build: migrate patch-up to use app creds (electron#36817)

package.json

@@ -7,8 +7,8 @@
     "@azure/storage-blob": "^12.9.0",
     "@electron/asar": "^3.2.1",
     "@electron/docs-parser": "^1.0.0",
+    "@electron/github-app-auth": "^1.5.0",
     "@electron/typescript-definitions": "^8.10.0",
-    "@octokit/auth-app": "^2.10.0",
     "@octokit/rest": "^18.0.3",
     "@primer/octicons": "^10.0.0",
     "@types/basic-auth": "^1.1.3",
@@ -149,4 +149,4 @@
   "resolutions": {
     "nan": "nodejs/nan#16fa32231e2ccd89d2804b3f765319128b20c4ac"
   }
-}
+}

script/push-patch.js

@@ -1,4 +1,4 @@
-const { createAppAuth } = require('@octokit/auth-app');
+const { appCredentialsFromString, getTokenForRepo } = require('@electron/github-app-auth');
 const cp = require('child_process');
 
 if (!process.env.CIRCLE_BRANCH) {
@@ -11,17 +11,15 @@ if (process.env.CIRCLE_PR_NUMBER) {
   process.exit(1);
 }
 
-const auth = createAppAuth({
-  appId: process.env.PATCH_UP_APP_ID,
-  privateKey: Buffer.from(process.env.PATCH_UP_PRIVATE_KEY, 'base64').toString('utf8'),
-  installationId: process.env.PATCH_UP_INSTALLATION_ID,
-  clientId: process.env.PATCH_UP_CLIENT_ID,
-  clientSecret: process.env.PATCH_UP_CLIENT_SECRET
-});
-
 async function main () {
-  const installationAuth = await auth({ type: 'installation' });
-  const remoteURL = `https://x-access-token:${installationAuth.token}@github.com/electron/electron.git`;
+  const token = await getTokenForRepo(
+    {
+      name: 'electron',
+      owner: 'electron'
+    },
+    appCredentialsFromString(process.env.PATCH_UP_APP_CREDS)
+  );
+  const remoteURL = `https://x-access-token:${token}@github.com/electron/electron.git`;
   // NEVER LOG THE OUTPUT OF THIS COMMAND
   // GIT LEAKS THE ACCESS CREDENTIALS IN CONSOLE LOGS
   const { status } = cp.spawnSync('git', ['push', '--set-upstream', remoteURL], {