From 36cf4e97da779eecdc5c47cf4d9d72a65a522385 Mon Sep 17 00:00:00 2001
From: mkorwel <matt.korwel@gmail.com>
Date: Thu, 25 Sep 2025 20:37:06 -0700
Subject: [PATCH] updating app to use cli-robot-pat

---
 .../actions/create-pull-request/action.yml    | 19 +++----------------
 .github/workflows/release-nightly.yml         |  3 +--
 .../workflows/release-patch-1-create-pr.yml   | 10 +---------
 .github/workflows/release-promote.yml         |  3 +--
 scripts/releasing/create-patch-pr.js          |  4 +++-
 5 files changed, 9 insertions(+), 30 deletions(-)

diff --git a/.github/actions/create-pull-request/action.yml b/.github/actions/create-pull-request/action.yml
index 4b562a6183..62c374828d 100644
--- a/.github/actions/create-pull-request/action.yml
+++ b/.github/actions/create-pull-request/action.yml
@@ -15,11 +15,8 @@ inputs:
     description: 'The branch to merge into.'
     required: true
     default: 'main'
-  app-id:
-    description: 'The ID of the GitHub App.'
-    required: true
-  private-key:
-    description: 'The private key of the GitHub App.'
+  github-token:
+    description: 'The GitHub token to use for creating the pull request.'
     required: true
   dry-run:
     description: 'Whether to run in dry-run mode.'
@@ -29,20 +26,10 @@ inputs:
 runs:
   using: 'composite'
   steps:
-    - name: 'Generate GitHub App Token'
-      id: 'generate_token'
-      if: "inputs.dry-run == 'false'"
-      uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b'
-      with:
-        app-id: '${{ inputs.app-id }}'
-        private-key: '${{ inputs.private-key }}'
-        permission-pull-requests: 'write'
-        permission-contents: 'write'
-
     - name: 'Create and Approve Pull Request'
       if: "inputs.dry-run == 'false'"
       env:
-        GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
+        GH_TOKEN: '${{ inputs.github-token }}'
       shell: 'bash'
       run: |
         set -e
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index 9aeba22a01..131f4f627f 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -80,8 +80,7 @@ jobs:
           branch-name: 'release/${{ steps.nightly_version.outputs.RELEASE_TAG }}'
           pr-title: 'chore(release): bump version to ${{ steps.nightly_version.outputs.RELEASE_VERSION }}'
           pr-body: 'Automated version bump for nightly release.'
-          app-id: '${{ secrets.APP_ID }}'
-          private-key: '${{ secrets.PRIVATE_KEY }}'
+          github-token: '${{ secrets.GEMINI_CLI_ROBOT_GITHUB_PAT }}'
           dry-run: '${{ github.event.inputs.dry_run }}'
 
       - name: 'Create Issue on Failure'
diff --git a/.github/workflows/release-patch-1-create-pr.yml b/.github/workflows/release-patch-1-create-pr.yml
index 43b6eef050..6a0b58c383 100644
--- a/.github/workflows/release-patch-1-create-pr.yml
+++ b/.github/workflows/release-patch-1-create-pr.yml
@@ -52,14 +52,6 @@ jobs:
       - name: 'Install Script Dependencies'
         run: 'npm install yargs'
 
-      - name: 'Generate GitHub App Token'
-        id: 'generate_token'
-        uses: 'actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b'
-        with:
-          app-id: '${{ secrets.APP_ID }}'
-          private-key: '${{ secrets.PRIVATE_KEY }}'
-          permission-pull-requests: 'write'
-          permission-contents: 'write'
 
       - name: 'Configure Git User'
         run: |-
@@ -72,7 +64,7 @@ jobs:
         id: 'create_patch'
         env:
           GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
-          GH_TOKEN: '${{ steps.generate_token.outputs.token }}'
+          GEMINI_CLI_ROBOT_GITHUB_PAT: '${{ secrets.GEMINI_CLI_ROBOT_GITHUB_PAT }}'
         continue-on-error: true
         run: |
           # Capture output and display it in logs using tee
diff --git a/.github/workflows/release-promote.yml b/.github/workflows/release-promote.yml
index a52c1924c3..82698b0c50 100644
--- a/.github/workflows/release-promote.yml
+++ b/.github/workflows/release-promote.yml
@@ -320,8 +320,7 @@ jobs:
           branch-name: '${{ steps.release_branch.outputs.BRANCH_NAME }}'
           pr-title: 'chore(release): bump version to ${{ needs.calculate-versions.outputs.NEXT_NIGHTLY_VERSION }}'
           pr-body: 'Automated version bump to prepare for the next nightly release.'
-          app-id: '${{ secrets.APP_ID }}'
-          private-key: '${{ secrets.PRIVATE_KEY }}'
+          github-token: '${{ secrets.GEMINI_CLI_ROBOT_GITHUB_PAT }}'
           dry-run: '${{ github.event.inputs.dry_run }}'
 
       - name: 'Create Issue on Failure'
diff --git a/scripts/releasing/create-patch-pr.js b/scripts/releasing/create-patch-pr.js
index 1a32a50b21..d58ed2265b 100644
--- a/scripts/releasing/create-patch-pr.js
+++ b/scripts/releasing/create-patch-pr.js
@@ -214,7 +214,9 @@ The commit has been created with conflict markers for easier manual resolution.
   }
 
   const prCommand = `gh pr create --base ${releaseBranch} --head ${hotfixBranch} --title "${prTitle}" --body "${prBody}"`;
-  run(prCommand, dryRun);
+  run(prCommand, dryRun, {
+    env: { GH_TOKEN: process.env.GEMINI_CLI_ROBOT_GITHUB_PAT },
+  });
 
   if (hasConflicts) {
     console.log(