momo/cloud
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cloud/.forgejo/workflows/update-flake-lock.yml
b12f ec612c2b7f
Initial commit
2025-02-09 14:09:20 +01:00

118 lines
4.5 KiB
YAML
Raw Permalink Blame History

name: Update flake lock
on:
workflow_dispatch:
schedule:
- cron: '22 2 * * 6' # “At 02:22 on Saturday.”
jobs:
update_lockfile:
runs-on: self-hosted
steps:
- name: Start gpg-agent with preset passwords
run: |
GNUPGHOME=$(mktemp -d -t gnupg-$(date +%Y-%m-%d)-XXXXXXXXXX)
echo "GNUPGHOME=$GNUPGHOME" >> $GITHUB_ENV
gpg-agent --homedir $GNUPGHOME --use-standard-socket --daemon --allow-preset-passphrase
- name: Import bot's GPG key for signing commits
uses: https://github.com/crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
with:
gpg_private_key: ${{ secrets.GPG_SIGN_SUBKEY }}
fingerprint: 881FA070B6FD7B44E194B4244AB6CFF63D7B2B93
passphrase: ${{ secrets.GPG_PASSPHRASE }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Checkout repository
uses: https://code.forgejo.org/actions/checkout@v4.2.2
with:
ssh-key: ${{ secrets.REPO_DEPLOY_KEY }}
ssh-known-hosts: git.pub.solar ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkPjvF2tZ2lZtkXed6lBvaPUpsNrI5kHlCNEf4LyFtgFXHoUL8UD3Bz9Fn1S+SDkdBMw/SumjvUf7TEGqQqzmFbG7+nWdWg2L00VdN8Kp8W+kKPBByJrzjDUIGhIMt7obaZnlSAVO5Cdqc1Q6bA9POLjSHIBxSD3QUs2pjUCkciNcEtL93easuXnlMwoYa217n5sA8n+BZmOJAcmA/UxYvKsqYlpJxa44m8JgMTy+5L08i/zkx9/FwniOcKcLedxmjZfV8raitDy34LslT2nBNG4I+em7qhKhSScn/cfyPvARiK71pk/rTx9mxBEjcGAkp3+hiA3Nyms0h/qTUh8yGyhbOn8hiro34HEKswXDN1HRfseyyZ4TqOoIC07F53x4OliYA0B+QbvwOemTX2XAWHfU4xEYrIhR46o3Eu5ooOM9HZLLYzIzKjsj/rpuKalFZ+9IeT/PJ/DrbgOEBlJGTu4XucEYXSiIvWB7G9WXij7TXKYbsRAFho9jw+9UZWklFAh9dcUKlX9YxafxOrw9DhJK620hblHLY9wPPFCbZVXDGfqdtn+ncRReMAw6N3VYqxMgnxd+OC52SMsSUi9VaL26i2UvEBwNYuim8GDnVabu/ciQLHMgifBONuF9sKD58ee5nnKgtYLDy9zU86aHBU78Ijew+WhYitO7qejMHMQ==
ssh-user: gitea
- name: Update flake.lock
id: update
run: |
OLD_CLOSURE=$(nix build --print-out-paths .#nixosConfigurations.pioneer.config.system.build.toplevel)
nix flake update 2> >(tee /dev/stderr) | awk '
/^• Updated input/ {in_update = 1; print; next}
in_update && !/^warning:/ {print}
/^$/ {in_update = 0}
' > update.log
echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
cat update.log >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
rm update.log
NEW_CLOSURE=$(nix build --print-out-paths .#nixosConfigurations.pioneer.config.system.build.toplevel)
nix store diff-closures $OLD_CLOSURE $NEW_CLOSURE > closure-diff.log
echo "CLOSURE_DIFF<<EOF" >> $GITHUB_ENV
cat closure-diff.log >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
rm closure-diff.log
- name: Write PR body template
uses: https://github.com/DamianReeves/write-file-action@v1.3
with:
path: pr_body.template
contents: |
- The following Nix Flake inputs were updated:
```
${{ env.UPDATE_LOG }}
```
- Closure diff:
```
${{ env.CLOSURE_DIFF }}
```
This PR was auto-generated.
- name: Generate PR body
uses: https://github.com/pedrolamas/handlebars-action@v2.4.0 # v2.4.0
with:
files: "pr_body.template"
output-filename: "pr_body.md"
- name: Save PR body
id: pr_body
uses: https://github.com/juliangruber/read-file-action@v1
with:
path: "pr_body.md"
- name: Remove temporary files
run: |
rm pr_body.template
rm pr_body.md
- name: Create Pull Request
id: create-pull-request
uses: https://git.pub.solar/momo/create-pull-request@8d7a4dadfdbe7b12599ea2581ee9b3b69688688b
with:
token: ${{ secrets.MOMO_BOT_ACCESS_TOKEN }}
body: ${{ steps.pr_body.outputs.content }}
author: '"momo-bot" <no-reply@momo.koeln>'
committer: '"momo-bot" <no-reply@momo.koeln>'
title: 'automated: Update `flake.lock`'
commit-message: |
automated: Update `flake.lock`
${{ steps.pr_body.outputs.content }}
base: main
branch: update-flake-lock
delete-branch: true
- name: Print PR number
run: |
echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
Reference in a new issue View git blame Copy permalink