From f1912dd9ab30b8f2ecbcdfff153b4edbcd4722d4 Mon Sep 17 00:00:00 2001
From: Philip Balinov <philip@mondoo.com>
Date: Thu, 28 Nov 2024 13:33:54 +0200
Subject: [PATCH] Avoid reviewing own PRs by auto-merging with bot token
 (#1499)

* Avoid reviewing own PRs by auto-merging with bot token

* Switch to official create-github-app-token action

* Revert to manual gh execution
---
 .github/workflows/pr-test-lint.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-test-lint.yml b/.github/workflows/pr-test-lint.yml
index 894c610e..90862eeb 100644
--- a/.github/workflows/pr-test-lint.yml
+++ b/.github/workflows/pr-test-lint.yml
@@ -135,13 +135,20 @@ jobs:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
           filterOutClosed: true
           filterOutDraft: true
+      # fetch a token for the mondoo-mergebot app
+      - name: Generate token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ secrets.MONDOO_MERGEBOT_APP_ID }}
+          private-key: ${{ secrets.MONDOO_MERGEBOT_APP_PRIVATE_KEY }}
+      # automerge using bot token
       - name: Approve and merge a PR
         run: |
           gh pr review ${{ steps.pr.outputs.number }} --approve
           gh pr merge ${{ steps.pr.outputs.number }} --squash --merge
         env:
-          GH_TOKEN: ${{secrets.GITHUB_TOKEN}}
-
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
   event_file:
     name: "Store event file"
     runs-on: ubuntu-latest