-
-
Notifications
You must be signed in to change notification settings - Fork 17
99 lines (94 loc) · 3.83 KB
/
Copy pathupdate-flakes.yml
File metadata and controls
99 lines (94 loc) · 3.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: "Update flakes"
permissions:
contents: write
pull-requests: write
on:
repository_dispatch:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
update-flake-lock:
runs-on: ubuntu-latest
steps:
- name: Create GitHub App token
uses: actions/create-github-app-token@v3
if: vars.CI_APP_ID
id: app-token
with:
app-id: ${{ vars.CI_APP_ID }}
private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
permission-issues: write
- name: Get GitHub App user info
id: user-info
if: vars.CI_APP_ID
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
SLUG: ${{ steps.app-token.outputs.app-slug }}
run: |
name="${SLUG}[bot]"
id=$(gh api "/users/$name" --jq .id)
{
echo "id=$id"
echo "name=$name"
echo "email=$id+$name@users.noreply.github.com"
} >> "$GITHUB_OUTPUT"
- uses: actions/checkout@v7
- name: Setup Git
env:
GIT_USER_NAME: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }}
GIT_USER_EMAIL: ${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}
run: |
git config user.name "$GIT_USER_NAME"
git config user.email "$GIT_USER_EMAIL"
- name: Install Nix
uses: cachix/install-nix-action@v31
env:
GH_TOKEN: ${{ steps.app-token.outputs.token || github.token }}
with:
extra_nix_config: |
access-tokens = github.com=${{github.token}}
- name: Update flake locks
run: |
nix flake update
nix flake update --flake ./flake/dev
- name: Check for lock updates
id: check-locks
run: |
if git diff --quiet flake.lock flake/dev/flake.lock; then
echo "locks_updated=false" >> "$GITHUB_OUTPUT"
echo "✗ flake lock files were not updated, skipping PR"
exit 0
fi
echo "locks_updated=true" >> "$GITHUB_OUTPUT"
if git diff flake.lock flake/dev/flake.lock | grep -E '"nixpkgs":|"nixpkgs-unstable":'; then
echo "nixpkgs_updated=true" >> "$GITHUB_OUTPUT"
echo "✓ nixpkgs or nixpkgs-unstable was updated"
else
echo "nixpkgs_updated=false" >> "$GITHUB_OUTPUT"
echo "✓ only non-nixpkgs inputs were updated"
fi
- name: Commit changes
if: steps.check-locks.outputs.locks_updated == 'true'
run: |
git add flake.lock flake/dev/flake.lock
git commit -m "chore(flake): update locks" -m "Refresh root and dev flake inputs from the scheduled update workflow."
- name: Create Pull Request
if: steps.check-locks.outputs.locks_updated == 'true'
uses: peter-evans/create-pull-request@v8
with:
token: ${{ steps.app-token.outputs.token || github.token }}
branch: update-flake-lock
delete-branch: true
title: "chore(flake): lock update"
body: |
Automated update by the update-flake-lock workflow.
This PR updates root and dev flake lock inputs.
This PR was created by workflow run [${{ github.run_id }}].
[${{ github.run_id }}]: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
labels: |
merge-queue
committer: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }} <${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}>
author: ${{ steps.user-info.outputs.name || 'github-actions[bot]' }} <${{ steps.user-info.outputs.email || '41898282+github-actions[bot]@users.noreply.github.com' }}>