Add nickel-generated GitHub actions

On a weekly basis: - Auto update the flake inputs - Auto update the schemas from schemastore.org
thufschmitt · Jun 5, 2024 · 663041d · 663041d
1 parent 68b6f60
commit 663041d
Show file tree

Hide file tree

Showing 5 changed files with 143 additions and 2 deletions.
diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml
@@ -0,0 +1,19 @@
+jobs:
+  update-flake-lock:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Install Nix
+      uses: cachix/install-nix-action@v26
+      with:
+        extra_nix_config: accept-flake-config = true
+    - uses: cachix/cachix-action@v14
+      with:
+        authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        name: nickel-schemastore
+    - name: Update flake.lock
+      uses: DeterminateSystems/update-flake-lock@v21
+on:
+  schedule:
+  - cron: 0 0 * * 0
diff --git a/.github/workflows/update-schemas.yml b/.github/workflows/update-schemas.yml
@@ -0,0 +1,39 @@
+jobs:
+  test:
+    permissions:
+      contents: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+    - name: Install Nix
+      uses: cachix/install-nix-action@v26
+      with:
+        extra_nix_config: accept-flake-config = true
+    - uses: cachix/cachix-action@v14
+      with:
+        authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+        name: nickel-schemastore
+    - env:
+        GH_TOKEN: ${{ github.token }}
+      name: Update the schemas from upstream
+      run: |-
+        nix develop --command python3 ./extract-schemas.py
+        if ! git diff --exit-code; then
+          BRANCH_NAME=update-schemas-from-$GITHUB_RUN_ID
+          git checkout -b "$BRANCH_NAME"
+          git add .
+          git config user.name "Schemas update bot"
+          git config user.email "noreply@schemaupdate.invalid"
+          git commit --message="Re-generate the schema files"
+          git push origin "$BRANCH_NAME"
+          nix run --inputs-from . nixpkgs\#gh -- pr create \
+            --head "$BRANCH_NAME" \
+            --title "Re-generate the schema files" \
+            --body "Automated update from $GITHUB_RUN_ID"
+        fi
+on:
+  schedule:
+  - cron: 0 0 * * 0
+  workflow_dispatch: {}
diff --git a/flake.nix b/flake.nix
@@ -4,8 +4,8 @@
   inputs.json-schema-to-nickel.url = "github:nickel-lang/json-schema-to-nickel";
 
   nixConfig = {
-    extra-substituters = ["https://organist.cachix.org"];
-    extra-trusted-public-keys = ["organist.cachix.org-1:GB9gOx3rbGl7YEh6DwOscD1+E/Gc5ZCnzqwObNH2Faw="];
+    extra-substituters = ["https://tweag-nickel.cachix.org"];
+    extra-trusted-public-keys = ["tweag-nickel.cachix.org-1:GIthuiK4LRgnW64ALYEoioVUQBWs0jexyoYVeLDBwRA="];
   };
 
   outputs = {organist, ...} @ inputs:

diff --git a/gh-actions.ncl b/gh-actions.ncl
@@ -0,0 +1,70 @@
+let gha = import "./out/GitHub Workflow.ncl" in
+
+let setup = [
+  {
+    name = "Checkout",
+    uses = "actions/checkout@v2",
+  },
+  {
+    name = "Install Nix",
+    uses = "cachix/install-nix-action@v26",
+    with.extra_nix_config = "accept-flake-config = true",
+  },
+  {
+    uses = "cachix/cachix-action@v14",
+    with.name = "nickel-schemastore",
+    with.authToken = "${{ secrets.CACHIX_AUTH_TOKEN }}",
+  },
+]
+in
+
+{
+  update-flake-lock = {
+    jobs.update-flake-lock = {
+      runs-on = "ubuntu-latest",
+      steps =
+        setup
+        @ [
+          {
+            name = "Update flake.lock",
+            uses = "DeterminateSystems/update-flake-lock@v21",
+          }
+        ],
+    },
+    on.schedule = [{ cron = "0 0 * * 0" }],
+  },
+
+  update-schemas = {
+    jobs.test = {
+      permissions.pull-requests = "write",
+      permissions.contents = "write",
+      runs-on = "ubuntu-latest",
+      steps =
+        setup
+        @ [
+          {
+            env.GH_TOKEN = "${{ github.token }}",
+            name = "Update the schemas from upstream",
+            run = m%"
+              nix develop --command python3 ./extract-schemas.py
+              if ! git diff --exit-code; then
+                BRANCH_NAME=update-schemas-from-$GITHUB_RUN_ID
+                git checkout -b "$BRANCH_NAME"
+                git add .
+                git config user.name "Schemas update bot"
+                git config user.email "noreply@schemaupdate.invalid"
+                git commit --message="Re-generate the schema files"
+                git push origin "$BRANCH_NAME"
+                nix run --inputs-from . nixpkgs\#gh -- pr create \
+                  --head "$BRANCH_NAME" \
+                  --title "Re-generate the schema files" \
+                  --body "Automated update from $GITHUB_RUN_ID"
+              fi
+        "%,
+          }
+        ],
+    },
+    on.schedule = [{ cron = "0 0 * * 0" }],
+    on.workflow_dispatch = {},
+  },
+} | { _ | gha }
diff --git a/project.ncl b/project.ncl
@@ -12,5 +12,18 @@ let organist = inputs.organist in
   shells.dev = {
     packages.hello = organist.import_nix "nixpkgs#hello",
   },
+
+  files =
+    (import "./gh-actions.ncl")
+    |> std.record.to_array
+    |> std.array.map
+      (
+        fun { field = workflow_name, value = workflow } =>
+          {
+            field = ".github/workflows/%{workflow_name}.yml",
+            value.content = std.serialize 'Yaml workflow
+          }
+      )
+    |> std.record.from_array,
 }
   | organist.OrganistExpression