diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index d540d013..14feceb0 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -8,11 +8,6 @@ on:
       npm-token:
         description: npm token to be used to publish npm packages
         required: false
-permissions:
-  actions: read
-  contents: write
-  issues: write
-  pull-requests: write
 jobs:
   publish:
     name: Bump package versions and publish to npm.
@@ -26,6 +21,12 @@ jobs:
 
       - uses: ./.github/actions/setup
 
+      - uses: actions/create-github-app-token@v1
+        id: create_token
+        with:
+          app-id: ${{ vars.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+
       - name: Create Release Pull or publish changes
         uses: changesets/action@v1
         with:
@@ -33,5 +34,5 @@ jobs:
           publish: pnpm run release
           title: "[Changesets] Bump package versions"
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.create_token.outputs.token }}
           NPM_TOKEN: ${{ inputs.npm-token }}