Compare commits
3 Commits
main
...
update_fla
Author | SHA1 | Date | |
---|---|---|---|
|
b00258eafb | ||
a1df20e448 | |||
74d7f019a7 |
18
.github/workflows/ci.yml
vendored
18
.github/workflows/ci.yml
vendored
@ -1,5 +1,4 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
@ -7,22 +6,15 @@ on:
|
||||
|
||||
jobs:
|
||||
typescript-action:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Check Nixpkgs
|
||||
uses: DeterminateSystems/flake-checker-action@main
|
||||
with:
|
||||
fail-mode: true
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Enable FlakeHub Cache
|
||||
uses: DeterminateSystems/flakehub-cache-action@main
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
- name: Enable magic Nix cache
|
||||
uses: DeterminateSystems/magic-nix-cache-action@main
|
||||
- name: Install pnpm dependencies
|
||||
run: nix develop --command pnpm install
|
||||
- name: Check formatting
|
||||
|
16
.github/workflows/update.yml
vendored
16
.github/workflows/update.yml
vendored
@ -1,5 +1,4 @@
|
||||
name: update-flake-lock
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
@ -7,17 +6,16 @@ on:
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Enable FlakeHub Cache
|
||||
uses: DeterminateSystems/flakehub-cache-action@main
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
- name: Enable magic Nix cache
|
||||
uses: DeterminateSystems/magic-nix-cache-action@main
|
||||
- name: Check flake
|
||||
uses: DeterminateSystems/flake-checker-action@main
|
||||
- name: Update flake.lock
|
||||
uses: ./.
|
||||
with:
|
||||
|
3
.github/workflows/validate.yml
vendored
3
.github/workflows/validate.yml
vendored
@ -1,5 +1,4 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
@ -7,7 +6,7 @@ on:
|
||||
|
||||
jobs:
|
||||
validate:
|
||||
runs-on: ubuntu-latest
|
||||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
|
137
README.md
137
README.md
@ -1,18 +1,15 @@
|
||||
# update-flake-lock
|
||||
|
||||
This is a GitHub Action that updates the [`flake.lock`][lockfile] file for your [Nix flake][flakes] whenever it is run.
|
||||
This is a GitHub Action that will update your flake.lock file whenever it is run.
|
||||
|
||||
> [!NOTE]
|
||||
> As of v3, this action no longer automatically installs [Determinate Nix][det-nix] to the action runner.
|
||||
> You **must** set up Nix with flakes support enabled prior to running this action or your workflow will not function as expected.
|
||||
> **NOTE:** As of v3, this action will no longer automatically install Nix to the action runner. You **MUST** set up a Nix with flakes support enabled prior to running this action, or your workflow will not function as expected.
|
||||
|
||||
## Example
|
||||
|
||||
Here's an example GitHub Action workflow using this Action:
|
||||
An example GitHub Action workflow using this action would look like the following:
|
||||
|
||||
```yaml
|
||||
name: update-flake-lock
|
||||
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
@ -24,8 +21,8 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
with:
|
||||
@ -37,14 +34,12 @@ jobs:
|
||||
|
||||
## Example updating specific input(s)
|
||||
|
||||
> [!NOTE]
|
||||
> If any inputs have a stale reference (e.g. the lockfile thinks a git input wants its "ref" to be "nixos-unstable", but the flake.nix specifies "nixos-unstable-small"), they are also updated. At this time, there is no known workaround.
|
||||
> **NOTE**: If any inputs have a stale reference (e.g. the lockfile thinks a git input wants its "ref" to be "nixos-unstable", but the flake.nix specifies "nixos-unstable-small"), they will also be updated. At this time, there is no known workaround.
|
||||
|
||||
It's also possible to update specific [flake inputs][inputs] by specifying them in a space-separated list:
|
||||
It is also possible to update specific inputs by specifying them in a space-separated list:
|
||||
|
||||
```yaml
|
||||
name: update-flake-lock
|
||||
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
@ -56,17 +51,17 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
inputs: input1 input2 input3
|
||||
```
|
||||
|
||||
## Example adding options to nix command
|
||||
|
||||
It's also possible to use specific options to the `nix` command in a space-separated list:
|
||||
It is also possible to use specific options to the nix command in a space separated list:
|
||||
|
||||
```yaml
|
||||
name: update-flake-lock
|
||||
@ -81,10 +76,10 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
nix-options: --debug --log-format raw
|
||||
```
|
||||
@ -104,11 +99,11 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
id: update
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
inputs: input1 input2 input3
|
||||
- name: Print PR number
|
||||
@ -133,11 +128,11 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
inputs: input1 input2 input3
|
||||
path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
|
||||
@ -160,29 +155,36 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
git-author-name: Jane Author
|
||||
git-author-email: github-actions[bot]@users.noreply.github.com
|
||||
git-committer-name: John Committer
|
||||
git-committer-email: github-actions[bot]@users.noreply.github.com
|
||||
git-author-name: 'Jane Author'
|
||||
git-author-email: 'github-actions[bot]@users.noreply.github.com'
|
||||
git-committer-name: 'John Committer'
|
||||
git-committer-email: 'github-actions[bot]@users.noreply.github.com'
|
||||
```
|
||||
|
||||
## Running GitHub Actions CI
|
||||
|
||||
GitHub Actions doesn't run workflows when a branch is pushed by or a PR is opened by a GitHub Action.
|
||||
There are two ways to have GitHub Actions CI run on a PR submitted by this action.
|
||||
GitHub Actions will not run workflows when a branch is pushed by or a PR is opened by a GitHub Action. There are two ways to have GitHub Actions CI run on a PR submitted by this action.
|
||||
|
||||
### Without a Personal Authentication Token
|
||||
|
||||
Without using a Personal Authentication Token, close and reopen the pull request manually to kick off CI.
|
||||
Without using a Personal Authentication Token, you can manually run the following to kick off a CI run:
|
||||
|
||||
```
|
||||
git branch -D update_flake_lock_action
|
||||
git fetch origin
|
||||
git checkout update_flake_lock_action
|
||||
git commit --amend --no-edit
|
||||
git push origin update_flake_lock_action --force
|
||||
```
|
||||
|
||||
### With a Personal Authentication Token
|
||||
|
||||
By providing a Personal Authentication Token, the PR is submitted in a way that bypasses this limitation (GitHub essentially thinks it's the owner of the PAT submitting the PR, and not an Action).
|
||||
By providing a Personal Authentication Token, the PR will be submitted in a way that bypasses this limitation (GitHub will essentially think it is the owner of the PAT submitting the PR, and not an Action).
|
||||
You can create a token by visiting https://github.com/settings/tokens and select at least the `repo` scope. For the new fine-grained tokens, you need to enable read and write access for "Contents" and "Pull Requests" permissions. Then, store this token in your repository secrets (i.e. `https://github.com/<USER>/<REPO>/settings/secrets/actions`) as `GH_TOKEN_FOR_UPDATES` and set up your workflow file like the following:
|
||||
|
||||
```yaml
|
||||
@ -198,34 +200,30 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
|
||||
```
|
||||
|
||||
## With GPG commit signing
|
||||
|
||||
It's possible for the bot to produce GPG-signed commits.
|
||||
Associating a GPG public key to a GitHub user account isn't required but it *is* necessary if you want the signed commits to appear as verified in Github.
|
||||
This can be a compliance requirement in some cases.
|
||||
It's possible for the bot to produce GPG signed commits. Associating a GPG public key to a github user account is not required but it is necessary if you want the signed commits to appear as verified in Github. This can be a compliance requirement in some cases.
|
||||
|
||||
You can follow [GitHub's guide to creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account).
|
||||
Using a specific GitHub user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal GitHub account.
|
||||
You can follow [Github's guide on creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account). Using a specific github user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal github account.
|
||||
|
||||
For the bot to produce signed commits, you need to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
|
||||
For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
|
||||
|
||||
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
||||
|
||||
If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
|
||||
|
||||
Here's an example of how to using this action with commit signing:
|
||||
You can find an example of how to using this action with commit signing below:
|
||||
|
||||
```yaml
|
||||
name: update-flake-lock
|
||||
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
@ -237,10 +235,10 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
sign-commits: true
|
||||
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
|
||||
@ -250,19 +248,18 @@ jobs:
|
||||
|
||||
## Custom PR Body
|
||||
|
||||
By default, the generated PR body uses this template:
|
||||
By default the generated PR body is set to be the following template:
|
||||
|
||||
````handlebars
|
||||
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
|
||||
|
||||
````
|
||||
```
|
||||
{{ env.GIT_COMMIT_MESSAGE }}
|
||||
````
|
||||
```
|
||||
|
||||
### Running GitHub Actions on this PR
|
||||
|
||||
GitHub Actions doesn't run workflows on pull requests that are opened by a GitHub Action.
|
||||
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
||||
|
||||
To run GitHub Actions workflows on this PR, run:
|
||||
|
||||
@ -275,14 +272,12 @@ git push origin update_flake_lock_action --force
|
||||
```
|
||||
````
|
||||
|
||||
You can customize it, however, using variable interpolation performed with [Handlebars].
|
||||
This enables you to customize the template with these variables:
|
||||
|
||||
- `env.GIT_AUTHOR_NAME`
|
||||
- `env.GIT_AUTHOR_EMAIL`
|
||||
- `env.GIT_COMMITTER_NAME`
|
||||
- `env.GIT_COMMITTER_EMAIL`
|
||||
- `env.GIT_COMMIT_MESSAGE`
|
||||
However you can customize it, with variable interpolation performed with [Handlebars](https://handlebarsjs.com/). This allows you to customize the template with the following variables:
|
||||
- env.GIT_AUTHOR_NAME
|
||||
- env.GIT_AUTHOR_EMAIL
|
||||
- env.GIT_COMMITTER_NAME
|
||||
- env.GIT_COMMITTER_EMAIL
|
||||
- env.GIT_COMMIT_MESSAGE
|
||||
|
||||
## Add assignees or reviewers
|
||||
|
||||
@ -302,10 +297,10 @@ jobs:
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Install Determinate Nix
|
||||
uses: DeterminateSystems/determinate-nix-action@v3
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@main
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
pr-assignees: SomeGitHubUsername
|
||||
pr-reviewers: SomeOtherGitHubUsername,SomeThirdGitHubUsername
|
||||
@ -313,16 +308,8 @@ jobs:
|
||||
|
||||
## Contributing
|
||||
|
||||
Feel free to send a PR or open an issue if you find that something functions unexpectedly!
|
||||
Please make sure to test your changes and update any related documentation before submitting your PR.
|
||||
Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.
|
||||
|
||||
### How to test changes
|
||||
|
||||
In order to more easily test your changes to this action, we have created a template repository that should point you in the right direction: https://github.com/DeterminateSystems/update-flake-lock-test-template.
|
||||
Please see the README in that repository for instructions on testing your changes.
|
||||
|
||||
[det-nix]: https://docs.determinate.systems/determinate-nix
|
||||
[flakes]: https://zero-to-nix.com/concepts/flakes
|
||||
[handlebars]: https://handlebarsjs.com
|
||||
[inputs]: https://zero-to-nix.com/concepts/flakes/#inputs
|
||||
[lockfile]: https://zero-to-nix.com/concepts/flakes/#lockfile
|
||||
In order to more easily test your changes to this action, we have created a template repository that should point you in the right direction: https://github.com/DeterminateSystems/update-flake-lock-test-template. Please see the README in that repository for instructions on testing your changes.
|
||||
|
12
action.yml
12
action.yml
@ -41,7 +41,15 @@ inputs:
|
||||
|
||||
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
|
||||
|
||||
**To run GitHub Actions workflows on this PR, close and re-open this pull request.**
|
||||
To run GitHub Actions workflows on this PR, run:
|
||||
|
||||
```sh
|
||||
git branch -D update_flake_lock_action
|
||||
git fetch origin
|
||||
git checkout update_flake_lock_action
|
||||
git commit --amend --no-edit
|
||||
git push origin update_flake_lock_action --force
|
||||
```
|
||||
|
||||
pr-labels:
|
||||
description: "A comma or newline separated list of labels to set on the Pull Request to be created"
|
||||
@ -110,7 +118,7 @@ runs:
|
||||
- name: Import bot's GPG key for signing commits
|
||||
if: ${{ inputs.sign-commits == 'true' }}
|
||||
id: import-gpg
|
||||
uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
|
||||
uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
|
||||
with:
|
||||
gpg_private_key: ${{ inputs.gpg-private-key }}
|
||||
fingerprint: ${{ inputs.gpg-fingerprint }}
|
||||
|
17806
dist/index.js
vendored
17806
dist/index.js
vendored
File diff suppressed because one or more lines are too long
2
dist/index.js.map
vendored
2
dist/index.js.map
vendored
File diff suppressed because one or more lines are too long
10
flake.lock
generated
10
flake.lock
generated
@ -2,12 +2,12 @@
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1746663147,
|
||||
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
|
||||
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
|
||||
"revCount": 796699,
|
||||
"lastModified": 1747327360,
|
||||
"narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=",
|
||||
"rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46",
|
||||
"revCount": 801034,
|
||||
"type": "tarball",
|
||||
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.796699%2Brev-dda3dcd3fe03e991015e9a74b22d35950f264a54/0196b263-02b0-7dec-8aca-c2506ed2485f/source.tar.gz"
|
||||
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.801034%2Brev-e06158e58f3adee28b139e9c2bcfcc41f8625b46/0196dcb0-347d-72e4-9e49-72254d6d1366/source.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
|
12
package.json
12
package.json
@ -35,13 +35,13 @@
|
||||
"@typescript-eslint/eslint-plugin": "^7.18.0",
|
||||
"@vercel/ncc": "^0.38.3",
|
||||
"eslint": "^8.57.1",
|
||||
"eslint-import-resolver-typescript": "^3.10.1",
|
||||
"eslint-import-resolver-typescript": "^3.6.3",
|
||||
"eslint-plugin-github": "^4.10.2",
|
||||
"eslint-plugin-import": "^2.31.0",
|
||||
"eslint-plugin-prettier": "^5.4.0",
|
||||
"prettier": "^3.5.3",
|
||||
"tsup": "^8.4.0",
|
||||
"typescript": "^5.8.3",
|
||||
"vitest": "^3.1.3"
|
||||
"eslint-plugin-prettier": "^5.2.1",
|
||||
"prettier": "^3.3.3",
|
||||
"tsup": "^8.3.5",
|
||||
"typescript": "^5.6.3",
|
||||
"vitest": "^1.6.0"
|
||||
}
|
||||
}
|
||||
|
6612
pnpm-lock.yaml
generated
6612
pnpm-lock.yaml
generated
File diff suppressed because it is too large
Load Diff
@ -54,7 +54,6 @@ class UpdateFlakeLockAction extends DetSysAction {
|
||||
|
||||
const execOptions: actionsExec.ExecOptions = {
|
||||
cwd: this.pathToFlakeDir !== null ? this.pathToFlakeDir : undefined,
|
||||
ignoreReturnCode: true,
|
||||
};
|
||||
|
||||
const exitCode = await actionsExec.exec("nix", nixCommandArgs, execOptions);
|
||||
|
Loading…
x
Reference in New Issue
Block a user