ci: use cotp release bot app to release and bypass ruleset checks (#558)

Author: replydev

.github/workflows/release.yml

@@ -8,19 +8,22 @@ jobs:
   semantic-release:
     name: Release the application
     runs-on: ubuntu-latest
-    permissions:
-      contents: write # Permit release creation
-      issues: write # Write on released issues
-      pull-requests: write # Write on released PRs
-      actions: write # Trigger deploy action
     steps:
+      - name: Generate Bot token used to release
+        id: generate_token
+        uses: tibdex/github-app-token@v1
+        with:
+          app_id: ${{ secrets.RELEASE_APP_ID }}
+          private_key: ${{ secrets.RELEASE_APP_PRIVATE_KEY }}      
       - name: Checkout sources
         uses: actions/checkout@v4
-      
+        with:
+          fetch-depth: 0
+          token: ${{ steps.generate_token.outputs.token }}
       - name: Install NodeJS
         uses: actions/setup-node@v4
         with:
-          node-version: 20
+          node-version: 22
 
       - name: Install Semantic Release globally
         run: npm install -g semantic-release @semantic-release/git @semantic-release/exec @semantic-release/changelog
@@ -29,4 +32,4 @@ jobs:
       - name: Release with semantic versioning
         run: npx semantic-release
         env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GH_TOKEN: ${{ steps.generate_token.outputs.token }}