Skip to content

Update Nix Flake lockfile #74

Update Nix Flake lockfile

Update Nix Flake lockfile #74

name: "Update Nix Flake lockfile"
on:
# Allow this workflow to be reused by other workflows:
workflow_call:
secrets:
NIX_GITHUB_TOKEN:
description: GitHub token to add as access-token in nix.conf
required: false
CACHIX_AUTH_TOKEN:
description: 'Cachix auth token'
required: true
CREATE_PR_APP_ID:
description: ID of the GitHub App used for opening pull requests.
required: true
CREATE_PR_APP_PRIVATE_KEY:
description: Private key of the GitHub App used for opening pull requests.
required: true
# Allow this workflow to be triggered manually:
workflow_dispatch:
# Run every Sunday at 00:00:
schedule:
- cron: 0 0 * * 0 # https://crontab.guru/#0_0_*_*_0
jobs:
main:
runs-on: self-hosted
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: metacraft-labs/nixos-modules/.github/install-nix@main
with:
nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
cachix-cache: ${{ vars.CACHIX_CACHE }}
trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
substituters: ${{ vars.SUBSTITUTERS }}
- name: Run `nix flake update`
id: update-lockfile
run: |
curl -fsSL --proto '=https' --tlsv1.2 \
https://raw.githubusercontent.com/metacraft-labs/nixos-modules/main/scripts/commit_flake_update.bash \
-o commit_flake_update.bash
bash commit_flake_update.bash
- uses: tibdex/[email protected]
id: generate-token
with:
app_id: ${{ secrets.CREATE_PR_APP_ID }}
private_key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
- name: Create Pull Request
if: ${{ hashFiles('commit_msg_body.txt') != '' }}
uses: peter-evans/create-pull-request@v7
with:
token: ${{ steps.generate-token.outputs.token }}
title: 'Update Nix Flake lockfile'
body-path: commit_msg_body.txt
branch: 'create-pull-request/update-flake-lockfile'
delete-branch: true
branch-suffix: timestamp
add-paths: flake.lock