11name : Fix flake hashes
22
33on :
4+ workflow_dispatch :
45 push :
56 branches : [dev]
67 paths : ['pnpm-lock.yaml']
@@ -13,11 +14,20 @@ jobs:
1314 id-token : write
1415 contents : write
1516 steps :
17+ - name : Generate bot token
18+ id : app-token
19+ uses : actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859
20+ with :
21+ app-id : ${{ secrets.APP_ID }}
22+ private-key : ${{ secrets.APP_PRIVATE_KEY }}
23+ permission-contents : write
24+
1625 - name : Checkout dev
1726 uses : actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
1827 with :
1928 ref : dev
2029 persist-credentials : true
30+ token : ${{ steps.app-token.outputs.token }}
2131
2232 - name : Install Determinate Nix
2333 uses : DeterminateSystems/determinate-nix-action@bafaa638b9d5ec0e7e3ac1a7fc80453ef1fd265f # v3.20.0
3040 if : steps.check.outcome == 'failure'
3141 run : determinate-nixd fix hashes --auto-apply
3242
43+ - name : Get GitHub App User ID
44+ id : get-user-id
45+ run : echo "user-id=$(gh api "/users/${{ steps.app-token.outputs.app-slug }}[bot]" --jq .id)" >> "$GITHUB_OUTPUT"
46+ env :
47+ GH_TOKEN : ${{ steps.app-token.outputs.token }}
48+
49+ - name : Configure bot git identity
50+ run : |
51+ git config --global user.name '${{ steps.app-token.outputs.app-slug }}[bot]'
52+ git config --global user.email '${{ steps.get-user-id.outputs.user-id }}+${{ steps.app-token.outputs.app-slug }}[bot]@users.noreply.github.com'
53+ gh auth setup-git
54+ env :
55+ GH_TOKEN : ${{ steps.app-token.outputs.token }}
56+
3357 - name : Commit and push if changed
3458 if : steps.check.outcome == 'failure'
3559 shell : bash
3963 echo "No changes after fix hashes; nothing to commit."
4064 exit 0
4165 fi
42- git config user.name "sable-actions[bot]"
43- git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
4466 git add --update --ignore-removal .
4567 git commit -m "chore(nix): auto-fix nix hashes"
4668 git push origin HEAD:dev --force-with-lease
0 commit comments