chore: more fixes for the rebuild changelog action

.github/workflows/rebuild-changelog.yaml

@@ -21,6 +21,12 @@ jobs:
     name: Rebuild changelog
     runs-on: ubuntu-latest
     steps:
+      - uses: mongodb-js/devtools-shared/actions/setup-bot-token@main
+        id: app-token
+        with:
+          app-id: ${{ vars.DEVTOOLS_BOT_APP_ID }}
+          private-key: ${{ secrets.DEVTOOLS_BOT_PRIVATE_KEY }}
+
       - uses: actions/checkout@v4
         with:
           # don't checkout a detached HEAD, is important to have a real base
@@ -30,13 +36,11 @@ jobs:
           # this is important so git log can pick up on
           # the whole history to generate the CHANGELOG
           fetch-depth: '0'
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Update CHANGELOG.md
         # List all the releases and rebuild
-        # the changelog with the last 30
-        # releases
-        # Use the `--limit` parameter in `gh release list`
-        # to tweak this number
+        # the changelog.
         run: |
           echo "# Change Log" > CHANGELOG.md
           echo "" >> CHANGELOG.md
@@ -64,7 +68,7 @@ jobs:
             echo "" >> CHANGELOG.md
           done
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
 
       - name: Create Pull Request
         id: cpr
@@ -78,11 +82,10 @@ jobs:
             CHANGELOG.md
           body: |
             - Update `CHANGELOG.md`
+          token: ${{ steps.app-token.outputs.token }}
 
       - name: Merge PR
         env:
-          PULL_REQUEST_NUMBER: ${{steps.cpr.outputs.pull-request-number}}
-          # NOTE: we don't use a PAT so to not trigger further automation
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
         run: |
-          gh pr merge $PULL_REQUEST_NUMBER --squash --delete-branch
+          gh pr merge ${{steps.cpr.outputs.pull-request-number}} --squash --delete-branch