actions: use scoped github.token

author: seth <[email protected]> 2024-02-09 01:14:45 -0500
committer: seth <[email protected]> 2024-02-09 01:17:16 -0500
commit: 01af1992af7bee7705849c1ac6e844adce5ec583 (patch)
tree: 2963acc9812737d37ed6f8514f241b9c3e240f9f /.github/workflows/update-lock.yaml
parent: c4b388a6094bfb2eeede168193824b750322fbc1 (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml
index 1f2063c..36971d5 100644
--- a/.github/workflows/update-lock.yaml
+++ b/.github/workflows/update-lock.yaml
@@ -12,15 +12,16 @@ on:
         required: false
         default: ""
         type: string
-    secrets:
-      token:
-        description: PAT for creating creating/merging the PR
-        required: true
 
 jobs:
   update:
+    name: Update & make PR
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+      pull-requests: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -34,11 +35,11 @@ jobs:
           commit-msg: ${{ inputs.commit-msg }}
           inputs: ${{ inputs.inputs }}
           pr-title: ${{ inputs.commit-msg }}
-          token: ${{ secrets.token }}
+          token: ${{ github.token }}
 
       - name: Enable auto-merge
         shell: bash
         run: gh pr merge --auto --rebase "$PR_ID"
         env:
-          GITHUB_TOKEN: ${{ secrets.token }}
+          GH_TOKEN: ${{ github.token }}
           PR_ID: ${{ steps.update.outputs.pull-request-number }}
author	seth <[email protected]>	2024-02-09 01:14:45 -0500
committer	seth <[email protected]>	2024-02-09 01:17:16 -0500
commit	01af1992af7bee7705849c1ac6e844adce5ec583 (patch)
tree	2963acc9812737d37ed6f8514f241b9c3e240f9f /.github/workflows/update-lock.yaml
parent	c4b388a6094bfb2eeede168193824b750322fbc1 (diff)