Update Nix Flakes #24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Update Nix Flakes | |
on: | |
schedule: | |
# run every 3 days at midnight | |
- cron: "0 0 * * */3" | |
workflow_dispatch: | |
jobs: | |
get-flakes: | |
if: github.repository_owner == 'ibis-project' | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.get-flakes.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v24 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: generate flake matrix | |
id: get-flakes | |
run: | | |
set -euo pipefail | |
flakes="$(nix flake metadata --json | jq -rcM '.locks.nodes.root.inputs | {flake: keys}')" | |
echo "matrix=${flakes}" >> "$GITHUB_OUTPUT" | |
flake-update: | |
if: github.repository_owner == 'ibis-project' | |
runs-on: ubuntu-latest | |
needs: | |
- get-flakes | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.get-flakes.outputs.matrix) }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/install-nix-action@v24 | |
with: | |
extra_nix_config: | | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: setup cachix | |
uses: cachix/cachix-action@v13 | |
with: | |
name: ibis | |
extraPullNames: nix-community,poetry2nix | |
- uses: cpcloud/flake-dep-info-action@v2.0.11 | |
id: get_current_commit | |
with: | |
input: ${{ matrix.flake }} | |
- name: update ${{ matrix.flake }} | |
run: nix flake update ${{ matrix.flake }} | |
- uses: cpcloud/flake-dep-info-action@v2.0.11 | |
id: get_new_commit | |
with: | |
input: ${{ matrix.flake }} | |
- name: create an output indicating whether a PR is needed | |
id: needs_pr | |
run: echo "did_change=${{ steps.get_current_commit.outputs.rev != steps.get_new_commit.outputs.rev }}" >> "$GITHUB_OUTPUT" | |
- uses: tibdex/github-app-token@v2 | |
if: fromJSON(steps.needs_pr.outputs.did_change) | |
id: generate_pr_token | |
with: | |
app_id: ${{ secrets.SQUAWK_BOT_APP_ID }} | |
private_key: ${{ secrets.SQUAWK_BOT_APP_PRIVATE_KEY }} | |
- uses: tibdex/github-app-token@v2 | |
if: fromJSON(steps.needs_pr.outputs.did_change) | |
id: generate_pr_approval_token | |
with: | |
app_id: ${{ secrets.PR_APPROVAL_BOT_APP_ID }} | |
private_key: ${{ secrets.PR_APPROVAL_BOT_APP_PRIVATE_KEY }} | |
- uses: cpcloud/compare-commits-action@v5.0.37 | |
if: fromJSON(steps.needs_pr.outputs.did_change) | |
id: compare_commits | |
with: | |
token: ${{ steps.generate_pr_token.outputs.token }} | |
owner: ${{ steps.get_new_commit.outputs.owner }} | |
repo: ${{ steps.get_new_commit.outputs.repo }} | |
basehead: ${{ steps.get_current_commit.outputs.rev }}...${{ steps.get_new_commit.outputs.rev }} | |
include-merge-commits: false | |
- uses: peter-evans/create-pull-request@v5 | |
if: fromJSON(steps.needs_pr.outputs.did_change) | |
id: create_pr | |
with: | |
token: ${{ steps.generate_pr_token.outputs.token }} | |
commit-message: "chore(flake/${{ matrix.flake }}): `${{ steps.get_current_commit.outputs.short-rev }}` -> `${{ steps.get_new_commit.outputs.short-rev }}`" | |
branch: "create-pull-request/update-${{ matrix.flake }}" | |
delete-branch: true | |
author: "ibis-squawk-bot[bot] <ibis-squawk-bot[bot]@users.noreply.github.com>" | |
title: "chore(flake/${{ matrix.flake }}): `${{ steps.get_current_commit.outputs.short-rev }}` -> `${{ steps.get_new_commit.outputs.short-rev }}`" | |
body: ${{ steps.compare_commits.outputs.differences }} | |
labels: dependencies,nix | |
- uses: juliangruber/approve-pull-request-action@v2.0.4 | |
if: fromJSON(steps.needs_pr.outputs.did_change) | |
with: | |
github-token: ${{ steps.generate_pr_approval_token.outputs.token }} | |
number: ${{ steps.create_pr.outputs.pull-request-number }} | |
- uses: peter-evans/enable-pull-request-automerge@v3 | |
if: fromJSON(steps.needs_pr.outputs.did_change) | |
with: | |
token: ${{ steps.generate_pr_token.outputs.token }} | |
pull-request-number: ${{ steps.create_pr.outputs.pull-request-number }} | |
merge-method: rebase |