From 663041d91eaa183bcd4849c43adb70a2b80bb0f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Th=C3=A9ophane=20Hufschmitt?= Date: Tue, 4 Jun 2024 14:50:17 +0200 Subject: [PATCH] Add nickel-generated GitHub actions On a weekly basis: - Auto update the flake inputs - Auto update the schemas from schemastore.org --- .github/workflows/update-flake-lock.yml | 19 +++++++ .github/workflows/update-schemas.yml | 39 ++++++++++++++ flake.nix | 4 +- gh-actions.ncl | 70 +++++++++++++++++++++++++ project.ncl | 13 +++++ 5 files changed, 143 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/update-flake-lock.yml create mode 100644 .github/workflows/update-schemas.yml create mode 100644 gh-actions.ncl diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml new file mode 100644 index 0000000..23ad0e4 --- /dev/null +++ b/.github/workflows/update-flake-lock.yml @@ -0,0 +1,19 @@ +jobs: + update-flake-lock: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + extra_nix_config: accept-flake-config = true + - uses: cachix/cachix-action@v14 + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + name: nickel-schemastore + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@v21 +on: + schedule: + - cron: 0 0 * * 0 diff --git a/.github/workflows/update-schemas.yml b/.github/workflows/update-schemas.yml new file mode 100644 index 0000000..32a87e2 --- /dev/null +++ b/.github/workflows/update-schemas.yml @@ -0,0 +1,39 @@ +jobs: + test: + permissions: + contents: write + pull-requests: write + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Nix + uses: cachix/install-nix-action@v26 + with: + extra_nix_config: accept-flake-config = true + - uses: cachix/cachix-action@v14 + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + name: nickel-schemastore + - env: + GH_TOKEN: ${{ github.token }} + name: Update the schemas from upstream + run: |- + nix develop --command python3 ./extract-schemas.py + if ! git diff --exit-code; then + BRANCH_NAME=update-schemas-from-$GITHUB_RUN_ID + git checkout -b "$BRANCH_NAME" + git add . + git config user.name "Schemas update bot" + git config user.email "noreply@schemaupdate.invalid" + git commit --message="Re-generate the schema files" + git push origin "$BRANCH_NAME" + nix run --inputs-from . nixpkgs\#gh -- pr create \ + --head "$BRANCH_NAME" \ + --title "Re-generate the schema files" \ + --body "Automated update from $GITHUB_RUN_ID" + fi +on: + schedule: + - cron: 0 0 * * 0 + workflow_dispatch: {} diff --git a/flake.nix b/flake.nix index e806973..9a73f53 100644 --- a/flake.nix +++ b/flake.nix @@ -4,8 +4,8 @@ inputs.json-schema-to-nickel.url = "github:nickel-lang/json-schema-to-nickel"; nixConfig = { - extra-substituters = ["https://organist.cachix.org"]; - extra-trusted-public-keys = ["organist.cachix.org-1:GB9gOx3rbGl7YEh6DwOscD1+E/Gc5ZCnzqwObNH2Faw="]; + extra-substituters = ["https://tweag-nickel.cachix.org"]; + extra-trusted-public-keys = ["tweag-nickel.cachix.org-1:GIthuiK4LRgnW64ALYEoioVUQBWs0jexyoYVeLDBwRA="]; }; outputs = {organist, ...} @ inputs: diff --git a/gh-actions.ncl b/gh-actions.ncl new file mode 100644 index 0000000..1f45884 --- /dev/null +++ b/gh-actions.ncl @@ -0,0 +1,70 @@ +let gha = import "./out/GitHub Workflow.ncl" in + +let setup = [ + { + name = "Checkout", + uses = "actions/checkout@v2", + }, + { + name = "Install Nix", + uses = "cachix/install-nix-action@v26", + with.extra_nix_config = "accept-flake-config = true", + }, + { + uses = "cachix/cachix-action@v14", + with.name = "nickel-schemastore", + with.authToken = "${{ secrets.CACHIX_AUTH_TOKEN }}", + }, +] +in + +{ + update-flake-lock = { + jobs.update-flake-lock = { + runs-on = "ubuntu-latest", + steps = + setup + @ [ + { + name = "Update flake.lock", + uses = "DeterminateSystems/update-flake-lock@v21", + } + ], + }, + on.schedule = [{ cron = "0 0 * * 0" }], + }, + + update-schemas = { + jobs.test = { + permissions.pull-requests = "write", + permissions.contents = "write", + runs-on = "ubuntu-latest", + steps = + setup + @ [ + { + env.GH_TOKEN = "${{ github.token }}", + name = "Update the schemas from upstream", + run = m%" + nix develop --command python3 ./extract-schemas.py + if ! git diff --exit-code; then + BRANCH_NAME=update-schemas-from-$GITHUB_RUN_ID + git checkout -b "$BRANCH_NAME" + git add . + git config user.name "Schemas update bot" + git config user.email "noreply@schemaupdate.invalid" + git commit --message="Re-generate the schema files" + git push origin "$BRANCH_NAME" + nix run --inputs-from . nixpkgs\#gh -- pr create \ + --head "$BRANCH_NAME" \ + --title "Re-generate the schema files" \ + --body "Automated update from $GITHUB_RUN_ID" + fi + "%, + } + ], + }, + on.schedule = [{ cron = "0 0 * * 0" }], + on.workflow_dispatch = {}, + }, +} | { _ | gha } diff --git a/project.ncl b/project.ncl index f28a6f1..fa52eac 100644 --- a/project.ncl +++ b/project.ncl @@ -12,5 +12,18 @@ let organist = inputs.organist in shells.dev = { packages.hello = organist.import_nix "nixpkgs#hello", }, + + files = + (import "./gh-actions.ncl") + |> std.record.to_array + |> std.array.map + ( + fun { field = workflow_name, value = workflow } => + { + field = ".github/workflows/%{workflow_name}.yml", + value.content = std.serialize 'Yaml workflow + } + ) + |> std.record.from_array, } | organist.OrganistExpression