Expose option to configure branch for PR (#36)

Flake lock file updates:

• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/83658b28fe638a170a19b8933aa008b30640fbd1' (2022-05-26)
  → 'github:nixos/nixpkgs/e0169d7a9d324afebf5679551407756c77af8930' (2022-06-08)

.github/workflows/ci.yml

@@ -8,7 +8,7 @@ jobs:
   shellcheck:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Install Nix

.github/workflows/update.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Install Nix
         uses: cachix/install-nix-action@v16
         with:

.github/workflows/validate.yml

@@ -0,0 +1,20 @@
+name: CI
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Validate YAML
+        uses: nwisbeta/validate-yaml-schema@v1.0.3
+        with:
+          yamlSchemasJson: |
+            {
+              "https://json.schemastore.org/github-action.json": ["action.yml"]
+            }

README.md

@@ -27,7 +27,12 @@ jobs:
           extra_nix_config: |
             access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
       - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@v3
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          pr-title: "Update flake.lock" # Title of PR to be created
+          pr-labels: |                  # Labels to be set on the PR
+            dependencies
+            automated
 ```
 
 ## Example updating specific input(s)
@@ -60,9 +65,72 @@ jobs:
           inputs: input1 input2 input3
 ```
 
+## Example that prints the number of the created PR
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install Nix
+        uses: cachix/install-nix-action@v16
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: Update flake.lock
+        id: update
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          inputs: input1 input2 input3
+      - name: Print PR number
+        run: echo Pull request number is ${{ steps.update.outputs.pull-request-number }}.
+```
+
+## Example that doesn't run on PRs
+
+If you were to run this action as a part of your CI workflow, you may want to prevent it from running against Pull Requests.
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  pull_request: # triggers on every Pull Request
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install Nix
+        uses: cachix/install-nix-action@v16
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      - name: Update flake.lock
+        if: ${{ github.event_name != 'pull_request' }}
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          inputs: input1 input2 input3
+```
+
 ## Running GitHub Actions CI
 
-GitHub Actions will not run workflows when a branch is pushed by or a PR is opened by a GitHub Action. To work around this, try:
+GitHub Actions will not run workflows when a branch is pushed by or a PR is opened by a GitHub Action. There are two ways to have GitHub Actions CI run on a PR submitted by this action.
+
+### Without a Personal Authentication Token
+
+Without using a Personal Authentication Token, you can manually run the following to kick off a CI run:
 
 ```
 git branch -D update_flake_lock_action
@@ -72,6 +140,32 @@ git commit --amend --no-edit
 git push origin update_flake_lock_action --force
 ```
 
+### With a Personal Authentication Token
+
+By providing a Personal Authentication Token, the PR will be submitted in a way that bypasses this limitation (GitHub will essentially think it is the owner of the PAT submitting the PR, and not an Action).
+You can create a token by visiting https://github.com/settings/tokens and select at least the `repo` scope. Then, store this token in your repository secrets (i.e. 'https://github.com/<USER>/<REPO>/settings/secrets/actions') as `GH_TOKEN_FOR_UPDATES` and set up your workflow file like the following:
+
+```yaml
+name: update-flake-lock
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 1,4' # Run twice a week
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+      - name: Install Nix
+        uses: cachix/install-nix-action@v16
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@vX
+        with:
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
+```
+
 ## Contributing
 
 Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.

action.yml

@@ -5,16 +5,42 @@ inputs:
     description: 'A space-separated list of inputs to update. Leave empty to update all inputs.'
     required: false
     default: ''
+  token:
+    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
+    required: false
+    default: ${{ github.token }}
+  commit-msg:
+    description: 'The message provided with the commit'
+    required: false
+    default: "flake.lock: Update"
+  branch:
+    description: 'The branch of the PR to be created'
+    required: false
+    default: "update_flake_lock_action"
+  pr-title:
+    description: 'The title of the PR to be created'
+    required: false
+    default: "flake.lock: Update"
+  pr-labels:
+    description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
+    required: false
+    default: ''
+outputs:
+  pull-request-number:
+    description: 'The number of the opened pull request'
+    value: ${{ steps.create-pr.outputs.pull-request-number }}
 runs:
   using: "composite"
   steps:
-    - run: ./update-input-or-inputs.sh ${{ inputs.inputs }}
+    - run: $GITHUB_ACTION_PATH/update-flake-lock.sh
       shell: bash
       env:
         GIT_AUTHOR_NAME: github-actions[bot]
         GIT_AUTHOR_EMAIL: <github-actions[bot]@users.noreply.github.com>
         GIT_COMMITTER_NAME: github-actions[bot]
         GIT_COMMITTER_EMAIL: <github-actions[bot]@users.noreply.github.com>
+        TARGETS: ${{ inputs.inputs }}
+        COMMIT_MSG: ${{ inputs.commit-msg }}
     - run: |
         content="$(git log --format=%b -n 1)"
         content="${content//'%'/'%25'}"
@@ -24,11 +50,14 @@ runs:
       shell: bash
       id: commit_message
     - name: Create PR
+      id: create-pr
       uses: peter-evans/create-pull-request@v3
       with:
-        branch: update_flake_lock_action
+        branch: ${{ inputs.branch }}
         delete-branch: true
-        title: "flake.lock: Update"
+        title: ${{ inputs.pr-title }}
+        token: ${{ inputs.token }}
+        labels: ${{ inputs.pr-labels }}
         body: |
           Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
 

flake.lock

@@ -2,16 +2,16 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1638263381,
+        "lastModified": 1654682581,
-        "narHash": "sha256-1rZDxTw74ETuJEjwPfpMgY0sfx8Cv1tRNt3gibol574=",
+        "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "7b031d0d99e8cdaf0b70457c0cb33f16c0c958bb",
+        "rev": "e0169d7a9d324afebf5679551407756c77af8930",
         "type": "github"
       },
       "original": {
         "owner": "nixos",
-        "ref": "nixos-unstable-small",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }

update-flake-lock.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -n "$TARGETS" ]]; then
+    inputs=()
+    for input in $TARGETS; do
+        inputs+=("--update-input" "$input")
+    done
+    nix flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+else
+    nix flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+fi

update-input-or-inputs.sh

@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-to_update=$*
-
-if [ -n "$to_update" ]; then
-  inputs=()
-  for input in $to_update; do
-    inputs+=("--update-input" "$input")
-  done
-  nix flake lock "${inputs[@]}" --commit-lock-file
-else
-  nix flake update --commit-lock-file
-fi