Example: Using a GitHub App token instead of a PAT

[juris]

First off, thank you for this action. It's a huge money-saver!

The README currently recommends a fine-grained Personal Access Token for github_token. I wanted to share that a GitHub App works as a drop-in replacement and is a better practice for org-wide use. Tokens are short-lived, there's no expiry to manage, and it's not tied to a personal account.

Here's the setup that works for me:

1. Create a GitHub App with Repository permissions → Administration → Read and write
2. Install the app on the relevant repositories (or org-wide)
3. Add two org-wide or repo-wide secrets:

• app's Client ID YOUR_APP_CLIENT_ID
• its private key YOUR_APP_PRIVATE_KEY
  Private key must be in PKCS#8 format — convert from OpenSSH with ssh-keygen -p -m PKCS8 -f your-key.pem -N ""

4. Generate a token in your workflow before calling this action:

  - name: Generate GitHub token
    id: generate_token
    uses: actions/create-github-app-token@v2
    with:
      app-id: ${{ secrets.YOUR_APP_CLIENT_ID }}
      private-key: ${{ secrets.YOUR_APP_PRIVATE_KEY }}
  - uses: Cyclenerd/hcloud-github-runner@v1
    with:
      mode: create
      github_token: ${{ steps.generate_token.outputs.token }}

Could be worth a README mention if others are likely hitting the same setup?