pullix/.github/workflows/update.yml at main · scarisey/pullix · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: "Update flake inputs"
on:
  workflow_dispatch:
  schedule:
    - cron: "0 0 * * 4" # Every week on Thursday.
jobs:
  update:
    runs-on: ubuntu-latest
    env:
      NIXPKGS_ALLOW_BROKEN: "1"
      NIXPKGS_ALLOW_UNFREE: "1"
      NIXPKGS_ALLOW_INSECURE: "1"
      NIX_CONFIG: |
        experimental-features = nix-command flakes
        access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
      GIT_AUTHOR_NAME: github-actions[bot]
      GIT_AUTHOR_EMAIL: github-actions[bot]@users.noreply.github.com
      GIT_COMMITTER_NAME: github-actions[bot]
      GIT_COMMITTER_EMAIL: github-actions[bot]@users.noreply.github.com
    permissions:
      actions: write
      contents: write
      pull-requests: write
    steps:
      - uses: actions/checkout@v6
      - name: mount Nix store on larger partition
        # on the Linux runner `/` doesn't have enough space, but there's a `/mnt` which does.
        if: runner.os == 'Linux'
        run: |
          sudo mkdir /nix /mnt/nix
          sudo mount --bind /mnt/nix /nix
      - uses: cachix/install-nix-action@v31
        with:
          nix_path: nixpkgs=channel:nixos-unstable
      - uses: cachix/cachix-action@v16
        with:
          name: scarisey-public
          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
      - name: Prepare update branch
        run: |
          git remote remove origin
          git remote add origin https://${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git
          git checkout -b ci/auto_update
      - name: Update flake inputs
        run: |
          nix flake update --commit-lock-file --accept-flake-config
      - name: Update cargo.lock
        run: |
          nix run --accept-flake-config .#packages.x86_64-linux.devenv shell -- cargo update
          git add Cargo.lock Cargo.toml
          git diff --cached --quiet || git commit -m "build:update Cargo.lock & Cargo.toml"
      - name: Push changes to remote
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          git push --force --set-upstream origin ci/auto_update
          gh pr create --title "CI:Auto Update" --body "Automatic update from CI" || true
          gh pr merge --rebase --auto
          gh workflow run report-and-push.yml --ref 'ci/auto_update'