From 28dbf8f7cf84036235aa728ddd64c1ce892acb87 Mon Sep 17 00:00:00 2001
From: Andrew Gable <andrew@expensify.com>
Date: Thu, 10 Oct 2024 13:03:27 -0600
Subject: [PATCH] Use secret inherit and a GitHub app to sign commits

---
 .github/workflows/publish.yml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 38c9db9..5c4809b 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -28,10 +28,8 @@ jobs:
   publish:
     needs: get_pull_request
     uses: Expensify/GitHub-Actions/.github/workflows/npmPublish.yml@main
+    secrets: inherit
     with:
       repository: ${{ github.action_repository }}
-      # 'outputs' provides a string and we need a number, so we use fromJSON to convert it
+      # 'outputs' provides a string, and we need a number, so we use fromJSON to convert it
       pull_request_number: ${{ fromJSON(needs.get_pull_request.outputs.pull_request_number) }}
-    secrets:
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      OS_BOTIFY_COMMIT_TOKEN: ${{ secrets.OS_BOTIFY_COMMIT_TOKEN }}