From 7a0cb324796e27d361383689bc9c9eac33836c04 Mon Sep 17 00:00:00 2001
From: Becky Chen <becky.chen@salesforce.com>
Date: Mon, 7 Oct 2024 21:29:41 +0000
Subject: [PATCH] Update gha to use for-public-repos-only branch of
 security-alerts-action

---
 .github/workflows/push_dependabot_metadata.yml | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/push_dependabot_metadata.yml b/.github/workflows/push_dependabot_metadata.yml
index a980707..2a5912d 100644
--- a/.github/workflows/push_dependabot_metadata.yml
+++ b/.github/workflows/push_dependabot_metadata.yml
@@ -9,10 +9,26 @@ jobs:
   send-alerts:
     runs-on: pub-hk-ubuntu-24.04-ip
     steps:
+      - name: Create GitHub App Token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        with:
+          app-id: ${{ secrets.SECURITY_ALERTS_GH_APP_ID }}
+          private-key: ${{ secrets.SECURITY_ALERTS_GH_APP_PRIVKEY }}
+          owner: heroku
+
+      - name: Checkout code with security-alerts-action
+        uses: actions/checkout@v4
+        with:
+          repository: heroku/security-alerts-action
+          token: ${{ steps.app-token.outputs.token }}
+          ref: for-public-repos-only
+
       - name: Send data to Security Alerts
-        uses: heroku/security-alerts-action@main
+        uses: ./
         with:
           gh-app-id: ${{ secrets.SECURITY_ALERTS_GH_APP_ID }}
           gh-app-privkey: ${{ secrets.SECURITY_ALERTS_GH_APP_PRIVKEY }}
           webhook-url: ${{ secrets.SECURITY_ALERTS_WEBHOOK_URL }}
           sa-token: ${{ secrets.SECURITY_ALERTS_TOKEN }}
+          gh-app-token: ${{ steps.app-token.outputs.token }}