diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 0890d3b3c..1cacb773e 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -56,6 +56,9 @@ jobs:
             'dist/tempo-operator.yaml#Installation manifest for Kubernetes' \
 
   operator-hub-prod-release:
+    if: |
+      github.event.pull_request.merged == true && github.event.pull_request.head.repo.full_name == github.repository
+      && github.event.pull_request.user.login == 'github-actions[bot]' && github.event.pull_request.user.type == 'Bot'
     needs: release
     uses: ./.github/workflows/reusable-operator-hub-release.yaml
     with:
@@ -63,11 +66,12 @@ jobs:
       repo: community-operators-prod
       version: ${{inputs.version}}
     secrets:
-      PUBLISH_APP_ID: ${{ secrets.PUBLISH_APP_ID }}
-      PUBLISH_APP_PRIVATE_KEY: ${{ secrets.PUBLISH_APP_PRIVATE_KEY }}
-      PUBLISH_APP_INSTALLATION_ID: ${{ secrets.PUBLISH_APP_INSTALLATION_ID }}
+      TEMPOOPERATORBOT_GITHUB_TOKEN: ${{ secrets.TEMPOOPERATORBOT_GITHUB_TOKEN }}
 
   operator-hub-community-release:
+    if: |
+      github.event.pull_request.merged == true && github.event.pull_request.head.repo.full_name == github.repository
+      && github.event.pull_request.user.login == 'github-actions[bot]' && github.event.pull_request.user.type == 'Bot'
     needs: release
     uses: ./.github/workflows/reusable-operator-hub-release.yaml
     with:
@@ -75,6 +79,4 @@ jobs:
       repo: community-operators
       version: ${{inputs.version}}
     secrets:
-      PUBLISH_APP_ID: ${{ secrets.PUBLISH_APP_ID }}
-      PUBLISH_APP_PRIVATE_KEY: ${{ secrets.PUBLISH_APP_PRIVATE_KEY }}
-      PUBLISH_APP_INSTALLATION_ID: ${{ secrets.PUBLISH_APP_INSTALLATION_ID }}
+      TEMPOOPERATORBOT_GITHUB_TOKEN: ${{ secrets.TEMPOOPERATORBOT_GITHUB_TOKEN }}
diff --git a/.github/workflows/reusable-operator-hub-release.yaml b/.github/workflows/reusable-operator-hub-release.yaml
index bf2213cc3..3860234f3 100644
--- a/.github/workflows/reusable-operator-hub-release.yaml
+++ b/.github/workflows/reusable-operator-hub-release.yaml
@@ -13,25 +13,15 @@ on:
         type: string
         required: true
     secrets:
-      PUBLISH_APP_ID:
-        required: true
-      PUBLISH_APP_PRIVATE_KEY:
+      TEMPOOPERATORBOT_GITHUB_TOKEN:
         required: true
 jobs:
   create-operator-pull-request:
     runs-on: ubuntu-latest
     steps:
-      - name: Generate token
-        id: generate_token
-        uses: tibdex/github-app-token@v2
-        with:
-          app_id: ${{ secrets.PUBLISH_APP_ID }}
-          private_key: ${{ secrets.PUBLISH_APP_PRIVATE_KEY }}
-          installation_retrieval_payload:  ${{ secrets.PUBLISH_APP_INSTALLATION_ID }}
-          installation_retrieval_mode: id
       - name: Sync fork
         env:
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GH_TOKEN: ${{ secrets.TEMPOOPERATORBOT_GITHUB_TOKEN }}
         run: |
           # synchronizing the fork is fast, and avoids the need to fetch the full upstream repo
           # (fetching the upstream repo with "--depth 1" would lead to "shallow update not allowed"
@@ -69,7 +59,7 @@ jobs:
       - name: Create pull request against ${{ inputs.org }}/${{ inputs.repo }}
         env:
           VERSION: ${{ inputs.version }}
-          GH_TOKEN: ${{ steps.generate_token.outputs.token }}
+          GH_TOKEN: ${{ secrets.TEMPOOPERATORBOT_GITHUB_TOKEN }}
         run: |
           message="Update the tempo to $VERSION"
           body="Release tempo-operator \`$VERSION\`.