workflows/vendor-gems: trial using GitHub App token

.github/actionlint.yaml

@@ -1,8 +1,8 @@
 self-hosted-runner:
   # Labels of self-hosted runner in array of strings.
-  labels:
+  labels: []
-    - 11-arm64
 # Configuration variables in array of strings defined in your repository or
 # organization. `null` means disabling configuration variables check.
 # Empty array means no configuration variable is allowed.
-config-variables: []
+config-variables:
+  - BREW_COMMIT_APP_ID

.github/workflows/vendor-gems.yml

@@ -151,11 +151,19 @@ jobs:
                        -m "Autogenerated by the [vendor-gems](https://github.com/Homebrew/brew/blob/HEAD/.github/workflows/vendor-gems.yml) workflow."
           fi
 
+      - name: Generate push token
+        uses: actions/create-github-app-token@v1
+        id: app-token
+        if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
+        with:
+          app-id: ${{ vars.BREW_COMMIT_APP_ID }}
+          private-key: ${{ secrets.BREW_COMMIT_APP_KEY }}
+
       - name: Push to pull request
         if: github.event_name == 'pull_request_target' || github.event_name == 'workflow_dispatch'
         uses: Homebrew/actions/git-try-push@master
         with:
-          token: ${{ secrets.HOMEBREW_GITHUB_PUBLIC_REPO_TOKEN }}
+          token: ${{ steps.app-token.outputs.token }}
           directory: ${{ steps.set-up-homebrew.outputs.repository-path }}
           branch: ${{ steps.checkout.outputs.branch }}
           force: true