ci: use github app

.github/workflows/check.yaml

@@ -16,11 +16,24 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+
+      - name: Generate GitHub App Token
+        id: generate-token
+        uses: actions/create-github-app-token@v1 
+        with:
+          app_id: ${{ vars.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          repositories: 
+
+      - name: Setup Git Config
+        run: |
+          git config --global url."https://x-access-token:${{ steps.app-token.outputs.token }}@github.com/".insteadOf "git+ssh://git@github.com/"
+
       - name: Setup Nix
         uses: DeterminateSystems/nix-installer-action@main
-        with:
-          github-token: ${{ secrets.KUNZEN_TOKEN }}
+
       - name: Magic Nix Cache
         uses: DeterminateSystems/magic-nix-cache-action@main
+
       - name: Nix Flake
         run: nix flake check

flake.lock

@@ -3093,11 +3093,11 @@
         "rev": "dbbf390c798a14bb316681e62fe56355d9ea88f6",
         "revCount": 4,
         "type": "git",
-        "url": "https://git@github.com/ooks-io/kunzen"
+        "url": "ssh://git@github.com/ooks-io/kunzen"
       },
       "original": {
         "type": "git",
-        "url": "https://git@github.com/ooks-io/kunzen"
+        "url": "ssh://git@github.com/ooks-io/kunzen"
       }
     },
     "systems": {

flake.nix

@@ -51,8 +51,7 @@
     };
 
     secrets = {
-      url = "git+https://git@github.com/ooks-io/kunzen";
-      allRefs = true;
+      url = "git+ssh://git@github.com/ooks-io/kunzen";
       inputs = {
         nixpkgs.follows = "nixpkgs";
         flake-parts.follows = "flake-parts";