ci(workflows): Streamline GitHub token generation across workflows

Author: arturcic

.github/workflows/gittools-actions.yml

@@ -35,17 +35,17 @@ jobs:
           "version=$version" >> $env:GITHUB_OUTPUT
       -
         name: Load GitHub App credentials
-        id: gh-app-creds
-        uses: gittools/cicd/gh-app-creds@v1
+        id: github-app-creds
+        uses: gittools/cicd/github-app-creds@v1
         with:
           op_service_account_token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
       -
         name: Generate GitHub App Token
         id: app-token
         uses: actions/create-github-app-token@v3
         with:
-          app-id: ${{ steps.gh-app-creds.outputs.gh_app_id }}
-          private-key: ${{ steps.gh-app-creds.outputs.gh_app_private_key }}
+          app-id: ${{ steps.github-app-creds.outputs.gh_app_id }}
+          private-key: ${{ steps.github-app-creds.outputs.gh_app_private_key }}
           owner: ${{ github.repository_owner }}
           repositories: actions
           permission-contents: write

.github/workflows/homebrew.yml

@@ -30,22 +30,11 @@ jobs:
           }
           "version=$version" >> $env:GITHUB_OUTPUT
       -
-        name: Load GitHub App credentials
-        id: gh-app-creds
-        uses: gittools/cicd/gh-app-creds@v1
+        name: Load GitHub release token
+        id: github-creds
+        uses: gittools/cicd/github-creds@v1
         with:
           op_service_account_token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-      -
-        name: Generate GitHub App Token
-        id: app-token
-        uses: actions/create-github-app-token@v3
-        with:
-          app-id: ${{ steps.gh-app-creds.outputs.gh_app_id }}
-          private-key: ${{ steps.gh-app-creds.outputs.gh_app_private_key }}
-          owner: gittools-bot
-          repositories: homebrew-core
-          permission-contents: write
-          permission-pull-requests: write
       -
         uses: mislav/bump-homebrew-formula-action@v3
         name: Bump Homebrew formula
@@ -59,4 +48,4 @@ jobs:
 
             For additional details see https://github.com/GitTools/GitVersion/releases/tag/${{ steps.get-version.outputs.version }}
         env:
-          COMMITTER_TOKEN: ${{ steps.app-token.outputs.token }}
+          COMMITTER_TOKEN: ${{ steps.github-creds.outputs.github_release_token }}

.github/workflows/winget.yml

@@ -17,21 +17,11 @@ jobs:
     name: Bump winget manifest
     runs-on: ubuntu-24.04
     steps:
-    - name: Load GitHub App credentials
-      id: gh-app-creds
-      uses: gittools/cicd/gh-app-creds@v1
+    - name: Load GitHub release token
+      id: github-creds
+      uses: gittools/cicd/github-creds@v1
       with:
         op_service_account_token: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
-    - name: Generate GitHub App Token
-      id: app-token
-      uses: actions/create-github-app-token@v3
-      with:
-        app-id: ${{ steps.gh-app-creds.outputs.gh_app_id }}
-        private-key: ${{ steps.gh-app-creds.outputs.gh_app_private_key }}
-        owner: gittools-bot
-        repositories: winget-pkgs
-        permission-contents: write
-        permission-pull-requests: write
     - name: Get version
       id: get-version
       shell: pwsh
@@ -50,7 +40,7 @@ jobs:
 
     - uses: michidk/run-komac@v2.1.0
       env:
-        GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+        GITHUB_TOKEN: ${{ steps.github-creds.outputs.github_release_token }}
       with:
         args: '${{ steps.get-version.outputs.run_args }}'
         custom-fork-owner: gittools-bot