From 95083f375c3fb8463a0eb53c0975ab5faa45a571 Mon Sep 17 00:00:00 2001
From: Kent Gruber <kent.gruber@temporal.io>
Date: Tue, 4 Nov 2025 11:47:42 -0500
Subject: [PATCH 1/2] Use first-party action for GitHub app tokens

This change was made by an automated process to ensure all GitHub Actions workflows use the official GitHub application token action.

Assisted-by: GPT-5 Codex via Camper
---
 .github/workflows/trigger-publish.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/trigger-publish.yml b/.github/workflows/trigger-publish.yml
index 04eee3192..ef772ca44 100644
--- a/.github/workflows/trigger-publish.yml
+++ b/.github/workflows/trigger-publish.yml
@@ -18,10 +18,10 @@ jobs:
     steps:
       - name: Generate a token
         id: generate_token
-        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92
+        uses: actions/create-github-app-token@v2
         with:
-          app_id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
-          private_key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
+          app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
+          private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
 
       - name: Dispatch docker builds Github Action
         env:

From a3cce9225e1f273fe1962e5901de90ed03401e29 Mon Sep 17 00:00:00 2001
From: Kent Gruber <kent.gruber@temporal.io>
Date: Thu, 6 Nov 2025 10:26:13 -0500
Subject: [PATCH 2/2] Adjust GitHub App token scope for workflows

This refresh aligns owner/repositories inputs with actions/create-github-app-token@v2 defaults while preserving necessary repository access.

Assisted-by: GPT-5 Codex via Camper
---
 .github/workflows/trigger-docs.yml    | 6 ++++--
 .github/workflows/trigger-publish.yml | 4 ++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trigger-docs.yml b/.github/workflows/trigger-docs.yml
index 8b62778bf..645d976b5 100644
--- a/.github/workflows/trigger-docs.yml
+++ b/.github/workflows/trigger-docs.yml
@@ -32,12 +32,14 @@ jobs:
 
       - name: Generate token
         id: generate_token
-        uses: actions/create-github-app-token@v1
+        uses: actions/create-github-app-token@v2
         with:
           app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
           private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
-          repositories: documentation # generate a token with permissions to trigger GHA in documentation repo
+          # Generate a token with permissions to trigger GHA in documentation repo.
+          repositories: |
+            documentation
 
       - name: Trigger Documentation Workflow
         env:
diff --git a/.github/workflows/trigger-publish.yml b/.github/workflows/trigger-publish.yml
index ef772ca44..6f65fefe4 100644
--- a/.github/workflows/trigger-publish.yml
+++ b/.github/workflows/trigger-publish.yml
@@ -22,6 +22,10 @@ jobs:
         with:
           app-id: ${{ secrets.TEMPORAL_CICD_APP_ID }}
           private-key: ${{ secrets.TEMPORAL_CICD_PRIVATE_KEY }}
+          owner: temporalio
+          repositories: |
+            cli
+            docker-builds
 
       - name: Dispatch docker builds Github Action
         env: