Use secure-checkout action

Author: alcaeus

.github/workflows/release.yml

@@ -9,12 +9,6 @@ on:
         required: true
         type: "string"
 
-env:
-  # TODO: Adding the mongodb-dbx-release-automation app to the repository will allow fetching a one-time token and pushing
-  # changes on behalf of the app. This also allows bypassing branch protection rules
-  GIT_AUTHOR_NAME: "mongodb-dbx-release-bot[bot]"
-  GIT_AUTHOR_EMAIL: "167856002+mongodb-dbx-release-bot[bot]@users.noreply.github.com"
-
 jobs:
   prepare-release:
     environment: release
@@ -27,23 +21,13 @@ jobs:
       contents: write
 
     steps:
-      - uses: actions/create-github-app-token@v1
-        id: app-token
-        with:
-          app-id: ${{ vars.APP_ID }}
-          private-key: ${{ secrets.APP_PRIVATE_KEY }}
-
-      - name: "Store GitHub token in environment"
-        run: echo "GH_TOKEN=${{ steps.app-token.outputs.token }}" >> "$GITHUB_ENV"
-
       - name: "Create release output"
         run: echo '🎬 Release process for version ${{ env.RELEASE_VERSION }} started by @${{ github.triggering_actor }}' >> $GITHUB_STEP_SUMMARY
 
-      - uses: actions/checkout@v4
+      - uses: mongodb-labs/drivers-github-tools/secure-checkout@v2
         with:
-          # fetch-depth 0 is required to fetch all branches and tags
-          fetch-depth: 0
-          token: ${{ steps.app-token.outputs.token }}
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_PRIVATE_KEY }}
 
       - name: "Store version numbers in env variables"
         # The awk command to increase the version number was copied from