From a47b1e8e1479896889471da2293c4d9c29d25d85 Mon Sep 17 00:00:00 2001
From: Gustav Utterheim <gustav@utterheim.com>
Date: Thu, 11 Jan 2024 13:22:15 +0100
Subject: [PATCH] ci: use github app for release-please permissions

---
 .github/workflows/release.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 712be1c4..570f5402 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,14 +8,20 @@ on:
 jobs:
   release-please:
     permissions:
-      contents: write
-      pull-requests: write
+      contents: read
     runs-on: ubuntu-latest
     steps:
+      - name: Get token
+        id: app-token
+        uses: actions/create-github-app-token@v1
+        with:
+          private-key: ${{ secrets.RELEASE_PLEASE_PRIVATE_KEY }}
+          app-id: ${{ secrets.RELEASE_PLEASE_APP_ID }}
       - name: Release Please
         uses: google-github-actions/release-please-action@v3
         id: release
         with:
+          token: ${{ steps.app-token.outputs.token }}
           release-type: node
           package-name: codeowners-generator
       - name: Checkout repository