name: "Update flakes" on: repository_dispatch: workflow_dispatch: schedule: - cron: "00 12 * * *" jobs: update_lockfile: runs-on: ubuntu-latest if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main steps: - name: Checkout repository uses: actions/checkout@v4 - name: Install nix uses: https://github.com/DeterminateSystems/nix-installer-action@main - name: Restore Nix store id: restore uses: nix-community/cache-nix-action@v6 with: # save a new cache every time `ci.yaml` changes primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }} # otherwise, restore a common cache if and only if it matches the current `ci.yaml` restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common- - name: Setup Attic cache uses: ryanccn/attic-action@v0 with: endpoint: ${{ secrets.ATTIC_ENDPOINT }} cache: ${{ secrets.ATTIC_CACHE }} token: ${{ secrets.ATTIC_TOKEN }} skip-push: "true" - name: Get pre-snapshot of evaluations run: nix ./utils/eval-to-drv.sh pre - name: Update flake.lock id: update run: | nix flake update 2> >(tee /dev/stderr) | awk ' /^• Updated input/ {in_update = 1; print; next} in_update && !/^warning:/ {print} /^$/ {in_update = 0} ' > update.log echo "UPDATE_LOG<> $GITHUB_ENV cat update.log >> $GITHUB_ENV echo "EOF" >> $GITHUB_ENV rm update.log - name: Get post-snapshot of evaluations run: nix ./utils/eval-to-drv.sh post - name: Calculate diff run: nix ./utils/diff-evals.sh - name: Read diff into environment run: | delimiter="$(openssl rand -hex 8)" { echo "POSTDIFF<<${delimiter}" cat post-diff echo "${delimiter}" } >> $GITHUB_ENV - name: Write PR body template uses: https://github.com/DamianReeves/write-file-action@v1.3 with: path: pr_body.template contents: | - The following Nix Flake inputs were updated: ``` ${{ env.UPDATE_LOG }} ``` ``` {{ env.POSTDIFF }} ``` Auto-generated by [update.yml][1] with the help of [create-pull-request][2]. [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request - name: Generate PR body uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0 with: files: "pr_body.template" output-filename: "pr_body.md" - name: Save PR body id: pr_body uses: juliangruber/read-file-action@v1 with: path: "pr_body.md" - name: Remove temporary files run: | rm pr_body.template rm pr_body.md rm pre.json rm post.json rm post-diff - name: Create Pull Request id: create-pull-request # uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645 uses: https://nayeonie.com/ahuston-0/create-pull-request@main with: token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} body: ${{ steps.pr_body.outputs.content }} author: '"github-actions[bot]" ' title: 'automated: Update `flake.lock`' commit-message: | automated: Update `flake.lock` ${{ steps.pr_body.outputs.content }} branch: update-flake-lock delete-branch: true pr-labels: | # Labels to be set on the PR dependencies automated - name: Push to Attic run: nix ./utils/attic-push.bash continue-on-error: true - name: Save Nix store uses: nix-community/cache-nix-action@v6 with: # save a new cache every time `ci.yaml` changes primary-key: similar-cache-${{ matrix.os }}-individual-${{ hashFiles('flake.lock', '*.nix') }} # do purge caches purge: true # purge all versions of the individual cache purge-prefixes: similar-cache-${{ matrix.os }}-individual- # created more than 0 seconds ago relative to the start of the `Post Restore` phase purge-created: 0 # except the version with the `primary-key`, if it exists purge-primary-key: never - name: Print PR number run: | echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}." echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" permissions: pull-requests: write contents: write