From 251cedf111c166ecf354d36980289c3910c188fb Mon Sep 17 00:00:00 2001
From: Manuel <30572287+manuel-rw@users.noreply.github.com>
Date: Thu, 6 Jun 2024 18:06:28 +0200
Subject: [PATCH] ci: use app instead of personal token (#611)

---
 .github/workflows/renovate-automatic-approval.yml | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/renovate-automatic-approval.yml b/.github/workflows/renovate-automatic-approval.yml
index 5ebb99b72..1185fd800 100644
--- a/.github/workflows/renovate-automatic-approval.yml
+++ b/.github/workflows/renovate-automatic-approval.yml
@@ -6,17 +6,20 @@ on:
 jobs:
   approve-renovate-prs:
     runs-on: ubuntu-latest
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
-
+      - name: Obtain token
+        id: obtainToken
+        uses: tibdex/github-app-token@v2
+        with:
+          private_key: ${{ secrets.RENOVATE_APPROVE_PRIVATE_KEY }}
+          app_id: ${{ secrets.RENOVATE_APPROVE_APP_ID }}
       - name: Install GitHub CLI
         run: sudo apt-get install -y gh
-
       - name: Approve Renovate PRs
         env:
-          GITHUB_TOKEN: ${{ secrets.RENOVATE_APPROVE_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.obtainToken.outputs.token }}
         run: |
           for pr in $(gh pr list --author homarr-renovate[bot] --json number --jq .[].number); do
             gh pr review $pr --approve --body "Automatically approved by GitHub Action"