update-scripts: move update logic from CI to dedicated script

2025-06-21 00:25:42 +02:00 · 2025-05-22 17:02:06 +01:00 · 2025-05-22 17:02:06 +01:00 · 132c1611f6
commit 132c1611f6
parent 7a4c70c55f
3 changed files with 76 additions and 35 deletions
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@ -6,14 +6,10 @@ on:
  # Allow manual triggering
  workflow_dispatch:
    inputs:
-      root_lock:
+      update_lock:
        type: boolean
        default: true
-        description: Update root flake.lock
-      dev_lock:
-        type: boolean
-        default: true
-        description: Update dev flake.lock
+        description: Update flake.lock files
      generate:
        type: boolean
        default: true
@ -106,34 +102,12 @@ jobs:
          git fetch origin "$pr_branch"
          git branch --set-upstream-to "origin/$pr_branch"

-      - name: Update root flake.lock
-        id: root_flake_lock
-        if: inputs.root_lock || github.event_name == 'schedule'
+      - name: Update flake.lock files
+        id: update_flake_lock
+        if: inputs.update_lock || github.event_name == 'schedule'
        run: |
-          old=$(git show --no-patch --format=%h)
-          nix flake update --commit-lock-file
-          new=$(git show --no-patch --format=%h)
-          if [ "$old" != "$new" ]; then
-            echo "body<<EOF" >> "$GITHUB_OUTPUT"
-            git show --no-patch --format=%b >> "$GITHUB_OUTPUT"
-            echo "EOF" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Update dev flake.lock
-        id: dev_flake_lock
-        if: inputs.dev_lock || github.event_name == 'schedule'
-        run: |
-          root_nixpkgs=$(nix eval --raw --file . 'inputs.nixpkgs.rev')
-          old=$(git show --no-patch --format=%h)
-          nix flake update --commit-lock-file \
-              --override-input 'dev-nixpkgs' "github:NixOS/nixpkgs/$root_nixpkgs" \
-              --flake './flake/dev'
-          new=$(git show --no-patch --format=%h)
-          if [ "$old" != "$new" ]; then
-            echo "body<<EOF" >> "$GITHUB_OUTPUT"
-            git show --no-patch --format=%b >> "$GITHUB_OUTPUT"
-            echo "EOF" >> "$GITHUB_OUTPUT"
-          fi
+          nix-build ./update-scripts -A update
+          ./result/bin/update --commit --github-output

      - name: Update generated files
        id: generate
@ -209,8 +183,8 @@ jobs:
          pr_num: ${{ steps.open_pr_info.outputs.number }}
          title: |
            [${{ github.ref_name }}] Update flake.lock & generated files
-          root_lock: ${{ steps.root_flake_lock.outputs.body }}
-          dev_lock: ${{ steps.dev_flake_lock.outputs.body }}
+          root_lock: ${{ steps.update_flake_lock.outputs.root_lock_body }}
+          dev_lock: ${{ steps.update_flake_lock.outputs.dev_lock_body }}
          generated: ${{ steps.generate.outputs.body }}
        run: |
          echo "Pushing to remote branch $pr_branch"
--- a/update-scripts/default.nix
+++ b/update-scripts/default.nix
@ -9,6 +9,8 @@ lib.fix (self: {
  default = self.generate;
  generate = lib.callPackageWith (pkgs // self) ./generate.nix { };

+  update = lib.callPackageWith (pkgs // self) ./update.nix { };
+
  # A shell that has the generate script
  shell = pkgs.mkShell { nativeBuildInputs = [ self.generate ]; };

--- a/update-scripts/update.nix
+++ b/update-scripts/update.nix
@ -0,0 +1,65 @@
+{
+  nix,
+  writeShellApplication,
+}:
+writeShellApplication {
+  name = "update";
+
+  runtimeInputs = [
+    nix
+  ];
+
+  text = ''
+    commit=
+    use_github_output=
+    while [ $# -gt 0 ]; do
+      case "$1" in
+      --commit) commit=1
+        ;;
+      --github-output) use_github_output=1
+        ;;
+      --*) echo "unknown option $1"
+        ;;
+      *) echo "unexpected argument $1"
+        ;;
+      esac
+      shift
+    done
+
+    update_args=( )
+    if [ -n "$commit" ]; then
+      update_args+=( "--commit-lock-file" )
+    fi
+
+    writeGitHubOutput() {
+      if [ -n "$use_github_output" ]; then
+        (
+          echo "$1<<EOF"
+          git show --no-patch --format=%b
+          echo "EOF"
+        ) >> "$GITHUB_OUTPUT"
+      fi
+    }
+
+    # Update the root lockfile
+    old=$(git show --no-patch --format=%h)
+    echo "Updating root lockfile"
+    nix flake update "''${update_args[@]}"
+    new=$(git show --no-patch --format=%h)
+    if [ "$old" != "$new" ]; then
+      writeGitHubOutput root_lock_body
+    fi
+
+    # Update the dev lockfile
+    root_nixpkgs=$(nix eval --raw --file . 'inputs.nixpkgs.rev')
+    old=$(git show --no-patch --format=%h)
+    echo "Updating dev lockfile"
+    nix flake update "''${update_args[@]}" \
+        --override-input 'dev-nixpkgs' "github:NixOS/nixpkgs/$root_nixpkgs" \
+        --flake './flake/dev'
+    new=$(git show --no-patch --format=%h)
+    if [ "$old" != "$new" ]; then
+      writeGitHubOutput dev_lock_body
+    fi
+  '';
+}