diff --git a/.github/workflows/versioning.yaml b/.github/workflows/versioning.yaml
index b6fae4c6..20b8e8d5 100644
--- a/.github/workflows/versioning.yaml
+++ b/.github/workflows/versioning.yaml
@@ -15,10 +15,16 @@ jobs:
         if: (github.event.head_commit.message != 'Update package version')
         runs-on: ubuntu-latest
         steps:
+          - name: Generate GitHub App token
+            id: app-token
+            uses: actions/create-github-app-token@v1
+            with:
+              app-id: ${{ secrets.APP_ID }}
+              private-key: ${{ secrets.APP_PRIVATE_KEY }}
           - name: Checkout repo
             uses: actions/checkout@v4
             with:
-              token: ${{ secrets.POLICYENGINE_GITHUB }}
+              token: ${{ steps.app-token.outputs.token }}
               fetch-depth: 0
           - name: Setup Python
             uses: actions/setup-python@v5
diff --git a/changelog.d/fix-us-data-pypi.fixed.md b/changelog.d/fix-us-data-pypi.fixed.md
new file mode 100644
index 00000000..17973548
--- /dev/null
+++ b/changelog.d/fix-us-data-pypi.fixed.md
@@ -0,0 +1 @@
+Migrated versioning workflow from expired PAT to GitHub App token for reliable PyPI publishing.