From 782f813a15726b580e7dfb75c71d6824ae2265a0 Mon Sep 17 00:00:00 2001
From: Ahmed Ejaz <chahmedejaz9050@gmail.com>
Date: Mon, 29 Sep 2025 11:35:48 +0500
Subject: [PATCH] Add Dependabot PR test event and update workflow for token
 generation

---
 .github/test-events/dependabot-pr.json        | 15 +++++++++++++++
 .../move-dependency-pr-to-code-review.yml     | 19 +++++++++++--------
 2 files changed, 26 insertions(+), 8 deletions(-)
 create mode 100644 .github/test-events/dependabot-pr.json

diff --git a/.github/test-events/dependabot-pr.json b/.github/test-events/dependabot-pr.json
new file mode 100644
index 0000000000..585eded46c
--- /dev/null
+++ b/.github/test-events/dependabot-pr.json
@@ -0,0 +1,15 @@
+{
+  "pull_request": {
+    "number": 13545,
+    "title": "Bump test from 7.0.4 to 7.0.8",
+    "user": {
+      "login": "dependabot[bot]"
+    }
+  },
+  "repository": {
+    "owner": {
+      "login": "openfoodfoundation"
+    },
+    "name": "openfoodnetwork"
+  }
+}
diff --git a/.github/workflows/move-dependency-pr-to-code-review.yml b/.github/workflows/move-dependency-pr-to-code-review.yml
index 18fa5b4857..b3ea57dd92 100644
--- a/.github/workflows/move-dependency-pr-to-code-review.yml
+++ b/.github/workflows/move-dependency-pr-to-code-review.yml
@@ -1,8 +1,4 @@
 name: Auto-move Dependabot PRs to Code Review
-permissions:
-  contents: read
-  pull-requests: write
-  project: write
 
 on:
   pull_request:
@@ -13,15 +9,22 @@ jobs:
     runs-on: ubuntu-latest
     if: github.event.pull_request.user.login == 'dependabot[bot]' || startsWith(github.event.pull_request.title, 'Bump')
     steps:
+      - name: Generate GitHub App Token
+        id: app-token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.DEPENDABOT_PR_APP_ID }}
+          private_key: ${{ secrets.DEPENDABOT_PR_APP_PRIVATE_KEY }}
+
       - name: Move PR to Code Review in Project v2
         uses: actions/github-script@v7
         with:
-          github-token: ${{ secrets.DEPENDABOT_PR_AUTOMATION_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           script: |
             const projectNumber   = 8; // for "OFN Delivery board"
-            const org            = "openfoodfoundation";
-            const repo           = context.repo.repo;
-            const prNumber       = context.payload.pull_request.number;
+            const org             = "openfoodfoundation";
+            const repo            = context.repo.repo;
+            const prNumber        = context.payload.pull_request.number;
             const statusFieldName = "Status";
             const statusValue     = "Code review 🔎";