Update lock file #5999
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Update lock file" | |
on: | |
schedule: | |
- cron: "0 */6 * * *" | |
workflow_dispatch: | |
jobs: | |
tests: | |
runs-on: ubuntu-24.04 | |
steps: | |
- name: Checkout the repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Generate a GitHub App token | |
uses: actions/create-github-app-token@v1 | |
id: generate-token | |
with: | |
app-id: ${{ secrets.APP_ID }} | |
private-key: ${{ secrets.APP_PRIVATE_KEY }} | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- name: Setup Git author | |
run: | | |
git config user.name 'GitHub Actions' | |
git config user.email 'noreply@github.com' | |
- name: Update lock file | |
run: nix flake update --no-registries --commit-lock-file | |
- name: Get commit message | |
id: commit | |
run: | | |
delimiter="$(openssl rand -hex 16)" | |
echo "message<<${delimiter}" >> "${GITHUB_OUTPUT}" | |
git log -1 --pretty=%B >> "${GITHUB_OUTPUT}" | |
echo "${delimiter}" >> "${GITHUB_OUTPUT}" | |
delimiter="$(openssl rand -hex 16)" | |
echo "pr<<${delimiter}" >> "${GITHUB_OUTPUT}" | |
git log -1 --pretty=%B | tail +3 | awk -f ./misc/flake-to-markdown.awk >> "${GITHUB_OUTPUT}" | |
echo "${delimiter}" >> "${GITHUB_OUTPUT}" | |
# Undo the commit as the action will do a new commit with signing using the GH API | |
- name: Undo the latest commit | |
run: git reset --soft "${{ github.sha }}" | |
- name: Create Pull Request | |
uses: peter-evans/create-pull-request@v7.0.6 | |
with: | |
token: "${{ steps.generate-token.outputs.token }}" | |
title: "Automated Flake update" | |
body: "${{ steps.commit.outputs.pr }}" | |
commit-message: "${{ steps.commit.outputs.message }}" | |
add-paths: | | |
flake.lock | |
delete-branch: true | |
sign-commits: true |