From c67f89b995a45d69051f1cd2b292a8bd4d33cced Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Ch=C4=99ci=C5=84ski?= <michal@checinski.me>
Date: Mon, 13 Jan 2025 16:17:41 +0100
Subject: [PATCH] Use GH App token instead of PAT token to trigger the deploy
 workflow (#100)

---
 .github/workflows/main.yml | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 019668f..72749d6 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -1,4 +1,4 @@
-name: main
+name: Main
 
 on:
   push:
@@ -13,6 +13,7 @@ on:
 
 jobs:
   format:
+    name: Format
     runs-on: ubuntu-24.04
 
     permissions:
@@ -34,6 +35,7 @@ jobs:
         run: npm run format:check
 
   deploy:
+    name: Deploy
     if: ${{ github.event_name == 'release' }}
     needs: format
     runs-on: ubuntu-24.04
@@ -65,9 +67,16 @@ jobs:
             dist
             package.json
 
+      - name: Generate GH App token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1.11.1
+        id: app-token
+        with:
+          app-id: ${{ secrets.BW_GHAPP_ID }}
+          private-key: ${{ secrets.BW_GHAPP_KEY }}
+
       - name: Dispatch deployment
         env:
-          GITHUB_TOKEN: ${{ secrets.DEPLOYMENT_GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
         run: >
           gh workflow run deploy-passwordless-client-js
           --repo bitwarden/passwordless-devops