From 57c4fca164fea650b0655bfb299ab6d382803b05 Mon Sep 17 00:00:00 2001
From: Carly Gundy <47304080+cgundy@users.noreply.github.com>
Date: Mon, 18 Nov 2024 15:20:30 +0100
Subject: [PATCH 1/3] feat(IDX): replace workflow token with GitHub App

---
 .github/workflows/check_cla.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/check_cla.yml b/.github/workflows/check_cla.yml
index 61e1142..7036c38 100644
--- a/.github/workflows/check_cla.yml
+++ b/.github/workflows/check_cla.yml
@@ -14,6 +14,12 @@ jobs:
     outputs:
       is_member: ${{ steps.check-membership.outputs.is_member}}
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.CLA_BOT_APP_ID }}
+          private-key: ${{ secrets.CLA_BOT_PRIVATE_KEY }}
+    
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -32,7 +38,7 @@ jobs:
         run: python reusable_workflows/check_membership/check_membership.py
         shell: bash
         env:
-          GH_TOKEN: ${{ secrets.CLA_READ_ORG_MEMBERSHIP }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           GH_ORG: ${{ github.repository_owner }}
           USER: ${{ github.event.pull_request.user.login }}
 
@@ -112,6 +118,6 @@ jobs:
         if: ${{ steps.accepts_external_contrib.outputs.accepts_contrib != 'false' }}
         env:
           GH_ORG: ${{ github.repository_owner }}
-          GH_TOKEN: ${{ secrets.CLA_COMMENT_ON_PRS }}
+          GH_TOKEN: ${{ steps.app-token.outputs.token }}
           REPO: ${{ github.event.repository.name }}
           PR_ID: ${{ github.event.number }}

From a3e95cfb83190b00116918acb2e5ac74ff9c96b5 Mon Sep 17 00:00:00 2001
From: Carly Gundy <47304080+cgundy@users.noreply.github.com>
Date: Mon, 18 Nov 2024 15:34:50 +0100
Subject: [PATCH 2/3] test

---
 .github/workflows/check_cla_ruleset.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_cla_ruleset.yml b/.github/workflows/check_cla_ruleset.yml
index cf7b774..865c6e4 100644
--- a/.github/workflows/check_cla_ruleset.yml
+++ b/.github/workflows/check_cla_ruleset.yml
@@ -13,5 +13,5 @@ on:
 
 jobs:
   call-check-cla:
-    uses: dfinity/public-workflows/.github/workflows/check_cla.yml@main
+    uses: dfinity/public-workflows/.github/workflows/check_cla.yml@replace-workflow-token-with-app
     secrets: inherit

From 1dbb09b56c1701e0b72f9c51ba8646ce2f3406af Mon Sep 17 00:00:00 2001
From: Carly Gundy <47304080+cgundy@users.noreply.github.com>
Date: Mon, 18 Nov 2024 15:38:29 +0100
Subject: [PATCH 3/3] undo

---
 .github/workflows/check_cla_ruleset.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check_cla_ruleset.yml b/.github/workflows/check_cla_ruleset.yml
index 865c6e4..cf7b774 100644
--- a/.github/workflows/check_cla_ruleset.yml
+++ b/.github/workflows/check_cla_ruleset.yml
@@ -13,5 +13,5 @@ on:
 
 jobs:
   call-check-cla:
-    uses: dfinity/public-workflows/.github/workflows/check_cla.yml@replace-workflow-token-with-app
+    uses: dfinity/public-workflows/.github/workflows/check_cla.yml@main
     secrets: inherit