m3tam3re/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cc9e70d6d6b5d669cb01d071652ede83a0448951
nixpkgs/.gitea/workflows/nix-update.yml
m3tm3re cc9e70d6d6 wf test
2026-01-18 07:12:45 +01:00

212 lines
7.2 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Update Nix Packages with nix-update
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch: # Allow manual triggering
inputs:
package:
description: "Specific package to update (optional)"
required: false
type: string
env:
GIT_AUTHOR_NAME: "nix-update bot"
GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
GIT_COMMITTER_NAME: "nix-update bot"
GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
GIT_TERMINAL_PROMPT: "0"
GIT_ASKPASS: "/bin/echo"
jobs:
nix-update:
runs-on: nixos
steps:
- name: Checkout repository
run: |
# Clean up any previous runs
if [ -d "/tmp/nixpkgs" ]; then
rm -rf /tmp/nixpkgs
fi
# 1. Configure Credentials Globally using a Credential Helper Script
# This is the most robust way to handle auth without leaking tokens in `ps` output
# and ensuring it works for all git commands (clone, push, submodules)
# Create a dummy askpass script that returns the password (token)
echo 'echo "${{ secrets.NIX_UPDATE_TOKEN }}"' > /tmp/git-askpass-helper.sh
chmod +x /tmp/git-askpass-helper.sh
export GIT_ASKPASS="/tmp/git-askpass-helper.sh"
# Clone using the username 'm3tam3re' explicitly.
# Gitea PATs usually require the username to match the token owner for write operations.
git clone --no-single-branch \
"https://m3tam3re@code.m3ta.dev/m3tam3re/nixpkgs.git" \
/tmp/nixpkgs
cd /tmp/nixpkgs
# Configure local git user
git config user.name "${{ env.GIT_AUTHOR_NAME }}"
git config user.email "${{ env.GIT_AUTHOR_EMAIL }}"
git config init.defaultBranch master
# Verify checkout
git status
git log --oneline -5
- name: Check for available packages to update
id: check-packages
run: |
cd /tmp/nixpkgs
if [ -d "pkgs" ]; then
echo "Packages found."
else
echo "pkgs directory not found"
exit 1
fi
# Check if flake.nix exists
if [ -f "flake.nix" ]; then
echo "has_flake=true" >> $GITHUB_OUTPUT
else
echo "has_flake=false" >> $GITHUB_OUTPUT
fi
- name: Update packages
id: update
run: |
cd /tmp/nixpkgs
set -e
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BRANCH_NAME="nix-update-${TIMESTAMP}"
git checkout -b "${BRANCH_NAME}"
UPDATES_FOUND=false
UPDATED_PACKAGES=""
check_commit() {
local pkg=$1
local before=$2
local after=$(git rev-parse HEAD)
if [ "$before" != "$after" ]; then
echo "true"
else
echo "false"
fi
}
if [ -n "${{ inputs.package }}" ]; then
echo "Updating specific package: ${{ inputs.package }}"
if [ -d "pkgs/${{ inputs.package }}" ]; then
BEFORE_HASH=$(git rev-parse HEAD)
if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then
if [ "$(check_commit "${{ inputs.package }}" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true
UPDATED_PACKAGES="${{ inputs.package }}"
echo "✓ Updated ${{ inputs.package }}"
fi
fi
else
echo "✗ Package directory pkgs/${{ inputs.package }} not found"
fi
else
echo "Checking all packages..."
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
if [ -z "$PACKAGES" ]; then
echo "No packages found to update"
echo "has_updates=false" >> $GITHUB_OUTPUT
exit 0
fi
for pkg in $PACKAGES; do
echo "Checking $pkg..."
BEFORE_HASH=$(git rev-parse HEAD)
if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then
if [ "$(check_commit "$pkg" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true
UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg"
echo "✓ Updated $pkg"
fi
fi
done
fi
UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //')
COMMIT_COUNT=$(git rev-list --count master..HEAD)
if [ "$COMMIT_COUNT" -gt 0 ]; then
echo "✓ $COMMIT_COUNT updates committed"
echo "has_updates=true" >> $GITHUB_OUTPUT
echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
else
echo " No package updates found"
echo "has_updates=false" >> $GITHUB_OUTPUT
git checkout master
git branch -D "${BRANCH_NAME}" 2>/dev/null || true
fi
- name: Verify packages build
if: steps.update.outputs.has_updates == 'true'
run: |
cd /tmp/nixpkgs
PACKAGES="${{ steps.update.outputs.updated_packages }}"
IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES"
for pkg in "${PKG_ARRAY[@]}"; do
echo "Building $pkg..."
if ! nix build .#$pkg; then
echo "❌ Build failed for $pkg"
exit 1
fi
done
- name: Push branch and create pull request
if: steps.update.outputs.has_updates == 'true'
run: |
cd /tmp/nixpkgs
BRANCH="${{ steps.update.outputs.branch_name }}"
PACKAGES="${{ steps.update.outputs.updated_packages }}"
# Re-export the helper for this step just in case
export GIT_ASKPASS="/tmp/git-askpass-helper.sh"
echo "Pushing branch ${BRANCH}..."
git push origin "${BRANCH}"
echo "Creating pull request..."
if ! command -v tea &> /dev/null; then
echo "Error: tea not found"
exit 1
fi
# Reset tea login
tea login delete m3ta >/dev/null 2>&1 || true
tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /')
tea pr create \
--head "${BRANCH}" \
--base master \
--title "chore: update packages with nix-update" \
--body "$(printf "Automated package updates using nix-update.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \
--assignees m3tam3re \
--labels automated-update || echo "PR creation failed"
# Cleanup
rm -f /tmp/git-askpass-helper.sh
- name: Summary
if: always()
run: |
if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then
echo "✅ Success: ${{ steps.update.outputs.updated_packages }}"
else
echo " No updates"
fi
Reference in New Issue View Git Blame Copy Permalink