From d004704af2461cb9a4e76985fc9c4395901439d0 Mon Sep 17 00:00:00 2001
From: Szymon Szyszkowski <ss60@mib117351s.internal.sanger.ac.uk>
Date: Fri, 19 Jul 2024 14:18:06 +0100
Subject: [PATCH] ci(release): use github app token for tag push

---
 .github/workflows/release.yaml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index b92300b8d..4eb48b992 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -34,6 +34,7 @@ jobs:
           fetch-depth: 0
           repository: opentargets/gentropy
           token: ${{ secrets.GITHUB_TOKEN }}
+          persist-credentials: false
 
       - name: Python Semantic Release
         id: semrelease
@@ -41,7 +42,7 @@ jobs:
         # breaks the poetry build command.
         uses: python-semantic-release/python-semantic-release@v9.6.0
         with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ steps.trigger-token.outputs.token }}
 
       - name: Publish package to GitHub Release
         uses: python-semantic-release/upload-to-gh-release@main
@@ -51,7 +52,7 @@ jobs:
           # requires using GH_APP to authenitcate, otherwise push authorised with
           # the GITHUB_TOKEN does not trigger the tag artifact workflow.
           # see https://github.com/actions/create-github-app-token
-          github_token: ${{ steps.trigger-token.outputs.token }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           tag: ${{ steps.semrelease.outputs.tag }}
 
       - name: Store the distribution packages