README: document using a different Git author / committer

Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 16 to 17.
- [Release notes](https://github.com/cachix/install-nix-action/releases)
- [Commits](https://github.com/cachix/install-nix-action/compare/v16...v17)

---
updated-dependencies:
- dependency-name: cachix/install-nix-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"

.github/workflows/ci.yml

@@ -12,6 +12,6 @@ jobs:
         with:
           fetch-depth: 0
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
+        uses: cachix/install-nix-action@v17
       - name: Shellcheck
         run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'

.github/workflows/update.yml

@@ -11,7 +11,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
+        uses: cachix/install-nix-action@v17
         with:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}

README.md

@@ -122,6 +122,38 @@ jobs:
         uses: DeterminateSystems/update-flake-lock@vX
         with:
           inputs: input1 input2 input3
+          path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
+```
+
+## Example using a different Git user
+
+If you want to change the author and / or committer of the flake.lock update commit, you can tweak the `git-{author,committer}-{name,email}` options:
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install Nix
+        uses: cachix/install-nix-action@v16
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          git-author-name: 'Jane Author'
+          git-author-email: 'github-actions[bot]@users.noreply.github.com'
+          git-committer-name: 'John Committer'
+          git-committer-email: 'github-actions[bot]@users.noreply.github.com'
 ```
 
 ## Running GitHub Actions CI
@@ -176,6 +208,8 @@ For the bot to produce signed commits, you will have to provide the GPG private
 
 When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key. 
 
+If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
+
 You can find an example of how to using this action with commit signing below:
 
 ```yaml
@@ -198,6 +232,7 @@ jobs:
         with:
           sign-commits: true
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} # specify subkey fingerprint (optional)
           gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
 ```
 

action.yml

@@ -17,6 +17,10 @@ inputs:
     description: 'The branch of the PR to be created'
     required: false
     default: "update_flake_lock_action"
+  path-to-flake-dir:
+    description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.'
+    required: false
+    default: ''
   pr-title:
     description: 'The title of the PR to be created'
     required: false
@@ -49,6 +53,22 @@ inputs:
     description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
     required: false
     default: ''
+  git-author-name:
+    description: 'Author name used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]'
+  git-author-email:
+    description: 'Author email used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]@users.noreply.github.com'
+  git-committer-name:
+    description: 'Committer name used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]'
+  git-committer-email:
+    description: 'Committer email used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]@users.noreply.github.com'
   sign-commits:
     description: 'Set to true if the action should sign the commit with GPG'
     required: false
@@ -57,6 +77,9 @@ inputs:
     description: 'GPG Private Key with which to sign the commits in the PR to be created'
     required: false
     default: ''
+  gpg-fingerprint:
+    description: 'Fingerprint of specific GPG subkey to use'
+    required: false
   gpg-passphrase:
     description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
     required: false
@@ -71,9 +94,10 @@ runs:
     - name: Import bot's GPG key for signing commits
       if: ${{ inputs.sign-commits == 'true' }}
       id: import-gpg
-      uses: crazy-max/ghaction-import-gpg@v4
+      uses: crazy-max/ghaction-import-gpg@v5
       with:
         gpg_private_key: ${{ inputs.gpg-private-key }}
+        fingerprint: ${{ inputs.gpg-fingerprint }}
         passphrase: ${{ inputs.gpg-passphrase }}
         git_config_global: true
         git_user_signingkey: true
@@ -96,10 +120,10 @@ runs:
       if: ${{ inputs.sign-commits != 'true' }}
       shell: bash
       run: |
-        echo "GIT_AUTHOR_NAME=github-actions[bot]" >> $GITHUB_ENV
+        echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV
-        echo "GIT_AUTHOR_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
+        echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
-        echo "GIT_COMMITTER_NAME=github-actions[bot]" >> $GITHUB_ENV
+        echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
-        echo "GIT_COMMITTER_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
+        echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
     - name: Run update-flake-lock.sh
       run: $GITHUB_ACTION_PATH/update-flake-lock.sh
       shell: bash
@@ -110,6 +134,7 @@ runs:
         GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
         TARGETS: ${{ inputs.inputs }}
         COMMIT_MSG: ${{ inputs.commit-msg }}
+        PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
     - name: Save PR Body as file
       uses: DamianReeves/write-file-action@v1.1
       with:

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1654682581,
+        "lastModified": 1659131907,
-        "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
+        "narHash": "sha256-8bz4k18M/FuVC+EVcI4aREN2PsEKT7LGmU2orfjnpCg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "e0169d7a9d324afebf5679551407756c77af8930",
+        "rev": "8d435fca5c561da8168abb30270788d2da2a7951",
         "type": "github"
       },
       "original": {

update-flake-lock.sh

@@ -1,6 +1,10 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
+  cd "$PATH_TO_FLAKE_DIR"
+fi
+
 if [[ -n "$TARGETS" ]]; then
     inputs=()
     for input in $TARGETS; do