From 171f3f1b08c22eeff4ff0c3380dbf332838c6438 Mon Sep 17 00:00:00 2001
From: Sinduri Guntupalli <sinduri.guntupalli@dynatrace.com>
Date: Thu, 28 May 2026 09:45:52 +0200
Subject: [PATCH] fix(workflows): use GitHub App token to push data refresh
 commits to protected main branch

- Generate an installation token via actions/create-github-app-token before checkout
- Pass the token to actions/checkout so git push authenticates as the GitHub App
- The offon-data-refresh GitHub App is added to the ruleset bypass list, allowing
  direct commits to main without a pull request

Signed-off-by: Sinduri Guntupalli <sinduri.guntupalli@dynatrace.com>
---
 .github/workflows/refresh-community-data.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/refresh-community-data.yml b/.github/workflows/refresh-community-data.yml
index 209040b6..3e9daae4 100644
--- a/.github/workflows/refresh-community-data.yml
+++ b/.github/workflows/refresh-community-data.yml
@@ -21,7 +21,15 @@ jobs:
   refresh:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
+        with:
+          token: ${{ steps.app-token.outputs.token }}
 
       - uses: actions/setup-node@v4
         with: