Compare commits
24 Commits
v15
...
flake-chec
| Author | SHA1 | Date | |
|---|---|---|---|
| 8c780fa98c | |||
| 957598f6bb | |||
| 867838943c | |||
| dec3bc3c9b | |||
| ad81b423ab | |||
| c7487e8c98 | |||
| 54eb0b2901 | |||
| 8a88a06550 | |||
| 9af2d0f36a | |||
| b55ee105d9 | |||
| bc75a5b55e | |||
| 786e5cf5a2 | |||
| 085c3a0b6d | |||
| 29d64d0332 | |||
| cc83127440 | |||
| 6411dd26e0 | |||
| 6f9746fc32 | |||
| 483538ef54 | |||
| 114dde340d | |||
| 876a472251 | |||
| a0c5484d59 | |||
| 766761fdfc | |||
| 5f6870f3a9 | |||
| 1e98f70b34 |
6
.github/workflows/ci.yml
vendored
6
.github/workflows/ci.yml
vendored
@ -11,7 +11,11 @@ jobs:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Check Nixpkgs input
|
||||
uses: DeterminateSystems/flake-checker-action@v4
|
||||
with:
|
||||
fail-mode: true
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v17
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
- name: Shellcheck
|
||||
run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'
|
||||
|
||||
7
.github/workflows/update.yml
vendored
7
.github/workflows/update.yml
vendored
@ -2,7 +2,7 @@ name: update-flake-lock
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: '0 0 * * 0'
|
||||
- cron: "0 0 * * 0"
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
@ -11,9 +11,6 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v17
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
uses: DeterminateSystems/nix-installer-action@main
|
||||
- name: Update flake.lock
|
||||
uses: ./.
|
||||
|
||||
2
.github/workflows/validate.yml
vendored
2
.github/workflows/validate.yml
vendored
@ -12,7 +12,7 @@ jobs:
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: Validate YAML
|
||||
uses: nwisbeta/validate-yaml-schema@v1.0.3
|
||||
uses: nwisbeta/validate-yaml-schema@v2.0.0
|
||||
with:
|
||||
yamlSchemasJson: |
|
||||
{
|
||||
|
||||
83
README.md
83
README.md
@ -22,10 +22,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
@ -55,16 +52,38 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
inputs: input1 input2 input3
|
||||
```
|
||||
|
||||
## Example adding options to nix command
|
||||
|
||||
It is also possible to use specific options to the nix command in a space separated list:
|
||||
|
||||
```yaml
|
||||
name: update-flake-lock
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
nix-options: --debug --log-format raw
|
||||
```
|
||||
|
||||
## Example that prints the number of the created PR
|
||||
|
||||
```yaml
|
||||
@ -81,10 +100,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
id: update
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
@ -113,10 +129,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
if: ${{ github.event_name != 'pull_request' }}
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
@ -143,10 +156,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
with:
|
||||
extra_nix_config: |
|
||||
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
@ -191,7 +201,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
@ -206,7 +216,7 @@ You can follow [Github's guide on creating and/or adding a new GPG key to an use
|
||||
|
||||
For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
|
||||
|
||||
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
||||
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
|
||||
|
||||
If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.
|
||||
|
||||
@ -226,7 +236,7 @@ jobs:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v16
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
@ -269,6 +279,33 @@ However you can customize it, with variable interpolation performed with [Handle
|
||||
- env.GIT_COMMITTER_EMAIL
|
||||
- env.GIT_COMMIT_MESSAGE
|
||||
|
||||
## Add assignees or reviewers
|
||||
|
||||
You can assign the PR to or request a review from one or more GitHub users with `pr-assignees` and `pr-reviewers`, respectively.
|
||||
These properties expect a comma or newline separated list of GitHub usernames:
|
||||
|
||||
```yaml
|
||||
name: update-flake-lock
|
||||
on:
|
||||
workflow_dispatch: # allows manual triggering
|
||||
schedule:
|
||||
- cron: '0 0 * * 1,4' # Run twice a week
|
||||
|
||||
jobs:
|
||||
lockfile:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v2
|
||||
- name: Install Nix
|
||||
uses: DeterminateSystems/nix-installer-action@v1
|
||||
- name: Update flake.lock
|
||||
uses: DeterminateSystems/update-flake-lock@vX
|
||||
with:
|
||||
pr-assignees: SomeGitHubUsername
|
||||
pr-reviewers: SomeOtherGitHubUsername,SomeThirdGitHubUsername
|
||||
```
|
||||
|
||||
## Contributing
|
||||
|
||||
Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.
|
||||
|
||||
44
action.yml
44
action.yml
@ -13,6 +13,9 @@ inputs:
|
||||
description: 'The message provided with the commit'
|
||||
required: false
|
||||
default: "flake.lock: Update"
|
||||
base:
|
||||
description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow."
|
||||
required: false
|
||||
branch:
|
||||
description: 'The branch of the PR to be created'
|
||||
required: false
|
||||
@ -53,6 +56,14 @@ inputs:
|
||||
description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
|
||||
required: false
|
||||
default: ''
|
||||
pr-assignees:
|
||||
description: 'A comma or newline separated list of assignees (GitHub usernames).'
|
||||
required: false
|
||||
default: ''
|
||||
pr-reviewers:
|
||||
description: 'A comma or newline separated list of reviewers (GitHub usernames) to request a review from.'
|
||||
required: false
|
||||
default: ''
|
||||
git-author-name:
|
||||
description: 'Author name used for commit. Only used if sign-commits is false.'
|
||||
required: false
|
||||
@ -84,10 +95,17 @@ inputs:
|
||||
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
|
||||
required: false
|
||||
default: ''
|
||||
nix-options:
|
||||
description: 'A space-separated list of options to pass to the nix command'
|
||||
required: false
|
||||
default: ''
|
||||
outputs:
|
||||
pull-request-number:
|
||||
description: 'The number of the opened pull request'
|
||||
value: ${{ steps.create-pr.outputs.pull-request-number }}
|
||||
pull-request-operation:
|
||||
description: 'The pull request operation performed by the action, `created`, `updated` or `closed`.'
|
||||
value: ${{ steps.create-pr.outputs.pull-request-operation }}
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
@ -132,11 +150,12 @@ runs:
|
||||
GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
|
||||
GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
|
||||
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
|
||||
NIX_OPTIONS: ${{ inputs.nix-options }}
|
||||
TARGETS: ${{ inputs.inputs }}
|
||||
COMMIT_MSG: ${{ inputs.commit-msg }}
|
||||
PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
|
||||
- name: Save PR Body as file
|
||||
uses: DamianReeves/write-file-action@v1.1
|
||||
uses: DamianReeves/write-file-action@v1.2
|
||||
with:
|
||||
path: pr_body.template
|
||||
contents: ${{ inputs.pr-body }}
|
||||
@ -144,20 +163,20 @@ runs:
|
||||
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
|
||||
shell: bash
|
||||
run: |
|
||||
GIT_COMMIT_MESSAGE="$(git log --format=%b -n 1)"
|
||||
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//'%'/'%25'}"
|
||||
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\n'/'%0A'}"
|
||||
GIT_COMMIT_MESSAGE="${GIT_COMMIT_MESSAGE//$'\r'/'%0D'}"
|
||||
echo "GIT_COMMIT_MESSAGE=$GIT_COMMIT_MESSAGE" >> $GITHUB_ENV
|
||||
echo "GIT_COMMIT_MESSAGE is: ${GIT_COMMIT_MESSAGE}"
|
||||
DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
|
||||
COMMIT_MESSAGE="$(git log --format=%b -n 1)"
|
||||
echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV
|
||||
echo "$COMMIT_MESSAGE" >> $GITHUB_ENV
|
||||
echo "$DELIMITER" >> $GITHUB_ENV
|
||||
echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}"
|
||||
- name: Interpolate PR Body
|
||||
uses: pedrolamas/handlebars-action@v2.0.0
|
||||
uses: pedrolamas/handlebars-action@v2.2.0
|
||||
with:
|
||||
files: 'pr_body.template'
|
||||
output-filename: 'pr_body.txt'
|
||||
- name: Read pr_body.txt
|
||||
id: pr_body
|
||||
uses: andstor/file-reader-action@v1
|
||||
uses: juliangruber/read-file-action@v1
|
||||
with:
|
||||
path: "pr_body.txt"
|
||||
# We need to remove the pr_body files so that the
|
||||
@ -168,13 +187,16 @@ runs:
|
||||
run: rm -f pr_body.txt pr_body.template
|
||||
- name: Create PR
|
||||
id: create-pr
|
||||
uses: peter-evans/create-pull-request@v3
|
||||
uses: peter-evans/create-pull-request@v4
|
||||
with:
|
||||
base: ${{ inputs.base }}
|
||||
branch: ${{ inputs.branch }}
|
||||
delete-branch: true
|
||||
committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }}
|
||||
author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }}
|
||||
title: ${{ inputs.pr-title }}
|
||||
token: ${{ inputs.token }}
|
||||
assignees: ${{ inputs.pr-assignees }}
|
||||
labels: ${{ inputs.pr-labels }}
|
||||
body: ${{ steps.pr_body.outputs.contents }}
|
||||
reviewers: ${{ inputs.pr-reviewers }}
|
||||
body: ${{ steps.pr_body.outputs.content }}
|
||||
|
||||
6
flake.lock
generated
6
flake.lock
generated
@ -2,11 +2,11 @@
|
||||
"nodes": {
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1659131907,
|
||||
"narHash": "sha256-8bz4k18M/FuVC+EVcI4aREN2PsEKT7LGmU2orfjnpCg=",
|
||||
"lastModified": 1686869522,
|
||||
"narHash": "sha256-tbJ9B8WLCTnVP/LwESRlg0dII6Zyg2LmUU/mB9Lu98E=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8d435fca5c561da8168abb30270788d2da2a7951",
|
||||
"rev": "7c67f006ea0e7d0265f16d7df07cc076fdffd91f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
||||
@ -5,12 +5,19 @@ if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
|
||||
cd "$PATH_TO_FLAKE_DIR"
|
||||
fi
|
||||
|
||||
options=()
|
||||
if [[ -n "$NIX_OPTIONS" ]]; then
|
||||
for option in $NIX_OPTIONS; do
|
||||
options+=("${option}")
|
||||
done
|
||||
fi
|
||||
|
||||
if [[ -n "$TARGETS" ]]; then
|
||||
inputs=()
|
||||
for input in $TARGETS; do
|
||||
inputs+=("--update-input" "$input")
|
||||
done
|
||||
nix flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
|
||||
nix "${options[@]}" flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
|
||||
else
|
||||
nix flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
|
||||
nix "${options[@]}" flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user