diff options
| -rw-r--r-- | .github/workflows/autobot.yaml | 3 | ||||
| -rw-r--r-- | .github/workflows/update-inputs.yaml | 6 | ||||
| -rw-r--r-- | .github/workflows/update-lock.yaml | 13 | ||||
| -rw-r--r-- | .github/workflows/update-nixpkgs.yaml | 6 |
4 files changed, 17 insertions, 11 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index fa33623..7715185 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -4,6 +4,7 @@ on: pull_request jobs: automerge: + name: Check and auto-merge runs-on: ubuntu-latest permissions: @@ -21,5 +22,5 @@ jobs: if: steps.metadata.outputs.update-type == 'version-update:semver-patch' run: gh pr merge --auto --rebase "$PR" env: + GH_TOKEN: ${{ github.token }} PR: ${{ github.event.pull_request.html_url }} - GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml index 745e60b..9e08a76 100644 --- a/.github/workflows/update-inputs.yaml +++ b/.github/workflows/update-inputs.yaml @@ -8,8 +8,10 @@ on: jobs: update: + permissions: + contents: write + pull-requests: write + uses: ./.github/workflows/update-lock.yaml with: commit-msg: "flake: update all inputs" - secrets: - token: ${{ secrets.MERGE_TOKEN }} diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml index 1f2063c..36971d5 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-lock.yaml @@ -12,15 +12,16 @@ on: required: false default: "" type: string - secrets: - token: - description: PAT for creating creating/merging the PR - required: true jobs: update: + name: Update & make PR runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v4 @@ -34,11 +35,11 @@ jobs: commit-msg: ${{ inputs.commit-msg }} inputs: ${{ inputs.inputs }} pr-title: ${{ inputs.commit-msg }} - token: ${{ secrets.token }} + token: ${{ github.token }} - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GITHUB_TOKEN: ${{ secrets.token }} + GH_TOKEN: ${{ github.token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml index 57726ec..2fd0ec5 100644 --- a/.github/workflows/update-nixpkgs.yaml +++ b/.github/workflows/update-nixpkgs.yaml @@ -8,9 +8,11 @@ on: jobs: update: + permissions: + contents: write + pull-requests: write + uses: ./.github/workflows/update-lock.yaml with: commit-msg: "flake: update nixpkgs" inputs: "nixpkgs nixpkgs-stable" - secrets: - token: ${{ secrets.MERGE_TOKEN }} |