240 lines
8.6 KiB
YAML
240 lines
8.6 KiB
YAML
name: Update Nix Packages with nix-update
|
||
|
||
on:
|
||
schedule:
|
||
- cron: "0 2 * * *"
|
||
workflow_dispatch: # Allow manual triggering
|
||
inputs:
|
||
package:
|
||
description: "Specific package to update (optional)"
|
||
required: false
|
||
type: string
|
||
|
||
env:
|
||
GIT_AUTHOR_NAME: "nix-update bot"
|
||
GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
|
||
GIT_COMMITTER_NAME: "nix-update bot"
|
||
GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
|
||
|
||
jobs:
|
||
nix-update:
|
||
runs-on: nixos
|
||
steps:
|
||
- name: Checkout repository
|
||
run: |
|
||
# Clean up any previous runs to avoid "destination path already exists" errors
|
||
if [ -d "/tmp/nixpkgs" ]; then
|
||
echo "Cleaning up existing /tmp/nixpkgs directory..."
|
||
rm -rf /tmp/nixpkgs
|
||
fi
|
||
|
||
# Disable terminal prompts for all git operations
|
||
export GIT_TERMINAL_PROMPT=0
|
||
export GIT_ASKPASS="/bin/echo"
|
||
|
||
# Clone repository with token authentication
|
||
git clone --no-single-branch \
|
||
"https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git" \
|
||
/tmp/nixpkgs
|
||
|
||
cd /tmp/nixpkgs
|
||
|
||
# Configure git author/committer (local to this repo)
|
||
# Removing --global to avoid polluting the runner's user config
|
||
git config user.name "${{ env.GIT_AUTHOR_NAME }}"
|
||
git config user.email "${{ env.GIT_AUTHOR_EMAIL }}"
|
||
git config init.defaultBranch master
|
||
|
||
# Verify checkout
|
||
git status
|
||
git log --oneline -5
|
||
|
||
- name: Check for available packages to update
|
||
id: check-packages
|
||
run: |
|
||
cd /tmp/nixpkgs
|
||
echo "Found packages in pkgs/ directory:"
|
||
if [ -d "pkgs" ]; then
|
||
find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix | grep -v AGENTS.md || echo "No packages found"
|
||
else
|
||
echo "pkgs directory not found"
|
||
fi
|
||
|
||
# Check if flake.nix exists
|
||
if [ -f "flake.nix" ]; then
|
||
echo "✓ Found flake.nix"
|
||
echo "has_flake=true" >> $GITHUB_OUTPUT
|
||
else
|
||
echo "✗ No flake.nix found"
|
||
echo "has_flake=false" >> $GITHUB_OUTPUT
|
||
fi
|
||
|
||
- name: Update packages
|
||
id: update
|
||
run: |
|
||
cd /tmp/nixpkgs
|
||
set -e
|
||
|
||
# Create timestamp for branch naming
|
||
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
|
||
BRANCH_NAME="nix-update-${TIMESTAMP}"
|
||
|
||
# Create and checkout new branch
|
||
git checkout -b "${BRANCH_NAME}"
|
||
|
||
# Track if any packages were updated
|
||
UPDATES_FOUND=false
|
||
UPDATED_PACKAGES=""
|
||
|
||
# Check if specific package was requested
|
||
if [ -n "${{ inputs.package }}" ]; then
|
||
echo "Updating specific package: ${{ inputs.package }}"
|
||
if [ -d "pkgs/${{ inputs.package }}" ]; then
|
||
if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then
|
||
UPDATES_FOUND=true
|
||
UPDATED_PACKAGES="${{ inputs.package }}"
|
||
echo "✓ Updated ${{ inputs.package }}"
|
||
else
|
||
echo "ℹ️ Package ${{ inputs.package }} update failed or not needed"
|
||
cat /tmp/update.log
|
||
fi
|
||
else
|
||
echo "✗ Package directory pkgs/${{ inputs.package }} not found"
|
||
fi
|
||
else
|
||
echo "Checking all packages for updates..."
|
||
|
||
# Get list of package directories (exclude default.nix and AGENTS.md)
|
||
if [ -d "pkgs" ]; then
|
||
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
|
||
else
|
||
PACKAGES=""
|
||
fi
|
||
|
||
if [ -z "$PACKAGES" ]; then
|
||
echo "No packages found to update"
|
||
echo "has_updates=false" >> $GITHUB_OUTPUT
|
||
exit 0
|
||
fi
|
||
|
||
# Update each package
|
||
for pkg in $PACKAGES; do
|
||
echo ""
|
||
echo "━━━ Checking $pkg ━━━"
|
||
if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then
|
||
UPDATES_FOUND=true
|
||
UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg"
|
||
echo "✓ Updated $pkg"
|
||
else
|
||
# Check if it was actually an update or just "already up to date"
|
||
if grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then
|
||
echo "ℹ️ $pkg already up to date"
|
||
else
|
||
echo "⚠️ Update check for $pkg failed:"
|
||
cat /tmp/update-${pkg}.log
|
||
fi
|
||
fi
|
||
done
|
||
fi
|
||
|
||
# Remove trailing comma from package list
|
||
UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //')
|
||
|
||
# Check if there are any changes
|
||
if [ "$UPDATES_FOUND" = "true" ]; then
|
||
echo ""
|
||
echo "━━━ Summary ━━━"
|
||
echo "✓ Package updates found: $UPDATED_PACKAGES"
|
||
echo "has_updates=true" >> $GITHUB_OUTPUT
|
||
echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT
|
||
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
|
||
|
||
# Check if there are actual git changes
|
||
if git diff-index --quiet HEAD --; then
|
||
echo "⚠️ No actual git changes detected despite nix-update success"
|
||
echo "has_updates=false" >> $GITHUB_OUTPUT
|
||
else
|
||
echo "✓ Git changes detected"
|
||
git status
|
||
fi
|
||
else
|
||
echo ""
|
||
echo "━━━ Summary ━━━"
|
||
echo "ℹ️ No package updates found"
|
||
echo "has_updates=false" >> $GITHUB_OUTPUT
|
||
# Switch back to master if no updates
|
||
git checkout master
|
||
git branch -D "${BRANCH_NAME}" 2>/dev/null || true
|
||
fi
|
||
|
||
- name: Verify packages build
|
||
if: steps.update.outputs.has_updates == 'true'
|
||
run: |
|
||
cd /tmp/nixpkgs
|
||
PACKAGES="${{ steps.update.outputs.updated_packages }}"
|
||
echo "Verifying builds for: $PACKAGES"
|
||
|
||
# Parse comma-separated package list
|
||
IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES"
|
||
for pkg in "${PKG_ARRAY[@]}"; do
|
||
echo "━━━ Building $pkg ━━━"
|
||
if nix build .#$pkg; then
|
||
echo "✓ $pkg built successfully"
|
||
else
|
||
echo "❌ Build failed for $pkg"
|
||
exit 1
|
||
fi
|
||
done
|
||
|
||
- name: Push branch and create pull request
|
||
if: steps.update.outputs.has_updates == 'true'
|
||
run: |
|
||
cd /tmp/nixpkgs
|
||
BRANCH="${{ steps.update.outputs.branch_name }}"
|
||
PACKAGES="${{ steps.update.outputs.updated_packages }}"
|
||
|
||
echo "Pushing branch ${BRANCH}..."
|
||
|
||
# Push the branch
|
||
git push origin "${BRANCH}" || (git fetch origin "${BRANCH}" 2>/dev/null && git push origin "${BRANCH}" --force)
|
||
|
||
echo "Creating pull request..."
|
||
|
||
# Ensure tea is available (using host package)
|
||
if ! command -v tea &> /dev/null; then
|
||
echo "Error: tea not found in PATH"
|
||
exit 1
|
||
fi
|
||
|
||
# Authenticate tea if needed
|
||
if ! tea login list | grep -q "code.m3ta.dev"; then
|
||
echo "Adding tea login..."
|
||
tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
|
||
fi
|
||
|
||
# Get commit messages for PR description
|
||
COMMITS=$(git log origin/master..origin/"${BRANCH}" --pretty=format:"%h %s" | sed 's/^/- /')
|
||
|
||
# Create PR
|
||
tea pr create \
|
||
--head "${BRANCH}" \
|
||
--base master \
|
||
--title "chore: update packages with nix-update" \
|
||
--body "$(printf "Automated package updates using nix-update.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \
|
||
--assignees m3tam3re \
|
||
--labels automated-update || echo "Failed to create PR. Please create manually."
|
||
|
||
echo "✓ Pull request created or branch pushed: ${BRANCH}"
|
||
|
||
- name: Summary
|
||
if: always()
|
||
run: |
|
||
echo "━━━ Workflow Summary ━━━"
|
||
if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then
|
||
echo "✅ Successfully updated packages"
|
||
echo "Branch: ${{ steps.update.outputs.branch_name }}"
|
||
echo "Packages: ${{ steps.update.outputs.updated_packages }}"
|
||
else
|
||
echo "ℹ️ No package updates needed or found"
|
||
fi
|