From 36b72ae05edbb20ac0f3077205f304d4b86ab84f Mon Sep 17 00:00:00 2001
From: Zach Butler <zach.butler@eosnetwork.com>
Date: Wed, 25 Jan 2023 01:40:42 -0500
Subject: [PATCH] Use a GitHub app to obtain an ephemeral token with
 permissions to private repos, then use it to clone private submodules

---
 .github/workflows/contract.yml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml
index 4cac8660..9eca86ad 100644
--- a/.github/workflows/contract.yml
+++ b/.github/workflows/contract.yml
@@ -8,10 +8,18 @@ jobs:
     runs-on: ubuntu-20.04
 
     steps:
+      - name: Authenticate
+        id: auth
+        uses: AntelopeIO/github-app-token-action@v1
+        with:
+          app_id: ${{ secrets.TRUSTEVM_CI_APP_ID }}
+          private_key: ${{ secrets.TRUSTEVM_CI_APP_KEY }}
+
       - name: Checkout Repo
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
+          token: ${{ steps.auth.outputs.token }}
 
       - name: Download CDT
         uses: AntelopeIO/asset-artifact-download-action@v2