From 0e6479183383c336438251b815c68e590cbca6b1 Mon Sep 17 00:00:00 2001
From: Mingwei Samuel <mingwei.samuel@gmail.com>
Date: Mon, 22 Jul 2024 13:14:15 -0700
Subject: [PATCH] ci: use official create-github-app-token action

---
 .github/workflows/release.yml | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d3fb430c872a..24ca5f8a5d96 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -26,6 +26,7 @@ jobs:
     timeout-minutes: 20
     runs-on: ubuntu-latest
     steps:
+      # https://github.com/orgs/community/discussions/25305#discussioncomment-8256560
       # Unfortunately branch protection means that this workflow can't push the updated changelogs
       # and tags to `main` in the normal way. Instead we have an app:
       # https://github.com/organizations/hydro-project/settings/apps/hydro-project-bot
@@ -35,10 +36,10 @@ jobs:
       # `APP_PRIVATE_KEY` ("Generate a private key").
       - name: Generate token
         id: generate_token
-        uses: tibdex/github-app-token@v1
+        uses: actions/create-github-app-token@v1
         with:
-          app_id: ${{ secrets.APP_ID }}
-          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
 
       - run: |
           echo "Version bump: $BUMP"
@@ -54,7 +55,7 @@ jobs:
           git config --global user.email "132423234+hydro-project-bot[bot]@users.noreply.github.com"
 
       - name: Checkout sources
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Fetch all commit history so smart-release can generate changelogs.
           fetch-depth: 0