feat(gatherer): Use GitHub app instead of PAT for gatherer (#2535)

javirln · web-flow · commit 430af45629df · 2025-11-11T16:28:11.000+01:00
Signed-off-by: Javier Rodriguez &lt;javier@chainloop.dev&gt;
diff --git a/.github/workflows/scm_configuration_check.yaml b/.github/workflows/scm_configuration_check.yaml
@@ -29,9 +29,16 @@ jobs:
         run: |
           chainloop attestation init --workflow ${CHAINLOOP_WORKFLOW_NAME} --project ${CHAINLOOP_PROJECT_NAME}
 
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.CHAINLOOP_GATHERER_APP_ID }}
+          private-key: ${{ secrets.GATHERER_APP_PRIVATE_KEY }}
+
       - name: Gather runner context data
         run: |
-          chainloop gather-runner-context --runner-token ${{ secrets.PAT_ADMIN }}
+          chainloop gather-runner-context --runner-token ${{ steps.generate-token.outputs.token }}
 
       - name: Add runner context material to attestation
         run: |
