ci: add 'GitHub App' TODO to update workflow
Using a GitHub App is more secure and idiomatic than using a Personal Access Token or SSH Deploy Key. See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#triggering-further-workflow-runs and https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens
This commit is contained in:
Matt Sturgeon
Austin Horstman
parent
9d2ae59579
commit
7c60ea0296
1 changed files with 3 additions and 0 deletions
3
.github/workflows/update-flake.yml
vendored
3
.github/workflows/update-flake.yml
vendored
|
|
@ -17,5 +17,8 @@ jobs:
|
|||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@v25
|
||||
with:
|
||||
# NOTE: this uses the GH_TOKEN_FOR_UPDATES because pushing a flake
|
||||
# update PR using GITHUB_TOKEN does not trigger CI.
|
||||
# TODO: consider switching to a GitHub App
|
||||
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
||||
pr-labels: dependencies
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue