From a30ba81d0e01d515e16a13a53f6fd947c46a13de Mon Sep 17 00:00:00 2001
From: Matt Gallo <mdgallo@us.ibm.com>
Date: Thu, 21 Nov 2024 11:29:57 -0500
Subject: [PATCH 1/3] build: update dependency action to use bot token

---
 .github/workflows/update.yml | 55 +++++++++++++-----------------------
 1 file changed, 20 insertions(+), 35 deletions(-)

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index e17877a5c4..db16d1f873 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install
         run: yarn
@@ -21,19 +21,22 @@ jobs:
           yarn
         env:
           YARN_ENABLE_IMMUTABLE_INSTALLS: false
-
+      - name: Generate token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
+        id: generate_token
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
       - name: Create PR
         id: create-pr
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
-          token: ${{ secrets.CREATE_PR_ACCESS_TOKEN }}
-          commit-message: 'fix: update Carbon 11 compatible versions to latest'
-          committer: GitHub <noreply@github.com>
-          author:
-            ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          branch: 'update-packages'
+          token: ${{ steps.generate_token.outputs.token }}
+          commit-message: 'build(deps): update Carbon 11 compatible versions to latest'
+          delete-branch: true
+          branch: 'deps/update-carbon-packages'
           branch-suffix: random
-          title: 'fix: update to Carbon 11 compatible versions to latest'
+          title: 'build(deps): update to Carbon 11 compatible versions to latest'
           body: |
             This PR was automatically generated to update Carbon 11 compatible versions on a regular basis. This is not intended to create any breaking changes, and will be reflected as a minor version bump for affected packages. NB we'll run all tests and do visual verifications, but there is always the opportunity for unexpected regressions. If you're using one of the packages in a stable or production context you may want to check this before taking the next minor version, and do let us know ASAP if you see anything problematic.
 
@@ -52,27 +55,11 @@ jobs:
             - [ ] `yarn ci-check` runs cleanly and all tests pass (done automatically as part of the PR checks).
             - [ ] the Netlify deploy-preview has been used to ensure that storybook runs and the main published components render correctly.
 
-      - name: Post reminder to Slack
-        id: post-reminder
-        uses: archive/github-actions-slack@v2.0.0
-        with:
-          slack-bot-user-oauth-access-token:
-            ${{ secrets.CREATE_PR_SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
-          slack-channel: G01PUCL3V8R # cspell:disable-line
-          slack-text: >
-            Hello! This is a test post. PR number:
-            ${{steps.create-pr.outputs.pull-request-number}} 🤓
-
-      - name: Result from "Post reminder to Slack"
-        run: |
-          echo "The PR number was ${{ steps.create-pr.outputs.pull-request-number }}"
-          echo "The result was ${{ steps.post-reminder.outputs.slack-result }}"
-
   dependencies:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Install
         run: yarn
@@ -89,16 +76,14 @@ jobs:
 
       - name: Create PR
         id: create-pr
-        uses: peter-evans/create-pull-request@v3
+        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
-          token: ${{ secrets.CREATE_PR_ACCESS_TOKEN }}
-          commit-message: 'chore: update dev dependencies'
-          committer: GitHub <noreply@github.com>
-          author:
-            ${{ github.actor }} <${{ github.actor }}@users.noreply.github.com>
-          branch: 'update-packages'
+          token: ${{ steps.generate_token.outputs.token }}
+          commit-message: 'build(deps): update dev dependencies'
+          delete-branch: true
+          branch: 'deps/update-dev-packages'
           branch-suffix: random
-          title: 'chore: update dev dependencies'
+          title: 'build(deps): update dev dependencies'
           body: |
             This PR was automatically generated to update versions of dev dependencies to their latest versions. This helps ensure we get fixes and improvements in a timely fashion and reduces the impact of updating the versions that can arise if versions are allowed to become stale for an extended period.
 

From e076c836a769342fb388238be6b918a1a1331d2f Mon Sep 17 00:00:00 2001
From: Matt Gallo <mdgallo@us.ibm.com>
Date: Thu, 21 Nov 2024 13:22:22 -0500
Subject: [PATCH 2/3] refactor: update commit type to chore

---
 .github/workflows/update.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index db16d1f873..c2f651c143 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -32,11 +32,11 @@ jobs:
         uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           token: ${{ steps.generate_token.outputs.token }}
-          commit-message: 'build(deps): update Carbon 11 compatible versions to latest'
+          commit-message: 'chore(deps): update Carbon 11 compatible versions to latest'
           delete-branch: true
           branch: 'deps/update-carbon-packages'
           branch-suffix: random
-          title: 'build(deps): update to Carbon 11 compatible versions to latest'
+          title: 'chore(deps): update to Carbon 11 compatible versions to latest'
           body: |
             This PR was automatically generated to update Carbon 11 compatible versions on a regular basis. This is not intended to create any breaking changes, and will be reflected as a minor version bump for affected packages. NB we'll run all tests and do visual verifications, but there is always the opportunity for unexpected regressions. If you're using one of the packages in a stable or production context you may want to check this before taking the next minor version, and do let us know ASAP if you see anything problematic.
 
@@ -79,11 +79,11 @@ jobs:
         uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           token: ${{ steps.generate_token.outputs.token }}
-          commit-message: 'build(deps): update dev dependencies'
+          commit-message: 'chore(deps): update dev dependencies'
           delete-branch: true
           branch: 'deps/update-dev-packages'
           branch-suffix: random
-          title: 'build(deps): update dev dependencies'
+          title: 'chore(deps): update dev dependencies'
           body: |
             This PR was automatically generated to update versions of dev dependencies to their latest versions. This helps ensure we get fixes and improvements in a timely fashion and reduces the impact of updating the versions that can arise if versions are allowed to become stale for an extended period.
 

From 23ac446ff3ee60644f9dab24082dabc8871bf62c Mon Sep 17 00:00:00 2001
From: Matt Gallo <mdgallo@us.ibm.com>
Date: Thu, 21 Nov 2024 13:28:57 -0500
Subject: [PATCH 3/3] refactor: revert back to build commit type

---
 .github/workflows/update.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index c2f651c143..db16d1f873 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -32,11 +32,11 @@ jobs:
         uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           token: ${{ steps.generate_token.outputs.token }}
-          commit-message: 'chore(deps): update Carbon 11 compatible versions to latest'
+          commit-message: 'build(deps): update Carbon 11 compatible versions to latest'
           delete-branch: true
           branch: 'deps/update-carbon-packages'
           branch-suffix: random
-          title: 'chore(deps): update to Carbon 11 compatible versions to latest'
+          title: 'build(deps): update to Carbon 11 compatible versions to latest'
           body: |
             This PR was automatically generated to update Carbon 11 compatible versions on a regular basis. This is not intended to create any breaking changes, and will be reflected as a minor version bump for affected packages. NB we'll run all tests and do visual verifications, but there is always the opportunity for unexpected regressions. If you're using one of the packages in a stable or production context you may want to check this before taking the next minor version, and do let us know ASAP if you see anything problematic.
 
@@ -79,11 +79,11 @@ jobs:
         uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
         with:
           token: ${{ steps.generate_token.outputs.token }}
-          commit-message: 'chore(deps): update dev dependencies'
+          commit-message: 'build(deps): update dev dependencies'
           delete-branch: true
           branch: 'deps/update-dev-packages'
           branch-suffix: random
-          title: 'chore(deps): update dev dependencies'
+          title: 'build(deps): update dev dependencies'
           body: |
             This PR was automatically generated to update versions of dev dependencies to their latest versions. This helps ensure we get fixes and improvements in a timely fashion and reduces the impact of updating the versions that can arise if versions are allowed to become stale for an extended period.