chore: add GitHub App token creation step to workflows for enhanced security

Author: wax911

.github/workflows/android-publish-artifact.yml

@@ -13,6 +13,11 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - uses: actions/checkout@v4
       - uses: gradle/wrapper-validation-action@v3
       - name: set up JDK 17
@@ -26,7 +31,7 @@ jobs:
           ref: ${{ github.ref }}
           running-workflow-name: android-publish-artifact
           check-name: unit
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          repo-token: ${{ steps.app-token.outputs.token }}
           wait-interval: 20
       - uses: gradle/actions/setup-gradle@v4
       - name: Grant execute permission for gradlew

.github/workflows/android-unit-test.yml

@@ -17,6 +17,11 @@ jobs:
   unit:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - uses: actions/checkout@v4
       - uses: gradle/actions/setup-gradle@v4
       - name: set up JDK 17
@@ -36,3 +41,4 @@ jobs:
         if: always() # always run even if the previous step fails
         with:
           report_paths: '**/build/test-results/**/TEST-*.xml'
+          token: ${{ steps.app-token.outputs.token }}

.github/workflows/first-time-contributer-greeting.yml

@@ -9,8 +9,13 @@ jobs:
       issues: write
       pull-requests: write
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - uses: actions/first-interaction@v1
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
+          repo-token: ${{ steps.app-token.outputs.token }}
           issue-message: "Hey there! Thank you for creating an issue :) Please take a moment to review our [**community guidelines**](https://github.com/AniTrend/android-emojify/blob/develop/CONTRIBUTING.md) to make the contribution process easy and effective for everyone involved."
           pr-message: "Hey there! Thank you for this PR :) Please take a moment to review our [**community guidelines**](https://github.com/AniTrend/android-emojify/blob/develop/CONTRIBUTING.md) to make the contribution process easy and effective for everyone involved."

.github/workflows/gradle-dokka.yml

@@ -11,6 +11,11 @@ jobs:
   gradle-dokka:
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - uses: actions/checkout@v4
       - name: set up JDK 17
         uses: actions/setup-java@v4
@@ -29,3 +34,4 @@ jobs:
         with:
           branch: docs # The branch the action should deploy to.
           folder: dokka-docs # The folder the action should deploy.
+          token: ${{ steps.app-token.outputs.token }}

.github/workflows/release-drafter.yml

@@ -18,17 +18,22 @@ jobs:
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
+      - uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
       - uses: release-drafter/release-drafter@v6
         id: release_drafter
         with:
           config-name: release-drafter-config.yml
           disable-autolabeler: false
           commitish: develop
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
       - name: Repository Dispatch
         uses: peter-evans/repository-dispatch@v3
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           event-type: version-update-and-push
           client-payload: '{"version": "${{ steps.release_drafter.outputs.resolved_version }}"}'