actions: only use github token for flake-update

2 files changed, 10 insertions, 4 deletions

diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml
index 0ac81a5..48535a7 100644
--- a/.github/workflows/update-inputs.yaml
+++ b/.github/workflows/update-inputs.yaml
@@ -6,6 +6,10 @@ on:
     - cron: "0 0 * * 6"
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   update-lock:
     runs-on: ubuntu-latest
@@ -16,5 +20,4 @@ jobs:
       - uses: ./.github/actions/flake-update
         with:
           commit-msg: "flake: update all inputs"
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          update-token: ${{ secrets.FLAKE_UPDATE }}
+          github-token: ${{ github.token }}
diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml
index 8b0ac1b..2493fd8 100644
--- a/.github/workflows/update-nixpkgs.yaml
+++ b/.github/workflows/update-nixpkgs.yaml
@@ -6,6 +6,10 @@ on:
     - cron: "0 0 * * *"
   workflow_dispatch:
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   update-nixpkgs:
     runs-on: ubuntu-latest
@@ -16,6 +20,5 @@ jobs:
       - uses: ./.github/actions/flake-update
         with:
           commit-msg: "flake: update nixpkgs inputs"
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ github.token }}
           inputs: nixpkgs nixpkgs-stable
-          update-token: ${{ secrets.FLAKE_UPDATE }}