From 0e81b6e22e32cb5a97680c0a8798b6b8e1f0fc2b Mon Sep 17 00:00:00 2001
From: Sebastien Vermeille <sebastien.vermeille@sonarsource.com>
Date: Fri, 17 Nov 2023 14:05:34 +0100
Subject: [PATCH] BUILD-4131 Use GitHub token from Vault instead of Github
 stored token (#4550)

That way it can be rotated in an easier manner
---
 .github/workflows/dogfood.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/dogfood.yml b/.github/workflows/dogfood.yml
index c984ab7bad1..9592ee388df 100644
--- a/.github/workflows/dogfood.yml
+++ b/.github/workflows/dogfood.yml
@@ -20,7 +20,6 @@ jobs:
     name: Update dogfood branch
     permissions:
       id-token: write # required for SonarSource/vault-action-wrapper
-      contents: write # required to grant GITHUB_TOKEN writing permission
     steps:
     - name: get secrets
       id: secrets
@@ -28,9 +27,10 @@ jobs:
       with:
         secrets: |
           development/kv/data/slack webhook | SLACK_WEBHOOK;
+          development/github/token/{REPO_OWNER_NAME_DASH}-dogfood-merge token | dogfood_token;
     - name: git octopus step
       env:
-        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+        GITHUB_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).dogfood_token }}
       id: dogfood
       uses: SonarSource/gh-action_dogfood_merge@v1
       with: