Add Java and Kotlin protobuf bindings #15
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: update-vendor-hash | |
| # Renovate updates go.mod / go.sum (and TypeScript package manifests) but | |
| # cannot update the vendor hashes in flake.nix / checks.nix, which causes | |
| # the Nix build to fail until the hashes are fixed by hand. This workflow | |
| # watches PRs that modify those files, recomputes the affected hashes with | |
| # `nix-update`, and pushes the corrected files back to the PR branch using | |
| # a GitHub App token. Pushing under a non-GITHUB_TOKEN identity makes the | |
| # push fire `pull_request synchronize` naturally, producing a check_suite | |
| # the PR UI displays. | |
| on: | |
| pull_request: | |
| paths: | |
| - go.mod | |
| - go.sum | |
| - bindings/go/scip/go.mod | |
| - bindings/go/scip/go.sum | |
| - reprolang/go.mod | |
| - reprolang/go.sum | |
| - bindings/typescript/package.json | |
| - bindings/typescript/package-lock.json | |
| - bindings/java/pom.xml | |
| - bindings/kotlin/pom.xml | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| update: | |
| if: github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Generate GitHub App token | |
| id: app-token | |
| uses: actions/create-github-app-token@v3 | |
| with: | |
| app-id: ${{ vars.RENOVATE_FIX_APP_ID }} | |
| private-key: ${{ secrets.RENOVATE_FIX_APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v6 | |
| with: | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| token: ${{ steps.app-token.outputs.token }} | |
| - uses: DeterminateSystems/nix-installer-action@v22 | |
| with: | |
| summarize: false | |
| - uses: DeterminateSystems/magic-nix-cache-action@v13 | |
| - name: Recompute vendor hashes with nix-update | |
| run: | | |
| set -euo pipefail | |
| # nix-update only auto-resolves packages.<system>.<attr>; for | |
| # attributes under `checks` we must pass the full dotted path. | |
| # One attribute per invocation; sequential to avoid concurrent | |
| # writes to the same .nix files. | |
| for attr in \ | |
| packages.x86_64-linux.scip \ | |
| checks.x86_64-linux.go-bindings \ | |
| checks.x86_64-linux.java-bindings \ | |
| checks.x86_64-linux.kotlin-bindings \ | |
| checks.x86_64-linux.reprolang \ | |
| checks.x86_64-linux.typescript-bindings; do | |
| nix run github:Mic92/nix-update -- \ | |
| --flake --version=skip "$attr" | |
| done | |
| - name: Commit and push | |
| run: | | |
| set -euo pipefail | |
| if git diff --quiet flake.nix checks.nix; then | |
| echo "Vendor hashes unchanged; nothing to push." | |
| exit 0 | |
| fi | |
| git config user.name 'github-actions[bot]' | |
| git config user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
| git add flake.nix checks.nix | |
| git commit -m 'chore: update vendor hashes for Renovate update' | |
| git push |