diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 1b734bda..5263cb51 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -1,4 +1,4 @@ -name: update-flake-lock +name: update on: workflow_dispatch: # allows manual triggering inputs: @@ -25,15 +25,21 @@ jobs: branch: "nixos-24.05" - selectedBranch: "nixos-24.05" branch: main + name: Update the flake inputs and generate options runs-on: ubuntu-latest timeout-minutes: 40 + + permissions: + contents: write + pull-requests: write + steps: - name: Checkout repository uses: actions/checkout@v4 with: - token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} - ref: "${{ matrix.branch }}" + ssh-key: ${{ secrets.CI_UPDATE_SSH_KEY }} + ref: ${{ matrix.branch }} - name: Install Nix uses: cachix/install-nix-action@v26 @@ -41,19 +47,74 @@ jobs: nix_path: nixpkgs=channel:nixos-unstable github_access_token: ${{ secrets.GITHUB_TOKEN }} - - name: Update flake.lock - id: update - uses: DeterminateSystems/update-flake-lock@v21 - with: - pr-title: "Update flake.lock (${{ matrix.branch }})" - token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} - branch: "update_flake_lock_action-${{ matrix.branch }}" - - # TODO: do in one checkout + push the flake.lock update & the re-generation of the files - - name: Update autogenerated files + - name: Configure git run: | - git checkout update_flake_lock_action-${{ matrix.branch }} - nix run .#generate-files - git add ./generated - git commit -m "generated: Update files" - git push + git config user.name 'github-actions[bot]' + git config user.email '41898282+github-actions[bot]@users.noreply.github.com' + + - name: Update flake.lock + id: flake_lock + run: | + old=$(git show --no-patch --format=%h) + nix flake update --commit-lock-file + new=$(git show --no-patch --format=%h) + if [ "$old" != "$new" ]; then + echo "body<> "$GITHUB_OUTPUT" + git show --no-patch --format=%b >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + fi + + - name: Update autogenerated files + id: generate + run: | + old=$(git show --no-patch --format=%h) + nix run .#generate-files -- --commit + new=$(git show --no-patch --format=%h) + if [ "$old" != "$new" ]; then + summary=$(git show --no-patch --format=%s) + echo "summary=$summary" >> "$GITHUB_OUTPUT" + echo "body<> "$GITHUB_OUTPUT" + git show --no-patch --format=%b >> "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" + fi + + - name: Create Pull Request + id: pr + uses: peter-evans/create-pull-request@v6 + with: + branch: update/${{ matrix.branch }} + base: ${{ matrix.branch }} + delete-branch: true + team-reviewers: | + nix-community/nixvim + title: | + [${{ matrix.branch }}] Update flake.lock & generated files + body: | + ## Flake lockfile + ``` + ${{ steps.flake_lock.outputs.body || 'No changes' }} + ``` + + ## Generate + ${{ steps.generate.outputs.body || steps.generate.outputs.summary || 'No changes' }} + + - name: Print summary + if: ${{ steps.pr.outputs.pull-request-number }} + run: | + num="${{ steps.pr.outputs.pull-request-number }}" + pr_url="${{ steps.pr.outputs.pull-request-url }}" + pr_branch="${{ steps.pr.outputs.pull-request-branch }}" + head="${{ steps.pr.outputs.pull-request-head-sha }}" + operation="${{ steps.pr.outputs.pull-request-operation }}" + + # stdout + echo "${head:0:6} pushed to ${pr_branch}" + echo "${pr} was ${operation}." + + # markdown summary + echo "## ${{ matrix.branch }}" >> $GITHUB_STEP_SUMMARY + echo >> $GITHUB_STEP_SUMMARY + echo "\`${head:0:6}\` pushed to \`${pr_branch}\`" >> $GITHUB_STEP_SUMMARY + echo >> $GITHUB_STEP_SUMMARY + echo "[#${num}](${pr_url}) was ${operation}." >> $GITHUB_STEP_SUMMARY + echo >> $GITHUB_STEP_SUMMARY