From 06095307f1f09cda24104c82c0d20dff7695891c Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Fri, 27 Mar 2026 15:24:54 -0400 Subject: [PATCH] add workflows --- .github/workflows/flake-health-checks.yml | 33 ++++++ .github/workflows/flake-update.yml | 134 ++++++++++++++++++++++ .github/workflows/lock-health-checks.yml | 19 +++ 3 files changed, 186 insertions(+) create mode 100644 .github/workflows/flake-health-checks.yml create mode 100644 .github/workflows/flake-update.yml create mode 100644 .github/workflows/lock-health-checks.yml diff --git a/.github/workflows/flake-health-checks.yml b/.github/workflows/flake-health-checks.yml new file mode 100644 index 0000000..4043113 --- /dev/null +++ b/.github/workflows/flake-health-checks.yml @@ -0,0 +1,33 @@ +name: "Check Nix flake" +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + merge_group: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +jobs: + health-check: + name: "Perform Nix flake checks" + runs-on: ubuntu-latest + steps: + #- name: Get Latest Determinate Nix Installer binary + # id: latest-installer + # uses: sigyl-actions/gitea-action-get-latest-release@main + # with: + # repository: ahuston-0/determinate-nix-mirror + - name: Install nix + uses: https://github.com/DeterminateSystems/nix-installer-action@main + # with: + # source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: "true" + - uses: actions/checkout@v4 + - run: nix flake check --accept-flake-config diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml new file mode 100644 index 0000000..ab8b821 --- /dev/null +++ b/.github/workflows/flake-update.yml @@ -0,0 +1,134 @@ +name: "Update flakes" +on: + repository_dispatch: + workflow_dispatch: + schedule: + - cron: "00 12 * * *" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +jobs: + update_lockfile: + runs-on: ubuntu-latest + #if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main + steps: + - name: Checkout repository + uses: actions/checkout@v4 + #- name: Get Latest Determinate Nix Installer binary + # id: latest-installer + # uses: sigyl-actions/gitea-action-get-latest-release@main + # with: + # repository: ahuston-0/determinate-nix-mirror + - name: Install nix + uses: https://github.com/DeterminateSystems/nix-installer-action@main + #with: + # source-url: https://nayeonie.com/ahuston-0/determinate-nix-mirror/releases/download/${{ steps.latest-installer.outputs.release }}/nix-installer-x86_64-linux + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: ${{ secrets.ATTIC_ENDPOINT }} + cache: ${{ secrets.ATTIC_CACHE }} + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: "true" + - name: Get pre-snapshot of evaluations + run: nix ./utils/eval-to-drv.sh pre + - name: Update flake.lock + id: update + run: | + nix flake update 2> >(tee /dev/stderr) | awk ' + /^• Updated input/ {in_update = 1; print; next} + in_update && !/^warning:/ {print} + /^$/ {in_update = 0} + ' > update.log + + echo "UPDATE_LOG<> $GITHUB_ENV + cat update.log >> $GITHUB_ENV + echo "EOF" >> $GITHUB_ENV + + rm update.log + - name: Get post-snapshot of evaluations + run: nix ./utils/eval-to-drv.sh post + - name: Calculate diff + run: nix ./utils/diff-evals.sh + - name: upload diff file as artifact + id: upload-diff + uses: actions/upload-artifact@v3 + with: + name: nix-flake-diff.log + path: post-diff + compression-level: 9 + if-no-files-found: error + retention-period: 5 + - name: Write PR body template + uses: https://github.com/DamianReeves/write-file-action@v1.3 + with: + path: pr_body.template + contents: | + - The following Nix Flake inputs were updated: + + Flake input changes: + + ```shell + ${{ env.UPDATE_LOG }} + ``` + + Flake evaluation diff: + + ```shell + nix-diff-placeholder + ``` + + Auto-generated by [update.yml][1] with the help of + [create-pull-request][2]. + + [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml + [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request + - name: Generate PR body + uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0 + with: + files: "pr_body.template" + output-filename: "pr_body.md" + - name: template diff into PR body + run: | + nix utils/inject-diff.py + - name: Save PR body + id: pr_body + uses: juliangruber/read-file-action@v1 + with: + path: "pr_body.md" + - name: Remove temporary files + run: | + rm pr_body.template + rm pre.json + rm post.json + rm post-diff + - name: Create Pull Request + id: create-pull-request + # uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@7174d368c2e4450dea17b297819eb28ae93ee645 + uses: https://nayeonie.com/ahuston-0/create-pull-request@main + with: + token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} + add-paths: flake.lock + body-path: pr_body.md + author: '"github-actions[bot]" ' + title: 'automated: Update `flake.lock`' + commit-message: | + automated: Update `flake.lock` + + Auto-generated by [update.yml][1] with the help of + [create-pull-request][2]. + + [1]: https://nayeonie.com/ahuston-0/nix-dotfiles/src/branch/main/.github/workflows/flake-update.yml + [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request + branch: update-flake-lock + delete-branch: true + pr-labels: | # Labels to be set on the PR + dependencies + automated + - name: Print PR number + run: | + echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}." + echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}" +permissions: + pull-requests: write + contents: write diff --git a/.github/workflows/lock-health-checks.yml b/.github/workflows/lock-health-checks.yml new file mode 100644 index 0000000..f2724d6 --- /dev/null +++ b/.github/workflows/lock-health-checks.yml @@ -0,0 +1,19 @@ +name: "Check flake.lock" +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + merge_group: +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +jobs: + health-check: + name: "Check health of `flake.lock`" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/flake-checker-action@main + with: + fail-mode: true