diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index 6c8606b0..0978b1e2 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -6,7 +6,12 @@ on:
   workflow_dispatch:
     secrets:
       NPM_TOKEN:
-        required: false
+        required: true
+permissions:
+  actions: read
+  contents: write
+  issues: write
+  pull-requests: write
 jobs:
   publish:
     name: Bump package versions and publish to npm.
@@ -20,12 +25,6 @@ jobs:
 
       - uses: ./.github/actions/setup
 
-      - id: create_token
-        uses: tibdex/github-app-token@v2
-        with:
-          app_id: ${{ vars.GH_APP_ID }}
-          private_key: ${{ secrets.GH_APP_PRIVATE_KEY }}
-
       - name: Create Release Pull or publish changes
         uses: changesets/action@v1
         with:
@@ -33,5 +32,5 @@ jobs:
           publish: pnpm run release
           title: "[Changesets] Bump package versions"
         env:
-          GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}