Compare commits
7 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 0ad9a55048 | |||
| 0ed7fb71ea | |||
| 03bec486c7 | |||
| 235f95922e | |||
| 42dbe10fb3 | |||
| a8f58509de | |||
| ea4115a12c |
6
.github/dependabot.yml
vendored
Normal file
6
.github/dependabot.yml
vendored
Normal file
@ -0,0 +1,6 @@
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
2
.github/workflows/ci.yml
vendored
2
.github/workflows/ci.yml
vendored
@ -12,6 +12,6 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
uses: cachix/install-nix-action@v17
|
||||
- name: Shellcheck
|
||||
run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'
|
||||
|
||||
2
.github/workflows/update.yml
vendored
2
.github/workflows/update.yml
vendored
@ -11,7 +11,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
uses: cachix/install-nix-action@v17
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
@ -122,6 +122,7 @@ jobs:
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
inputs: input1 input2 input3
|
||||
path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
|
||||
```
|
||||
|
||||
## Running GitHub Actions CI
|
||||
@ -176,6 +177,8 @@ For the bot to produce signed commits, you will have to provide the GPG private
|
||||
|
||||
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
||||
|
||||
If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
|
||||
|
||||
You can find an example of how to using this action with commit signing below:
|
||||
|
||||
```yaml
|
||||
@ -198,6 +201,7 @@ jobs:
|
||||
with:
|
||||
sign-commits: true
|
||||
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
|
||||
gpg-fingerprint: ${{ secrets.GPG_FINGERPRINT }} # specify subkey fingerprint (optional)
|
||||
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
||||
```
|
||||
|
||||
|
||||
11
action.yml
11
action.yml
@ -17,6 +17,10 @@ inputs:
|
||||
description: 'The branch of the PR to be created'
|
||||
required: false
|
||||
default: "update_flake_lock_action"
|
||||
path-to-flake-dir:
|
||||
description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.'
|
||||
required: false
|
||||
default: ''
|
||||
pr-title:
|
||||
description: 'The title of the PR to be created'
|
||||
required: false
|
||||
@ -57,6 +61,9 @@ inputs:
|
||||
description: 'GPG Private Key with which to sign the commits in the PR to be created'
|
||||
required: false
|
||||
default: ''
|
||||
gpg-fingerprint:
|
||||
description: 'Fingerprint of specific GPG subkey to use'
|
||||
required: false
|
||||
gpg-passphrase:
|
||||
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
|
||||
required: false
|
||||
@ -71,9 +78,10 @@ runs:
|
||||
- name: Import bot's GPG key for signing commits
|
||||
if: ${{ inputs.sign-commits == 'true' }}
|
||||
id: import-gpg
|
||||
uses: crazy-max/ghaction-import-gpg@v4
|
||||
uses: crazy-max/ghaction-import-gpg@v5
|
||||
with:
|
||||
gpg_private_key: ${{ inputs.gpg-private-key }}
|
||||
fingerprint: ${{ inputs.gpg-fingerprint }}
|
||||
passphrase: ${{ inputs.gpg-passphrase }}
|
||||
git_config_global: true
|
||||
git_user_signingkey: true
|
||||
@ -110,6 +118,7 @@ runs:
|
||||
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
|
||||
TARGETS: ${{ inputs.inputs }}
|
||||
COMMIT_MSG: ${{ inputs.commit-msg }}
|
||||
PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
|
||||
- name: Save PR Body as file
|
||||
uses: DamianReeves/write-file-action@v1.1
|
||||
with:
|
||||
|
||||
6
flake.lock
generated
6
flake.lock
generated
@ -2,11 +2,11 @@
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1654682581,
|
||||
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
|
||||
"lastModified": 1659131907,
|
||||
"narHash": "sha256-8bz4k18M/FuVC+EVcI4aREN2PsEKT7LGmU2orfjnpCg=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
|
||||
"rev": "8d435fca5c561da8168abb30270788d2da2a7951",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@ -1,6 +1,10 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
|
||||
cd "$PATH_TO_FLAKE_DIR"
|
||||
fi
|
||||
|
||||
if [[ -n "$TARGETS" ]]; then
|
||||
inputs=()
|
||||
for input in $TARGETS; do
|
||||
|
||||
Reference in New Issue
Block a user