From f2c6fa942bab12065f28e0d32ebd6efa498e032e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafa=C5=82=20Zawadzki?= <rafalza@monday.com>
Date: Mon, 14 Oct 2024 16:43:16 +0200
Subject: [PATCH] Use actions/create-github-app-token@v1 for the checkout

---
 .github/workflows/pypa-publish.yml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/.github/workflows/pypa-publish.yml b/.github/workflows/pypa-publish.yml
index 0f2dd81..cc0f23b 100644
--- a/.github/workflows/pypa-publish.yml
+++ b/.github/workflows/pypa-publish.yml
@@ -10,7 +10,18 @@ jobs:
       permissions:
         id-token: write  # IMPORTANT: this permission is mandatory for trusted publishing
       steps:
+        - uses: actions/create-github-app-token@v1
+          id: app-token
+          with:
+            # required
+            app-id: ${{ vars.APP_ID }}
+            private-key: ${{ secrets.PRIVATE_KEY }}
         - uses: actions/checkout@v4
+          with:
+            token: ${{ steps.app-token.outputs.token }}
+            ref: ${{ github.head_ref }}
+            # Make sure the value of GITHUB_TOKEN will not be persisted in repo's config
+            persist-credentials: false
         - name: Set up Python
           uses: actions/setup-python@v4
           with: