From 7ab4b98bddde680b4f5afe89b51a07541a2b029e Mon Sep 17 00:00:00 2001
From: Gary van Woerkens <gary.van-woerkens@sg.social.gouv.fr>
Date: Mon, 3 Feb 2025 10:05:36 +0100
Subject: [PATCH] fix(ci-cd): use token-bureau (#1914)

---
 .github/workflows/release.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index eb69e93e1..1beee31a5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,12 +5,22 @@ on:
   push:
     branches: [main, alpha, beta, next]
 
+permissions:
+  id-token: write  # Required for OIDC token generation
+
 jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
     steps:
 
+    - name: Get GitHub App Token
+      id: token
+      uses: SocialGouv/token-bureau@main
+      with:
+        token-bureau-url: https://token-bureau.fabrique.social.gouv.fr
+        audience: socialgouv
+
     - name: Checkout repository
       uses: actions/checkout@v3
       with:
@@ -38,4 +48,4 @@ jobs:
         GIT_AUTHOR_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
         GIT_COMMITTER_EMAIL: ${{ secrets.SOCIALGROOVYBOT_EMAIL }}
         GIT_COMMITTER_NAME: ${{ secrets.SOCIALGROOVYBOT_NAME }}
-        GITHUB_TOKEN: ${{ secrets.SOCIALGROOVYBOT_BOTO_PAT }}
+        GITHUB_TOKEN: ${{ steps.token.outputs.token }}