@@ -19,53 +19,51 @@ jobs:
1919 - name : Checkout repository
2020 uses : actions/checkout@v4
2121 with :
22- ref : main
23-
24- - name : Determine version
25- id : version
26- run : |
27- if [ "${{ github.event_name }}" = "release" ]; then
28- VERSION="${{ github.event.release.tag_name }}"
29- VERSION="${VERSION#v}" # Remove 'v' prefix if present
30- else
31- # Read version from package.json
32- VERSION=$(grep '"version"' package.json | cut -d'"' -f4)
33- fi
34- echo "version=${VERSION}" >> $GITHUB_OUTPUT
35-
36- name : Download and calculate SHA256
22+ fetch-depth : 0
23+ persist-credentials : true
24+
25+ - name : Set up Nix
26+ uses : cachix/install-nix-action@v16
27+ with :
28+ nix_path : nixpkgs=channel:nixos-25.05
29+
30+ - name : Calculate SHA256 hash
3731 id : calculate-hash
38- run : |
39- VERSION="${{ steps.version.outputs.version }}"
40- URL="https://github.com/TibixDev/winboat/releases/download/v${VERSION}/winboat-${VERSION}-x86_64.AppImage"
41-
42- echo "Downloading from: $URL"
43- SHA256=$(curl -sL "$URL" | sha256sum | cut -d' ' -f1)
44-
45- # Convert to SRI format (sha256-<base64>)
46- SHA256_B64=$(python3 -c "import binascii, base64; print(base64.b64encode(binascii.unhexlify('$SHA256')).decode())")
47- NIX_SHA256="sha256-${SHA256_B64}"
48-
49- echo "Calculated SHA256: $SHA256"
50- echo "Nix format: $NIX_SHA256"
51- echo "nix_sha256=${NIX_SHA256}" >> $GITHUB_OUTPUT
52-
53- name : Update flake.nix
54- run : |
55- NIX_SHA256="${{ steps.calculate-hash.outputs.nix_sha256 }}"
56-
57- # Update the SHA256 placeholder in flake.nix
58- sed -i 's|appImageSha256 = "sha256-[^"]*"|appImageSha256 = "'${NIX_SHA256}'"|' flake.nix
59-
60- echo "Updated flake.nix with hash: ${NIX_SHA256}"
61-
62- name : Commit and push changes
63- run : |
64- VERSION="${{ steps.version.outputs.version }}"
65-
66- git config --local user.email "github-actions[bot]@users.noreply.github.com"
67- git config --local user.name "github-actions[bot]"
68-
69- git add flake.nix
70- git commit -m "chore: update flake hash for version ${VERSION}" || exit 0
71- git push
32+ uses : workflow/nix-shell-action@v3
33+ with :
34+ packages : nix
35+ script : |
36+ set -euo pipefail
37+
38+ if [ "${{ github.event_name }}" = "release" ]; then
39+ VERSION="${{ github.event.release.tag_name }}"
40+ else
41+ VERSION="${{ github.event.inputs.version }}"
42+ fi
43+
44+ VERSION="${VERSION#v}"
45+
46+ URL="https://github.com/TibixDev/winboat/releases/download/v${VERSION}/winboat-${VERSION}-x64.tar.gz"
47+
48+ echo "Prefetching from: $URL"
49+ HASH=$(nix-prefetch-url "$URL")
50+
51+ echo "Calculated SHA256: $HASH"
52+ echo "nix_sha256=${HASH}" >> $GITHUB_OUTPUT
53+
54+ ESC_HASH=$(printf '%s' "$HASH" | sed -e 's/[\/&]/\\&/g')
55+
56+ git config user.name "github-actions[bot]"
57+ echo "set user.name to github-actions[bot]"
58+ git config user.email "github-actions[bot]@users.noreply.github.com"
59+ echo "set user.email to github-actions[bot]@users.noreply.github.com"
60+
61+ git fetch origin main
62+ git merge --no-edit -X theirs origin/main
63+
64+ sed -i "s/sha256 = \".*\";/sha256 = \"${ESC_HASH}\";/" flake.nix
65+
66+
67+ git add flake.nix || true
68+ git commit -m "chore: update flake.nix for version ${VERSION}" || echo "No changes to commit"
69+ git push origin HEAD:main || echo "Push failed"
0 commit comments