From ee100748a78b06a6127b4762c3b2f3f4b03c233b Mon Sep 17 00:00:00 2001
From: Victor Martinez <VictorMartinezRubio@gmail.com>
Date: Tue, 8 Oct 2024 17:58:16 +0200
Subject: [PATCH] github-actions: use ephemeral tokens

---
 .github/workflows/add-to-project.yaml | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/add-to-project.yaml b/.github/workflows/add-to-project.yaml
index 1d8c60b..7e3daa9 100644
--- a/.github/workflows/add-to-project.yaml
+++ b/.github/workflows/add-to-project.yaml
@@ -11,7 +11,18 @@ jobs:
     name: Add issue to project
     runs-on: ubuntu-latest
     steps:
+      - name: Get token
+        id: get_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
+        with:
+          app_id: ${{ secrets.OBS_AUTOMATION_APP_ID }}
+          private_key: ${{ secrets.OBS_AUTOMATION_APP_PEM }}
+          permissions: >-
+            {
+              "organization_projects": "write",
+              "issues": "read"
+            }
       - uses: actions/add-to-project@v1.0.2
         with:
           project-url: https://github.com/orgs/elastic/projects/1286
-          github-token: ${{ secrets.APM_TECH_USER_TOKEN }}
\ No newline at end of file
+          github-token: ${{ steps.get_token.outputs.token }}
\ No newline at end of file