From 01e65deb540ede09a35c57dae171e4bb8a1b62c8 Mon Sep 17 00:00:00 2001
From: Carly Gundy <47304080+cgundy@users.noreply.github.com>
Date: Mon, 24 Feb 2025 18:22:04 +0100
Subject: [PATCH] feat(IDX): use new github app (#4080)

This PR moves any workflows that generate PRs to a new app and require
using a new environment.
---
 .github/workflows/container-base-images.yml     |  5 +++--
 .github/workflows/update-mainnet-revisions.yaml | 10 ++++++----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/container-base-images.yml b/.github/workflows/container-base-images.yml
index 7751efdb2c9..9e5c14294b7 100644
--- a/.github/workflows/container-base-images.yml
+++ b/.github/workflows/container-base-images.yml
@@ -106,6 +106,7 @@ jobs:
     name: Update Reference Files PR
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    environment: CREATE_PR
     needs: [build-base-image]
     if: ${{ github.ref_name == 'master' }}
     steps:
@@ -113,8 +114,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
-          private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
+          app-id: ${{ vars.PR_CREATION_BOT_APP_ID }}
+          private-key: ${{ secrets.PR_CREATION_BOT_PRIVATE_KEY }}
 
       - name: Checkout
         uses: actions/checkout@v4
diff --git a/.github/workflows/update-mainnet-revisions.yaml b/.github/workflows/update-mainnet-revisions.yaml
index f95965fd851..dfb25efb467 100644
--- a/.github/workflows/update-mainnet-revisions.yaml
+++ b/.github/workflows/update-mainnet-revisions.yaml
@@ -12,13 +12,14 @@ defaults:
 jobs:
   update-ic-versions-file:
     runs-on: ubuntu-latest
+    environment: CREATE_PR
     steps:
       - name: Create GitHub App Token
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
-          private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
+          app-id: ${{ vars.PR_CREATION_BOT_APP_ID }}
+          private-key: ${{ secrets.PR_CREATION_BOT_PRIVATE_KEY }}
 
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -37,6 +38,7 @@ jobs:
   update-nervous-system-wasms:
     runs-on:
       labels: dind-small
+    environment: CREATE_PR
     container:
       image: ghcr.io/dfinity/ic-build@sha256:908c9b2abe0647cd54a2485117c263b0dae4a8aba8f25bc073813b09be9b1d59
       options: >-
@@ -46,8 +48,8 @@ jobs:
         uses: actions/create-github-app-token@v1
         id: app-token
         with:
-          app-id: ${{ vars.PR_AUTOMATION_BOT_PUBLIC_APP_ID }}
-          private-key: ${{ secrets.PR_AUTOMATION_BOT_PUBLIC_PRIVATE_KEY }}
+          app-id: ${{ vars.PR_CREATION_BOT_PRIVATE_KEY }}
+          private-key: ${{ secrets.PR_CREATION_BOT_APP_ID }}
 
       - name: Checkout repository
         uses: actions/checkout@v4