VLN-442: Use first-party action for GitHub app tokens (#872)

picatz · web-flow · commit d1bdd23a126b · 2025-11-12T10:51:44.000-05:00
## Summary

- `.github/workflows/trigger-publish.yml`: Set the GitHub App token step
to include owner temporalio and added repositories list for cli and
docker-builds so the generated token retains access to both repos.
- `.github/workflows/trigger-docs.yml`: Upgraded the GitHub App token
step to actions/create-github-app-token@v2 and switched repositories
input to a multiline list (documentation) with an explanatory comment
while keeping the owner scoped to the repository owner.

---

Previous summary:

## Summary

- `.github/workflows/trigger-publish.yml`: Replaced
tibdex/github-app-token with actions/create-github-app-token@v2 and
converted inputs to the new action’s kebab-case names so the workflow
continues generating the app token securely.
diff --git a/.github/workflows/trigger-docs.yml b/.github/workflows/trigger-docs.yml
@@ -32,12 +32,14 @@ jobs:
 
       - name: Generate token
         id: generate_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
           private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repositories: documentation # generate a token with permissions to trigger GHA in documentation repo
+          # Generate a token with permissions to trigger GHA in documentation repo.
+          repositories: |
+            documentation
 
       - name: Trigger Documentation Workflow
         env:
diff --git a/.github/workflows/trigger-publish.yml b/.github/workflows/trigger-publish.yml
@@ -18,10 +18,14 @@ jobs:
     steps:
       - name: Generate a token
         id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        uses: actions/create-github-app-token@v2
         with:
-          app_id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
-          private_key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
+          app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
+          private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
+          owner: temporalio
+          repositories: |
+            cli
+            docker-builds
 
       - name: Dispatch docker builds Github Action
         env:
