diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 8dd3872..70fc7a0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -57,10 +57,16 @@ jobs:
       contents: write
     if: always() && needs.build.outputs.self_mutation_happened && !(github.event.pull_request.head.repo.full_name != github.repository)
     steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
+        with:
+          app_id: ${{ secrets.PROJEN_APP_ID }}
+          private_key: ${{ secrets.PROJEN_APP_PRIVATE_KEY }}
       - name: Checkout
         uses: actions/checkout@v4
         with:
-          token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+          token: ${{ steps.generate_token.outputs.token }}
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
       - name: Download patch
diff --git a/.github/workflows/upgrade-main.yml b/.github/workflows/upgrade-main.yml
index 374ec31..bb94194 100644
--- a/.github/workflows/upgrade-main.yml
+++ b/.github/workflows/upgrade-main.yml
@@ -47,6 +47,12 @@ jobs:
       contents: read
     if: ${{ needs.upgrade.outputs.patch_created }}
     steps:
+      - name: Generate token
+        id: generate_token
+        uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a
+        with:
+          app_id: ${{ secrets.PROJEN_APP_ID }}
+          private_key: ${{ secrets.PROJEN_APP_PRIVATE_KEY }}
       - name: Checkout
         uses: actions/checkout@v4
         with:
@@ -66,7 +72,7 @@ jobs:
         id: create-pr
         uses: peter-evans/create-pull-request@v6
         with:
-          token: ${{ secrets.PROJEN_GITHUB_TOKEN }}
+          token: ${{ steps.generate_token.outputs.token }}
           commit-message: |-
             chore(deps): upgrade dependencies
 
diff --git a/.projen/tasks.json b/.projen/tasks.json
index 82fb05e..24cf8e2 100644
--- a/.projen/tasks.json
+++ b/.projen/tasks.json
@@ -33,7 +33,8 @@
         "BUMPFILE": "dist/version.txt",
         "RELEASETAG": "dist/releasetag.txt",
         "RELEASE_TAG_PREFIX": "",
-        "BUMP_PACKAGE": "commit-and-tag-version@^12"
+        "BUMP_PACKAGE": "commit-and-tag-version@^12",
+        "RELEASABLE_COMMITS": "git log --no-merges --oneline $LATEST_TAG..HEAD -E --grep \"^(feat|fix){1}(\\([^()[:space:]]+\\))?(!)?:[[:blank:]]+.+\""
       },
       "steps": [
         {
@@ -229,7 +230,8 @@
         "BUMPFILE": "dist/version.txt",
         "RELEASETAG": "dist/releasetag.txt",
         "RELEASE_TAG_PREFIX": "",
-        "BUMP_PACKAGE": "commit-and-tag-version@^12"
+        "BUMP_PACKAGE": "commit-and-tag-version@^12",
+        "RELEASABLE_COMMITS": "git log --no-merges --oneline $LATEST_TAG..HEAD -E --grep \"^(feat|fix){1}(\\([^()[:space:]]+\\))?(!)?:[[:blank:]]+.+\""
       },
       "steps": [
         {
diff --git a/.projenrc.js b/.projenrc.js
index 63d40b0..ae74815 100644
--- a/.projenrc.js
+++ b/.projenrc.js
@@ -1,4 +1,4 @@
-import { typescript, javascript } from "projen";
+import { typescript, github, javascript, ReleasableCommits } from "projen";
 
 const project = new typescript.TypeScriptProject({
   name: "container",
@@ -60,11 +60,11 @@ const project = new typescript.TypeScriptProject({
   majorVersion: 0,
   defaultReleaseBranch: "main",
   githubOptions: {
+    projenCredentials: github.GithubCredentials.fromApp({}),
     pullRequestLintOptions: {
       semanticTitleOptions: { types: ["feat", "fix", "chore", "docs"] },
     },
   },
-  projenTokenSecret: "PROJEN_GITHUB_TOKEN",
   autoApproveOptions: {
     // Anyone with write access to this repository can have auto-approval.
     allowedUsernames: [],
@@ -76,6 +76,7 @@ const project = new typescript.TypeScriptProject({
     },
   },
 
+  releasableCommits: ReleasableCommits.featuresAndFixes(),
   releaseToNpm: true,
   packageName: "@libreworks/container",
   npmAccess: javascript.NpmAccess.PUBLIC,