Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0ad9a55048 | |||
| 0ed7fb71ea | |||
| 03bec486c7 | |||
| 235f95922e | |||
| 42dbe10fb3 | |||
| a8f58509de | |||
| ea4115a12c | |||
| 4cf0d5d8d6 | |||
| acabbe21fc |
6
.github/dependabot.yml
vendored
Normal file
6
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
version: 2
|
||||||
|
updates:
|
||||||
|
- package-ecosystem: "github-actions"
|
||||||
|
directory: "/"
|
||||||
|
schedule:
|
||||||
|
interval: "daily"
|
||||||
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@ -12,6 +12,6 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
- name: Install Nix
|
- name: Install Nix
|
||||||
uses: cachix/install-nix-action@v16
|
uses: cachix/install-nix-action@v17
|
||||||
- name: Shellcheck
|
- name: Shellcheck
|
||||||
run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'
|
run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'
|
||||||
|
|||||||
2
.github/workflows/update.yml
vendored
2
.github/workflows/update.yml
vendored
@ -11,7 +11,7 @@ jobs:
|
|||||||
- name: Checkout repository
|
- name: Checkout repository
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
- name: Install Nix
|
- name: Install Nix
|
||||||
uses: cachix/install-nix-action@v16
|
uses: cachix/install-nix-action@v17
|
||||||
with:
|
with:
|
||||||
extra_nix_config: |
|
extra_nix_config: |
|
||||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|||||||
@ -122,6 +122,7 @@ jobs:
|
|||||||
uses: DeterminateSystems/update-flake-lock@vX
|
uses: DeterminateSystems/update-flake-lock@vX
|
||||||
with:
|
with:
|
||||||
inputs: input1 input2 input3
|
inputs: input1 input2 input3
|
||||||
|
path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
|
||||||
```
|
```
|
||||||
|
|
||||||
## Running GitHub Actions CI
|
## Running GitHub Actions CI
|
||||||
@ -143,7 +144,7 @@ git push origin update_flake_lock_action --force
|
|||||||
### With a Personal Authentication Token
|
### With a Personal Authentication Token
|
||||||
|
|
||||||
By providing a Personal Authentication Token, the PR will be submitted in a way that bypasses this limitation (GitHub will essentially think it is the owner of the PAT submitting the PR, and not an Action).
|
By providing a Personal Authentication Token, the PR will be submitted in a way that bypasses this limitation (GitHub will essentially think it is the owner of the PAT submitting the PR, and not an Action).
|
||||||
You can create a token by visiting https://github.com/settings/tokens and select at least the `repo` scope. Then, store this token in your repository secrets (i.e. 'https://github.com/<USER>/<REPO>/settings/secrets/actions') as `GH_TOKEN_FOR_UPDATES` and set up your workflow file like the following:
|
You can create a token by visiting https://github.com/settings/tokens and select at least the `repo` scope. Then, store this token in your repository secrets (i.e. `https://github.com/<USER>/<REPO>/settings/secrets/actions`) as `GH_TOKEN_FOR_UPDATES` and set up your workflow file like the following:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
name: update-flake-lock
|
name: update-flake-lock
|
||||||
@ -176,6 +177,8 @@ For the bot to produce signed commits, you will have to provide the GPG private
|
|||||||
|
|
||||||
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
||||||
|
|
||||||
|
If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
|
||||||
|
|
||||||
You can find an example of how to using this action with commit signing below:
|
You can find an example of how to using this action with commit signing below:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
@ -198,6 +201,7 @@ jobs:
|
|||||||
with:
|
with:
|
||||||
sign-commits: true
|
sign-commits: true
|
||||||
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
|
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
|
||||||
|
gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} # specify subkey fingerprint (optional)
|
||||||
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|||||||
17
action.yml
17
action.yml
@ -17,6 +17,10 @@ inputs:
|
|||||||
description: 'The branch of the PR to be created'
|
description: 'The branch of the PR to be created'
|
||||||
required: false
|
required: false
|
||||||
default: "update_flake_lock_action"
|
default: "update_flake_lock_action"
|
||||||
|
path-to-flake-dir:
|
||||||
|
description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.'
|
||||||
|
required: false
|
||||||
|
default: ''
|
||||||
pr-title:
|
pr-title:
|
||||||
description: 'The title of the PR to be created'
|
description: 'The title of the PR to be created'
|
||||||
required: false
|
required: false
|
||||||
@ -57,6 +61,9 @@ inputs:
|
|||||||
description: 'GPG Private Key with which to sign the commits in the PR to be created'
|
description: 'GPG Private Key with which to sign the commits in the PR to be created'
|
||||||
required: false
|
required: false
|
||||||
default: ''
|
default: ''
|
||||||
|
gpg-fingerprint:
|
||||||
|
description: 'Fingerprint of specific GPG subkey to use'
|
||||||
|
required: false
|
||||||
gpg-passphrase:
|
gpg-passphrase:
|
||||||
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
|
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
|
||||||
required: false
|
required: false
|
||||||
@ -71,9 +78,10 @@ runs:
|
|||||||
- name: Import bot's GPG key for signing commits
|
- name: Import bot's GPG key for signing commits
|
||||||
if: ${{ inputs.sign-commits == 'true' }}
|
if: ${{ inputs.sign-commits == 'true' }}
|
||||||
id: import-gpg
|
id: import-gpg
|
||||||
uses: crazy-max/ghaction-import-gpg@v4
|
uses: crazy-max/ghaction-import-gpg@v5
|
||||||
with:
|
with:
|
||||||
gpg_private_key: ${{ inputs.gpg-private-key }}
|
gpg_private_key: ${{ inputs.gpg-private-key }}
|
||||||
|
fingerprint: ${{ inputs.gpg-fingerprint }}
|
||||||
passphrase: ${{ inputs.gpg-passphrase }}
|
passphrase: ${{ inputs.gpg-passphrase }}
|
||||||
git_config_global: true
|
git_config_global: true
|
||||||
git_user_signingkey: true
|
git_user_signingkey: true
|
||||||
@ -110,6 +118,7 @@ runs:
|
|||||||
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
|
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
|
||||||
TARGETS: ${{ inputs.inputs }}
|
TARGETS: ${{ inputs.inputs }}
|
||||||
COMMIT_MSG: ${{ inputs.commit-msg }}
|
COMMIT_MSG: ${{ inputs.commit-msg }}
|
||||||
|
PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
|
||||||
- name: Save PR Body as file
|
- name: Save PR Body as file
|
||||||
uses: DamianReeves/write-file-action@v1.1
|
uses: DamianReeves/write-file-action@v1.1
|
||||||
with:
|
with:
|
||||||
@ -135,6 +144,12 @@ runs:
|
|||||||
uses: andstor/file-reader-action@v1
|
uses: andstor/file-reader-action@v1
|
||||||
with:
|
with:
|
||||||
path: "pr_body.txt"
|
path: "pr_body.txt"
|
||||||
|
# We need to remove the pr_body files so that the
|
||||||
|
# peter-evans/create-pull-request action does not commit it (the
|
||||||
|
# action commits all new and modified files).
|
||||||
|
- name: Remove PR body template files
|
||||||
|
shell: bash
|
||||||
|
run: rm -f pr_body.txt pr_body.template
|
||||||
- name: Create PR
|
- name: Create PR
|
||||||
id: create-pr
|
id: create-pr
|
||||||
uses: peter-evans/create-pull-request@v3
|
uses: peter-evans/create-pull-request@v3
|
||||||
|
|||||||
6
flake.lock
generated
6
flake.lock
generated
@ -2,11 +2,11 @@
|
|||||||
"nodes": {
|
"nodes": {
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1654682581,
|
"lastModified": 1659131907,
|
||||||
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
|
"narHash": "sha256-8bz4k18M/FuVC+EVcI4aREN2PsEKT7LGmU2orfjnpCg=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
|
"rev": "8d435fca5c561da8168abb30270788d2da2a7951",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|||||||
@ -1,6 +1,10 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
|
||||||
|
cd "$PATH_TO_FLAKE_DIR"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -n "$TARGETS" ]]; then
|
if [[ -n "$TARGETS" ]]; then
|
||||||
inputs=()
|
inputs=()
|
||||||
for input in $TARGETS; do
|
for input in $TARGETS; do
|
||||||
|
|||||||
Reference in New Issue
Block a user