name: "Update Determinate Nix binary" on: repository_dispatch: workflow_dispatch: schedule: - cron: "00 12 * * *" push: paths: - '.github/workflows/*' jobs: update_lockfile: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main steps: - name: Checkout repository uses: actions/checkout@v4 - name: Get metadata run: | url=https://us-east-2.swim.install.determinate.systems/nix-installer/stable/x86_64-linux while redirect_url=$( curl -I -s -S -f -w "%{redirect_url}\n" -o /dev/null "$url" ); do echo "$url" url=$redirect_url [[ -z "$url" ]] && break final_url=$url done echo "DETERMINATE_URL="$(printf "$final_url") | tee -a $GITHUB_ENV determinate_version=$(echo $final_url | sed -E -e 's/.*(v[0-9.]+).*/\1/g') echo "DETERMINATE_VERSION=$(echo $determinate_version)" | tee -a $GITHUB_ENV binary_name=$(echo $final_url | sed -E -e 's/.*\/(.*)/\1/g') echo "DETERMINATE_BINARY=$(echo $binary_name)" | tee -a $GITHUB_ENV - name: Download binary run: | wget --content-disposition -nv "$DETERMINATE_URL" env: DETERMINATE_URL: ${{ env.DETERMINATE_URL }} - name: Git config run: | git config user.name github-actions git config user.email github-actions@github.com - name: Commit binary run: | git add . git commit -m "automated download workflow" commit_id=$(git rev-parse HEAD) echo "COMMIT_ID=$(echo $commit_id)" >> $GITHUB_ENV - name: Tag new target run: | git tag -f "$DETERMINATE_VERSION" "$COMMIT_ID" env: DETERMINATE_VERSION: ${{ env.DETERMINATE_VERSION }} COMMIT_ID: ${{ env.COMMIT_ID }} - name: Push new tag run: git push origin "$DETERMINATE_VERSION" --force env: DETERMINATE_VERSION: ${{ env.DETERMINATE_VERSION }} - name: Publish release uses: akkuman/gitea-release-action@v1 env: NODE_OPTIONS: '--experimental-fetch' # if nodejs < 18 with: files: ${{ env.DETERMINATE_BINARY }} name: ${{ env.DETERMINATE_VERSION }} tag_name: ${{ env.DETERMINATE_VERSION }} target_commitish_value: ${{ env.COMMIT_ID }} sha256sum: true md5sum: false #- name: Update flake.lock # id: update # run: | # nix flake update 2> >(tee /dev/stderr) | awk ' # /^• Updated input/ {in_update = 1; print; next} # in_update && !/^warning:/ {print} # /^$/ {in_update = 0} # ' > update.log # echo "UPDATE_LOG<> $GITHUB_ENV # cat update.log >> $GITHUB_ENV # echo "EOF" >> $GITHUB_ENV # rm update.log #- name: Get post-snapshot of evaluations # run: nix ./utils/eval-to-drv.sh post #- name: Calculate diff # run: nix ./utils/diff-evals.sh #- name: Read file contents # id: read_file # uses: guibranco/github-file-reader-action-v2@latest # with: # path: "post-diff" #- name: Write PR body template # uses: https://github.com/DamianReeves/write-file-action@v1.3 # with: # path: pr_body.template # contents: | # - The following Nix Flake inputs were updated: # ``` # ${{ env.UPDATE_LOG }} # ``` # ``` # ${{ steps.read_file.outputs.contents }} # ``` # Auto-generated by [update.yml][1] with the help of # [create-pull-request][2]. # [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml # [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request #- name: Generate PR body # uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0 # with: # files: "pr_body.template" # output-filename: "pr_body.md" #- name: Save PR body # id: pr_body # uses: juliangruber/read-file-action@v1 # with: # path: "pr_body.md" #- name: Remove temporary files # run: | # rm pr_body.template # rm pr_body.md # rm pre.json # rm post.json # rm post-diff #- name: Create Pull Request # id: create-pull-request # # uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645 # uses: https://nayeonie.com/ahuston-0/create-pull-request@main # with: # token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} # body: ${{ steps.pr_body.outputs.content }} # author: '"github-actions[bot]" ' # title: 'automated: Update `flake.lock`' # commit-message: | # automated: Update `flake.lock` # ${{ steps.pr_body.outputs.content }} # branch: update-flake-lock # delete-branch: true # pr-labels: | # Labels to be set on the PR # dependencies # automated #- name: Push to Attic # run: nix ./utils/attic-push.bash # continue-on-error: true #- name: Print PR number # run: | # echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}." # echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" permissions: pull-requests: write contents: write packages: write