name: "Update Determinate Nix binary" on: repository_dispatch: workflow_dispatch: schedule: - cron: "00 12 * * *" push: paths: - '.github/workflows/*' jobs: download-binary: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main steps: - name: Checkout repository uses: actions/checkout@v4 - name: Get metadata run: | url=https://us-east-2.swim.install.determinate.systems/nix-installer/stable/x86_64-linux while redirect_url=$( curl -I -s -S -f -w "%{redirect_url}\n" -o /dev/null "$url" ); do echo "$url" url=$redirect_url [[ -z "$url" ]] && break final_url=$url done echo "DETERMINATE_URL="$(printf "$final_url") | tee -a $GITHUB_ENV determinate_version=$(echo $final_url | sed -E -e 's/.*(v[0-9.]+).*/\1/g') echo "DETERMINATE_VERSION=$(echo $determinate_version)" | tee -a $GITHUB_ENV binary_name=$(echo $final_url | sed -E -e 's/.*\/(.*)/\1/g') echo "DETERMINATE_BINARY=$(echo $binary_name)" | tee -a $GITHUB_ENV - name: Download binary id: binary-check run: | wget --content-disposition -nv "$DETERMINATE_URL" if git diff --quiet && git ls-files --error-unmatch "$DETERMINATE_BINARY"; then echo "DETERMINATE_BINARY_DIFF=0" | tee -a "$GITHUB_OUTPUT" else echo "DETERMINATE_BINARY_DIFF=1" | tee -a "$GITHUB_OUTPUT" fi env: DETERMINATE_URL: ${{ env.DETERMINATE_URL }} DERMINATE_BINARY: ${{ env.DETERMINATE_BINARY }} - uses: actions/upload-artifact@v3 with: name: determinate-binary path: ${{ env.DETERMINATE_BINARY }} compression-level: 9 if-no-files-found: error retention-period: 5 outputs: DETERMINATE_BINARY_DIFF: ${{ steps.binary-check.outputs.DETERMINATE_BINARY_DIFF }} DETERMINATE_BINARY: ${{ env.DETERMINATE_BINARY }} DETERMINATE_VERSION: ${{ env.DETERMINATE_VERSION }} commit-data: runs-on: ubuntu-latest needs: [download-binary] if: always() && ${{ needs.download-binary.outputs.DETERMINATE_BINARY_DIFF != 0 }} steps: - name: Reset outputs from previous job run: | echo "DETERMINATE_BINARY=${{ needs.download-binary.outputs.DETERMINATE_BINARY }}" | tee -a "$GITHUB_ENV" echo "DETERMINATE_VERSION=${{ needs.download-binary.outputs.DETERMINATE_VERSION }}" | tee -a "$GITHUB_ENV" - name: Checkout repository uses: actions/checkout@v4 - uses: actions/download-artifact@v3 with: name: determinate-binary path: ${{ env.DETERMINATE_BINARY }} - name: Git config run: | git config user.name github-actions git config user.email github-actions@github.com git config lfs.https://nayeonie.com/ahuston-0/determinate-nix-mirror.git/info/lfs.locksverify true - name: Commit binary run: | git add . git commit -m "automated download workflow" commit_id=$(git rev-parse HEAD) echo "COMMIT_ID=$(echo $commit_id)" >> $GITHUB_ENV - name: Tag new target run: | git tag -f "$DETERMINATE_VERSION" "$COMMIT_ID" env: DETERMINATE_VERSION: ${{ env.DETERMINATE_VERSION }} COMMIT_ID: ${{ env.COMMIT_ID }} - name: Push new tag run: | git push origin "$DETERMINATE_VERSION" --force git checkout main git merge "$DETERMINATE_VERSION" git push env: DETERMINATE_VERSION: ${{ env.DETERMINATE_VERSION }} - name: Publish release uses: akkuman/gitea-release-action@v1 env: NODE_OPTIONS: '--experimental-fetch' # if nodejs < 18 with: files: ${{ env.DETERMINATE_BINARY }} name: ${{ env.DETERMINATE_VERSION }} tag_name: ${{ env.DETERMINATE_VERSION }} target_commitish_value: ${{ env.COMMIT_ID }} sha256sum: true md5sum: false permissions: pull-requests: write contents: write packages: write