diff options
| author | seth <[email protected]> | 2023-07-10 22:30:20 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2023-07-10 22:30:40 -0400 |
| commit | 35e312bfb41145fdcafe43ffe52f6808c231a360 (patch) | |
| tree | c70d8f444f66bcea3be94c8843a8ad2f7de0fb1c | |
| parent | c7fe8ea208dfa933ff1870fb3c652617a7254908 (diff) | |
actions: only use github token for flake-update
| -rw-r--r-- | .github/actions/flake-update/action.yaml | 11 | ||||
| -rw-r--r-- | .github/workflows/update-inputs.yaml | 7 | ||||
| -rw-r--r-- | .github/workflows/update-nixpkgs.yaml | 7 |
3 files changed, 15 insertions, 10 deletions
diff --git a/.github/actions/flake-update/action.yaml b/.github/actions/flake-update/action.yaml index 8c3481a..11abd9d 100644 --- a/.github/actions/flake-update/action.yaml +++ b/.github/actions/flake-update/action.yaml @@ -5,15 +5,12 @@ inputs: required: true github-token: description: "github read token for increasing rate limits" - required: false + required: true default: "" inputs: description: "flake inputs to update" required: false default: "" - update-token: - description: "github write token for creating prs" - required: true runs: using: "composite" steps: @@ -29,12 +26,14 @@ runs: commit-msg: ${{ inputs.commit-msg }} inputs: ${{ inputs.inputs }} nix-options: "--accept-flake-config" + pr-body: | + Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action. pr-title: ${{ inputs.commit-msg }} - token: ${{ inputs.update-token }} + token: ${{ inputs.github-token }} - name: auto-merge pull request shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GITHUB_TOKEN: ${{ inputs.update-token }} + GITHUB_TOKEN: ${{ inputs.github-token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml index 0ac81a5..48535a7 100644 --- a/.github/workflows/update-inputs.yaml +++ b/.github/workflows/update-inputs.yaml @@ -6,6 +6,10 @@ on: - cron: "0 0 * * 6" workflow_dispatch: +permissions: + contents: write + pull-requests: write + jobs: update-lock: runs-on: ubuntu-latest @@ -16,5 +20,4 @@ jobs: - uses: ./.github/actions/flake-update with: commit-msg: "flake: update all inputs" - github-token: ${{ secrets.GITHUB_TOKEN }} - update-token: ${{ secrets.FLAKE_UPDATE }} + github-token: ${{ github.token }} diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml index 8b0ac1b..2493fd8 100644 --- a/.github/workflows/update-nixpkgs.yaml +++ b/.github/workflows/update-nixpkgs.yaml @@ -6,6 +6,10 @@ on: - cron: "0 0 * * *" workflow_dispatch: +permissions: + contents: write + pull-requests: write + jobs: update-nixpkgs: runs-on: ubuntu-latest @@ -16,6 +20,5 @@ jobs: - uses: ./.github/actions/flake-update with: commit-msg: "flake: update nixpkgs inputs" - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ github.token }} inputs: nixpkgs nixpkgs-stable - update-token: ${{ secrets.FLAKE_UPDATE }} |