From 01af1992af7bee7705849c1ac6e844adce5ec583 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Fri, 9 Feb 2024 01:14:45 -0500
Subject: actions: use scoped github.token

---
 .github/workflows/update-lock.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to '.github/workflows/update-lock.yaml')

diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml
index 1f2063c..36971d5 100644
--- a/.github/workflows/update-lock.yaml
+++ b/.github/workflows/update-lock.yaml
@@ -12,15 +12,16 @@ on:
         required: false
         default: ""
         type: string
-    secrets:
-      token:
-        description: PAT for creating creating/merging the PR
-        required: true
 
 jobs:
   update:
+    name: Update & make PR
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+      pull-requests: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -34,11 +35,11 @@ jobs:
           commit-msg: ${{ inputs.commit-msg }}
           inputs: ${{ inputs.inputs }}
           pr-title: ${{ inputs.commit-msg }}
-          token: ${{ secrets.token }}
+          token: ${{ github.token }}
 
       - name: Enable auto-merge
         shell: bash
         run: gh pr merge --auto --rebase "$PR_ID"
         env:
-          GITHUB_TOKEN: ${{ secrets.token }}
+          GH_TOKEN: ${{ github.token }}
           PR_ID: ${{ steps.update.outputs.pull-request-number }}
-- 
cgit v1.2.3