Add Dependabot PR test event and update workflow for token generation

.github/test-events/dependabot-pr.json

@@ -0,0 +1,15 @@
+{
+  "pull_request": {
+    "number": 13545,
+    "title": "Bump test from 7.0.4 to 7.0.8",
+    "user": {
+      "login": "dependabot[bot]"
+    }
+  },
+  "repository": {
+    "owner": {
+      "login": "openfoodfoundation"
+    },
+    "name": "openfoodnetwork"
+  }
+}

.github/workflows/move-dependency-pr-to-code-review.yml

@@ -1,8 +1,4 @@
 name: Auto-move Dependabot PRs to Code Review
-permissions:
-  contents: read
-  pull-requests: write
-  project: write
 
 on:
   pull_request:
@@ -13,15 +9,22 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' || startsWith(github.event.pull_request.title, 'Bump')
     steps:
+      - name: Generate GitHub App Token
+        id: app-token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.DEPENDABOT_PR_APP_ID }}
+          private_key: ${{ secrets.DEPENDABOT_PR_APP_PRIVATE_KEY }}
+
       - name: Move PR to Code Review in Project v2
         uses: actions/github-script@v7
         with:
-          github-token: ${{ secrets.DEPENDABOT_PR_AUTOMATION_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           script: |
             const projectNumber   = 8; // for "OFN Delivery board"
-            const org            = "openfoodfoundation";
-            const repo           = context.repo.repo;
-            const prNumber       = context.payload.pull_request.number;
+            const org             = "openfoodfoundation";
+            const repo            = context.repo.repo;
+            const prNumber        = context.payload.pull_request.number;
             const statusFieldName = "Status";
             const statusValue     = "Code review 🔎";