fix(gh-actions/update-{flake-lock,flake-packages}): Pass all secrets used by the action on workflow_call

Author: PetarKirov

.github/workflows/update-flake-lock.yml

@@ -7,6 +7,12 @@ on:
       NIX_GITHUB_TOKEN:
         description: GitHub token to add as access-token in nix.conf
         required: false
+      CREATE_PR_APP_ID:
+        description: ID of the GitHub App used for opening pull requests.
+        required: true
+      CREATE_PR_APP_PRIVATE_KEY:
+        description: Private key of the GitHub App used for opening pull requests.
+        required: true
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -47,8 +53,8 @@ jobs:
       - uses: tibdex/[email protected]
         id: generate-token
         with:
-          app_id: ${{ secrets.APP_ID }}
-          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          app_id: ${{ secrets.CREATE_PR_APP_ID }}
+          private_key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
 
       - name: Create Pull Request
         if: ${{ hashFiles('commit_msg_body.txt') != '' }}

.github/workflows/update-flake-packages.yml

@@ -7,6 +7,12 @@ on:
       NIX_GITHUB_TOKEN:
         description: GitHub token to add as access-token in nix.conf
         required: false
+      CREATE_PR_APP_ID:
+        description: ID of the GitHub App used for opening pull requests.
+        required: true
+      CREATE_PR_APP_PRIVATE_KEY:
+        description: Private key of the GitHub App used for opening pull requests.
+        required: true
 
   # Allow this workflow to be triggered manually:
   workflow_dispatch:
@@ -39,8 +45,8 @@ jobs:
       - uses: tibdex/[email protected]
         id: generate-token
         with:
-          app_id: ${{ secrets.APP_ID }}
-          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          app_id: ${{ secrets.CREATE_PR_APP_ID }}
+          private_key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
 
       - name: Update flake packages
         uses: metacraft-labs/nix-update-action@main