diff --git a/.github/workflows/lock-updater.yml b/.github/workflows/lock-updater.yml
index 062a4ea2..74984c93 100644
--- a/.github/workflows/lock-updater.yml
+++ b/.github/workflows/lock-updater.yml
@@ -11,12 +11,11 @@ jobs:
     name: Flake Lock Updater
     runs-on: ubuntu-22.04
     permissions:
-      contents: read
+      contents: write
       id-token: write
+      pull-requests: write
     steps:
       - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
       - uses: DeterminateSystems/nix-installer-action@v16
         with:
           determinate: true