diff --git a/.github/workflows/createNewVersion.yml b/.github/workflows/createNewVersion.yml
index a9138044c6c7..e0434cf267ff 100644
--- a/.github/workflows/createNewVersion.yml
+++ b/.github/workflows/createNewVersion.yml
@@ -29,6 +29,12 @@ on:
       SLACK_WEBHOOK:
         description: Webhook used to comment in slack
         required: true
+      OS_BOTIFY_INSTALLATION_ID:
+        description: Installation ID for OS Botify App
+        required: true
+      OS_BOTIFY_COMMIT_TOKEN:
+        description: OSBotify personal access token, used to workaround committing to protected branch
+        required: true
 
 jobs:
   validateActor:
@@ -40,9 +46,10 @@ jobs:
     steps:
       - name: Get user permissions
         id: getUserPermissions
-        run: echo "PERMISSION=$(gh api /users/installations/${{ secrets.OS_BOTIFY_INSTALLATION_ID }}/repositories | jq -r '.repositories[].permissions')" >> "$GITHUB_OUTPUT"
+        run: echo "PERMISSION=$(gh api /users/installations/"${OS_BOTIFY_INSTALLATION_ID}"/repositories | jq -r '.repositories[].permissions')" >> "$GITHUB_OUTPUT"
         env:
           GITHUB_TOKEN: fixme
+          OS_BOTIFY_INSTALLATION_ID: ${{ secrets.OS_BOTIFY_INSTALLATION_ID }}
 
   createNewVersion:
     runs-on: macos-latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index c74b44cae3c4..1ccb1d2ccdfd 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -9,16 +9,17 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/staging'
     steps:
+      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
+        id: setupGitForOSBotify
+        with:
+          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
       - name: Checkout staging branch
         uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8
         with:
           ref: staging
           token: ${{ steps.setupGitForOSBotify.outputs.OS_BOTIFY_API_TOKEN }}
 
-      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
-        with:
-          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
-
       - name: Tag version
         run: git tag "$(npm run print-version --silent)"
 
@@ -29,6 +30,11 @@ jobs:
     runs-on: ubuntu-latest
     if: github.ref == 'refs/heads/production'
     steps:
+      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
+        id: setupGitForOSBotify
+        with:
+          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
       - uses: actions/checkout@v3
         with:
           ref: production
diff --git a/.github/workflows/finishReleaseCycle.yml b/.github/workflows/finishReleaseCycle.yml
index 5f1b32ec73dc..c80b235277ad 100644
--- a/.github/workflows/finishReleaseCycle.yml
+++ b/.github/workflows/finishReleaseCycle.yml
@@ -12,6 +12,11 @@ jobs:
     outputs:
       isValid: ${{ fromJSON(steps.isDeployer.outputs.IS_DEPLOYER) && !fromJSON(steps.checkDeployBlockers.outputs.HAS_DEPLOY_BLOCKERS) }}
     steps:
+      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
+        id: setupGitForOSBotify
+        with:
+          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
       - name: Validate actor is deployer
         id: isDeployer
         run: |
@@ -68,6 +73,7 @@ jobs:
           token: ${{ secrets.OS_BOTIFY_TOKEN }}
 
       - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
+        id: setupGitForOSBotify
         with:
           GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
 
@@ -125,6 +131,11 @@ jobs:
     runs-on: ubuntu-latest
     needs: [updateStaging, createNewPatchVersion]
     steps:
+      - uses: Expensify/App/.github/actions/composite/setupGitForOSBotify@main
+        id: setupGitForOSBotify
+        with:
+          GPG_PASSPHRASE: ${{ secrets.LARGE_SECRET_PASSPHRASE }}
+
       - uses: actions/checkout@v3
         with:
           ref: staging