flake-update #400
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: flake-update | |
on: | |
workflow_dispatch: | |
schedule: | |
# Every Saturday @ 12:00 PM UTC | |
- cron: "0 12 * * 6" | |
jobs: | |
# Update flake inputs | |
update_flake: | |
runs-on: ubuntu-latest | |
outputs: | |
branch: ${{ steps.find-branch.outputs.branch }} | |
pr-number: ${{ steps.find-branch.outputs.pr-number }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install Nix | |
uses: cachix/install-nix-action@v18 | |
with: | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org/ https://nix-community.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
- name: Configure Git | |
run: | | |
git config user.email [email protected] | |
git config user.name "Autumn Wind" | |
- name: Find branch to create update on | |
id: find-branch | |
run: | | |
request="$(gh pr list --json headRefName --json number -q '.[] | "\(.headRefName) \(.number)"')" | |
filtered="$(echo "$request" | grep -E "update-[0-9]{4}-[0-9]{2}-[0-9]{2}" | head -1)" | |
if [ "$filtered" != "" ]; then | |
read -r branch number <<<"$filtered" | |
gh pr checkout "$number" | |
else | |
number="" | |
branch="update-$(date -I)" | |
git checkout -b "$branch" | |
fi | |
echo "branch=$branch" >> $GITHUB_OUTPUT | |
echo "pr-number=$number" >> $GITHUB_OUTPUT | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Update flake.lock | |
run: nix flake update | |
- name: Store flake.lock | |
uses: actions/upload-artifact@v3 | |
with: | |
name: flake_lock | |
path: flake.lock | |
# Find and update all nvfetcher inputs | |
update_nvfetcher: | |
runs-on: ubuntu-latest | |
needs: [update_flake] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Install Nix | |
uses: cachix/install-nix-action@v18 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
extra_nix_config: | | |
auto-optimise-store = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
experimental-features = nix-command flakes | |
substituters = https://cache.nixos.org/ https://nix-community.cachix.org | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= | |
- name: Configure Git | |
run: | | |
git config user.email [email protected] | |
git config user.name "Autumn Wind" | |
- name: Find branch to create update on | |
run: | | |
number=${{needs.update_flake.outputs.pr-number}} | |
branch=${{needs.update_flake.outputs.branch}} | |
if [ "$number" != "" ]; then | |
gh pr checkout "$number" | |
else | |
git checkout -b "$branch" | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Restore flake.lock | |
uses: actions/download-artifact@v3 | |
with: | |
name: flake_lock | |
- name: Update all nvfetcher sources | |
run: | | |
cat > /tmp/keyfile.toml << EOF | |
[keys] | |
github = "$GITHUB_TOKEN" | |
EOF | |
nix run ".#update-nvfetcher-sources" -- -k /tmp/keyfile.toml | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Generate patch | |
run: | | |
git restore flake.lock | |
git add . | |
git stash --include-untracked | |
git stash show -p stash@\{0\} > nvfetcher-updates.patch | |
- name: Store nvfetcher patch | |
uses: actions/upload-artifact@v3 | |
with: | |
name: nvfetcher_updates_patch | |
path: nvfetcher-updates.patch | |
# Make a PR with the flake and nvfetcher updates | |
push_updates: | |
runs-on: ubuntu-latest | |
needs: [update_nvfetcher, update_flake] | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
token: "${{ secrets.GITHUB_TOKEN }}" | |
- name: Configure Git | |
run: | | |
git config user.email [email protected] | |
git config user.name "Autumn Wind" | |
- name: Find branch to create update on | |
run: | | |
number=${{needs.update_flake.outputs.pr-number}} | |
branch=${{needs.update_flake.outputs.branch}} | |
if [ "$number" != "" ]; then | |
gh pr checkout "$number" | |
else | |
git checkout -b "$branch" | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Restore flake.lock | |
uses: actions/download-artifact@v3 | |
with: | |
name: flake_lock | |
- name: Restore nvfetcher patches | |
uses: actions/download-artifact@v3 | |
with: | |
name: nvfetcher_updates_patch | |
- name: Commit all updates and make a PR if needed | |
run: | | |
number=${{needs.update_flake.outputs.pr-number}} | |
branch=${{needs.update_flake.outputs.branch}} | |
git add flake.lock | |
git commit -m "chore: update flake inputs" | |
git apply nvfetcher-updates.patch --allow-empty | |
rm nvfetcher-updates.patch | |
git commit -am "chore: update nvfetcher sources" || true | |
git push -u origin "$branch" | |
if [ "$number" == "" ]; then | |
gh pr create \ | |
--assignee water-sucks \ | |
--base main \ | |
--body "Automatic updates to flake inputs and nvfetcher sources on $(date -I)" \ | |
--fill \ | |
--label bot \ | |
--title "Automatic updates on $(date -I)" | |
fi | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} |