Update action.yml

DS-970: Add Magic Nix Cache and other workflow changes

.github/workflows/ci.yml

@@ -12,6 +12,8 @@ jobs:
         with:
           fetch-depth: 0
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
+        uses: DeterminateSystems/nix-installer-action@main
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
       - name: Shellcheck
         run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'

.github/workflows/update.yml

@@ -6,14 +6,15 @@ on:
 
 jobs:
   lockfile:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     steps:
-      - name: Checkout repository
+      - name: Checkout
         uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
-        with:
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+        uses: DeterminateSystems/nix-installer-action@main
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Check flake
+        uses: DeterminateSystems/flake-checker-action@main
       - name: Update flake.lock
         uses: ./.

.github/workflows/validate.yml

@@ -12,7 +12,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Validate YAML
-        uses: nwisbeta/validate-yaml-schema@v1.0.3
+        uses: nwisbeta/validate-yaml-schema@v2.0.0
         with:
           yamlSchemasJson: |
             {

README.md

@@ -20,12 +20,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
-        with:
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
         uses: DeterminateSystems/update-flake-lock@vX
         with:
@@ -53,18 +50,40 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
-        with:
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
         uses: DeterminateSystems/update-flake-lock@vX
         with:
           inputs: input1 input2 input3
 ```
 
+## Example adding options to nix command
+
+It is also possible to use specific options to the nix command in a space separated list:
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          nix-options: --debug --log-format raw
+```
+
 ## Example that prints the number of the created PR
 
 ```yaml
@@ -79,12 +98,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
-        with:
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
         id: update
         uses: DeterminateSystems/update-flake-lock@vX
@@ -111,17 +127,43 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
-        with:
-          extra_nix_config: |
-            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
         if: ${{ github.event_name != 'pull_request' }}
         uses: DeterminateSystems/update-flake-lock@vX
         with:
           inputs: input1 input2 input3
+          path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
+```
+
+## Example using a different Git user
+
+If you want to change the author and / or committer of the flake.lock update commit, you can tweak the `git-{author,committer}-{name,email}` options:
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          git-author-name: 'Jane Author'
+          git-author-email: 'github-actions[bot]@users.noreply.github.com'
+          git-committer-name: 'John Committer'
+          git-committer-email: 'github-actions[bot]@users.noreply.github.com'
 ```
 
 ## Running GitHub Actions CI
@@ -157,9 +199,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
         uses: DeterminateSystems/update-flake-lock@vX
         with:
@@ -174,7 +216,7 @@ You can follow [Github's guide on creating and/or adding a new GPG key to an use
 
 For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
 
-When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key. 
+When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
 
 If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
 
@@ -192,9 +234,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
-        uses: cachix/install-nix-action@v16
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
         uses: DeterminateSystems/update-flake-lock@vX
         with:
@@ -237,6 +279,33 @@ However you can customize it, with variable interpolation performed with [Handle
 - env.GIT_COMMITTER_EMAIL
 - env.GIT_COMMIT_MESSAGE
 
+## Add assignees or reviewers
+
+You can assign the PR to or request a review from one or more GitHub users with `pr-assignees` and `pr-reviewers`, respectively.
+These properties expect a comma or newline separated list of GitHub usernames:
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 1,4' # Run twice a week
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          pr-assignees: SomeGitHubUsername
+          pr-reviewers: SomeOtherGitHubUsername,SomeThirdGitHubUsername
+```
+
 ## Contributing
 
 Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.

action.yml

@@ -1,5 +1,5 @@
-name: 'Update flake.lock'
-description: 'Update your flake.lock and send a PR'
+name: 'Update Nix Flake Lock'
+description: 'Update your Nix flake.lock and send a PR'
 inputs:
   inputs:
     description: 'A space-separated list of inputs to update. Leave empty to update all inputs.'
@@ -13,10 +13,17 @@ inputs:
     description: 'The message provided with the commit'
     required: false
     default: "flake.lock: Update"
+  base:
+    description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow."
+    required: false
   branch:
     description: 'The branch of the PR to be created'
     required: false
     default: "update_flake_lock_action"
+  path-to-flake-dir:
+    description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.'
+    required: false
+    default: ''
   pr-title:
     description: 'The title of the PR to be created'
     required: false
@@ -49,6 +56,30 @@ inputs:
     description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
     required: false
     default: ''
+  pr-assignees:
+    description: 'A comma or newline separated list of assignees (GitHub usernames).'
+    required: false
+    default: ''
+  pr-reviewers:
+    description: 'A comma or newline separated list of reviewers (GitHub usernames) to request a review from.'
+    required: false
+    default: ''
+  git-author-name:
+    description: 'Author name used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]'
+  git-author-email:
+    description: 'Author email used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]@users.noreply.github.com'
+  git-committer-name:
+    description: 'Committer name used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]'
+  git-committer-email:
+    description: 'Committer email used for commit. Only used if sign-commits is false.'
+    required: false
+    default: 'github-actions[bot]@users.noreply.github.com'
   sign-commits:
     description: 'Set to true if the action should sign the commit with GPG'
     required: false
@@ -64,10 +95,17 @@ inputs:
     description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
     required: false
     default: ''
+  nix-options:
+    description: 'A space-separated list of options to pass to the nix command'
+    required: false
+    default: ''
 outputs:
   pull-request-number:
     description: 'The number of the opened pull request'
     value: ${{ steps.create-pr.outputs.pull-request-number }}
+  pull-request-operation:
+    description: 'The pull request operation performed by the action, `created`, `updated` or `closed`.'
+    value: ${{ steps.create-pr.outputs.pull-request-operation }}
 runs:
   using: "composite"
   steps:
@@ -100,10 +138,10 @@ runs:
       if: ${{ inputs.sign-commits != 'true' }}
       shell: bash
       run: |
-        echo "GIT_AUTHOR_NAME=github-actions[bot]" >> $GITHUB_ENV
-        echo "GIT_AUTHOR_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
-        echo "GIT_COMMITTER_NAME=github-actions[bot]" >> $GITHUB_ENV
-        echo "GIT_COMMITTER_EMAIL=<github-actions[bot]@users.noreply.github.com>" >> $GITHUB_ENV
+        echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV
+        echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
+        echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
+        echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
     - name: Run update-flake-lock.sh
       run: $GITHUB_ACTION_PATH/update-flake-lock.sh
       shell: bash
@@ -112,10 +150,12 @@ runs:
         GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
         GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
         GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
+        NIX_OPTIONS: ${{ inputs.nix-options }}
         TARGETS: ${{ inputs.inputs }}
         COMMIT_MSG: ${{ inputs.commit-msg }}
+        PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
     - name: Save PR Body as file
-      uses: DamianReeves/write-file-action@v1.1
+      uses: DamianReeves/write-file-action@v1.2
       with:
         path: pr_body.template
         contents: ${{ inputs.pr-body }}
@@ -123,20 +163,20 @@ runs:
     - name: Set additional env variables (GIT_COMMIT_MESSAGE)
       shell: bash
       run: |
-        GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
-        GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
-        GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
-        GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
-        echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
-        echo "GIT_COMMIT_MESSAGE is: ${GIT_COMMIT_MESSAGE}"
+        DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+        COMMIT_MESSAGE="$(git log --format=%b -n 1)"
+        echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV
+        echo "$COMMIT_MESSAGE" >> $GITHUB_ENV
+        echo "$DELIMITER" >> $GITHUB_ENV
+        echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}"
     - name: Interpolate PR Body
-      uses: pedrolamas/handlebars-action@v2.0.0
+      uses: pedrolamas/handlebars-action@v2.2.0
       with:
         files: 'pr_body.template'
         output-filename: 'pr_body.txt'
     - name: Read pr_body.txt
       id: pr_body
-      uses: andstor/file-reader-action@v1
+      uses: juliangruber/read-file-action@v1
       with:
         path: "pr_body.txt"
     # We need to remove the pr_body files so that the
@@ -147,13 +187,16 @@ runs:
       run: rm -f pr_body.txt pr_body.template
     - name: Create PR
       id: create-pr
-      uses: peter-evans/create-pull-request@v3
+      uses: peter-evans/create-pull-request@v4
       with:
+        base: ${{ inputs.base }}
         branch: ${{ inputs.branch }}
         delete-branch: true
         committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }}
         author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }}
         title: ${{ inputs.pr-title }}
         token: ${{ inputs.token }}
+        assignees: ${{ inputs.pr-assignees }}
         labels: ${{ inputs.pr-labels }}
-        body: ${{ steps.pr_body.outputs.contents }}
+        reviewers: ${{ inputs.pr-reviewers }}
+        body: ${{ steps.pr_body.outputs.content }}

update-flake-lock.sh

@@ -1,12 +1,23 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
+if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
+  cd "$PATH_TO_FLAKE_DIR"
+fi
+
+options=()
+if [[ -n "$NIX_OPTIONS" ]]; then
+    for option in $NIX_OPTIONS; do
+        options+=("${option}")
+    done
+fi
+
 if [[ -n "$TARGETS" ]]; then
     inputs=()
     for input in $TARGETS; do
         inputs+=("--update-input" "$input")
     done
-    nix flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+    nix "${options[@]}" flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
 else
-    nix flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+    nix "${options[@]}" flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
 fi