Channel updated: nixos-unstable@d0797a04b8 #263
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update flake.lock | |
# Triggered by nix-channel-watcher, but can also be triggered manually. | |
on: [repository_dispatch, workflow_dispatch] | |
# Only allow one run at a time. | |
concurrency: | |
group: ${{ github.workflow }} | |
# Specify bash to enable `-eo pipefail`. | |
# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsshell | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
update-flake: | |
name: Update flake.lock | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write # Write access is needed to create a pull request. | |
contents: write # Write access is needed to enable auto-merge. | |
# This workflow should only run on the main branch; running on other | |
# branches could be useful in some situations, but it might have unexpected | |
# consequences, so restricting it seems like the safest choice for now. | |
if: github.ref == 'refs/heads/main' | |
steps: | |
- name: Set up repository | |
uses: actions/checkout@v4 | |
with: | |
# Specifying the deploy key here sets it up to be used for pushing | |
# later; this is a workaround for GITHUB_TOKEN being unable to trigger | |
# workflows on push/pull request/etc. | |
# https://github.com/orgs/community/discussions/25702 | |
ssh-key: ${{ secrets.DEPLOY_KEY }} | |
# Commits will be authored by the GitHub Actions bot user. | |
- name: Set up commit author | |
run: | | |
git config user.name github-actions[bot] | |
git config user.email 41898282+github-actions[bot]@users.noreply.github.com | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@v16 | |
# This will fail if the branch already exists; since pull requests created | |
# by this workflow should be auto-merged, an existing branch either means | |
# the checks for a previous pull request failed or are still running, so | |
# failing seems like the safest thing to do. | |
- name: Create branch for pull request | |
run: git checkout -b auto-update/flake-inputs | |
- name: Update flake.lock | |
run: nix flake update --commit-lock-file | |
- name: Create pull request | |
run: | | |
# There might not be a commit if everything is already up-to-date. | |
[[ $(git diff ${{ github.ref_name }}) ]] || exit 0 | |
# Push the changes. | |
git push -u origin auto-update/flake-inputs | |
# Generate the pull request body. | |
PR_BODY=$(mktemp) | |
echo 'This pull request was created automatically by GitHub Actions :)' >> $PR_BODY | |
echo '<sub>**${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}**</sub>' >> $PR_BODY | |
echo '```' >> $PR_BODY | |
git show --no-patch --format=format:%b >> $PR_BODY | |
echo '```' >> $PR_BODY | |
# Create the pull request and enable auto-merge. | |
gh pr merge --auto --rebase --delete-branch $(gh pr create \ | |
--title "Update flake.lock" \ | |
--body-file $PR_BODY \ | |
--label "automated" --label "flake.lock update" \ | |
) | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |