fix(ci-cd): use token-bureau

SocialGouv · Jan 7, 2025 · bd99361 · bd99361
2 parents 7c2f499 + c387970
commit bd99361
Showing 1 changed file with 13 additions and 3 deletions.
diff --git a/.github/workflows/release-manual.yml b/.github/workflows/release-manual.yml
@@ -2,7 +2,10 @@ name: Manual Release
 
 on: 
   workflow_dispatch:
-
+
+permissions:
+  id-token: write  # Required for OIDC token generation
+
 concurrency:
   cancel-in-progress: true
   group: release-${{ github.ref_name }}
@@ -12,10 +15,17 @@ jobs:
     runs-on: ubuntu-latest
     name: Create release
     steps:
+      - name: Get GitHub App Token
+        id: token
+        uses: SocialGouv/token-bureau@main
+        with:
+          token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
+          audience: socialgouv
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
+          token: ${{ steps.token.outputs.token }}
 
       - name: Install dependencies
         run: yarn --immutable
@@ -34,4 +44,4 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           git remote set-url --push origin https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git
-          git push -f --follow-tags origin main
+          git push -f --follow-tags origin main