID }}
+          private-key: ${{ secrets.PR_CREATOR_PRIVATE_KEY }}
+          repositories: cookiecutter-scverse-instance
+
+      - name: Authenticate gh CLI with app token
+        run: echo "${{ steps.app-token.outputs.token }}" | gh auth login --with-token
+
       - name: Define sister PR branch name
         run: |
           echo "SISTER_PR_BRANCH=pr-${{ github.event.pull_request.number }}" >> $GITHUB_ENV

.github/workflows/propagate-pre-commit.yml

@@ -10,9 +10,16 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.actor == 'pre-commit-ci[bot]' }}
     steps:
+      - name: Generate tokens
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.PR_CREATOR_APP_ID }}
+          private-key: ${{ secrets.PR_CREATOR_PRIVATE_KEY }}
+
       - uses: actions/checkout@v6
         with:
-          token: ${{ secrets.BOT_GH_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
       - run: pipx install pre-commit
       - run: cd '{{cookiecutter.project_name}}' && pre-commit autoupdate
       - uses: stefanzweifel/git-auto-commit-action@v7