m3tam3re/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
109cfbd515e5ea00786309d28b0f01fd5185514f
nixpkgs/.gitea/workflows/nix-update.yml
m3tm3re 109cfbd515 wf test
2026-01-18 07:17:32 +01:00

205 lines
6.7 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Update Nix Packages with nix-update
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch: # Allow manual triggering
inputs:
package:
description: "Specific package to update (optional)"
required: false
type: string
env:
GIT_AUTHOR_NAME: "nix-update bot"
GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
GIT_COMMITTER_NAME: "nix-update bot"
GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
GIT_TERMINAL_PROMPT: "0"
jobs:
nix-update:
runs-on: nixos
steps:
- name: Configure Authentication (.netrc)
run: |
# Configure .netrc for seamless authentication
# This bypasses git credential helpers and works reliably in CI environments
cat <<NETRC > $HOME/.netrc
machine code.m3ta.dev
login m3tam3re
password ${{ secrets.NIX_UPDATE_TOKEN }}
NETRC
chmod 600 $HOME/.netrc
- name: Checkout repository
run: |
if [ -d "/tmp/nixpkgs" ]; then
rm -rf /tmp/nixpkgs
fi
# Clone using the HTTPS URL (auth handled by .netrc)
git clone --no-single-branch \
"https://code.m3ta.dev/m3tam3re/nixpkgs.git" \
/tmp/nixpkgs
cd /tmp/nixpkgs
git config user.name "${{ env.GIT_AUTHOR_NAME }}"
git config user.email "${{ env.GIT_AUTHOR_EMAIL }}"
git config init.defaultBranch master
git status
git log --oneline -5
- name: Check for available packages to update
id: check-packages
run: |
cd /tmp/nixpkgs
if [ -d "pkgs" ]; then
echo "Packages found."
else
echo "pkgs directory not found"
exit 1
fi
if [ -f "flake.nix" ]; then
echo "has_flake=true" >> $GITHUB_OUTPUT
else
echo "has_flake=false" >> $GITHUB_OUTPUT
fi
- name: Update packages
id: update
run: |
cd /tmp/nixpkgs
set -e
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BRANCH_NAME="nix-update-${TIMESTAMP}"
git checkout -b "${BRANCH_NAME}"
UPDATES_FOUND=false
UPDATED_PACKAGES=""
check_commit() {
local pkg=$1
local before=$2
local after=$(git rev-parse HEAD)
if [ "$before" != "$after" ]; then
echo "true"
else
echo "false"
fi
}
if [ -n "${{ inputs.package }}" ]; then
echo "Updating specific package: ${{ inputs.package }}"
if [ -d "pkgs/${{ inputs.package }}" ]; then
BEFORE_HASH=$(git rev-parse HEAD)
if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then
if [ "$(check_commit "${{ inputs.package }}" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true
UPDATED_PACKAGES="${{ inputs.package }}"
echo "✓ Updated ${{ inputs.package }}"
fi
fi
else
echo "✗ Package directory pkgs/${{ inputs.package }} not found"
fi
else
echo "Checking all packages..."
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
if [ -z "$PACKAGES" ]; then
echo "No packages found to update"
echo "has_updates=false" >> $GITHUB_OUTPUT
exit 0
fi
for pkg in $PACKAGES; do
echo "Checking $pkg..."
BEFORE_HASH=$(git rev-parse HEAD)
if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then
if [ "$(check_commit "$pkg" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true
UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg"
echo "✓ Updated $pkg"
fi
fi
done
fi
UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //')
COMMIT_COUNT=$(git rev-list --count master..HEAD)
if [ "$COMMIT_COUNT" -gt 0 ]; then
echo "✓ $COMMIT_COUNT updates committed"
echo "has_updates=true" >> $GITHUB_OUTPUT
echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
else
echo " No package updates found"
echo "has_updates=false" >> $GITHUB_OUTPUT
git checkout master
git branch -D "${BRANCH_NAME}" 2>/dev/null || true
fi
- name: Verify packages build
if: steps.update.outputs.has_updates == 'true'
run: |
cd /tmp/nixpkgs
PACKAGES="${{ steps.update.outputs.updated_packages }}"
IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES"
for pkg in "${PKG_ARRAY[@]}"; do
echo "Building $pkg..."
if ! nix build .#$pkg; then
echo "❌ Build failed for $pkg"
exit 1
fi
done
- name: Push branch and create pull request
if: steps.update.outputs.has_updates == 'true'
run: |
cd /tmp/nixpkgs
BRANCH="${{ steps.update.outputs.branch_name }}"
PACKAGES="${{ steps.update.outputs.updated_packages }}"
echo "Pushing branch ${BRANCH}..."
# Authentication is handled by .netrc
git push origin "${BRANCH}"
echo "Creating pull request..."
if ! command -v tea &> /dev/null; then
echo "Error: tea not found"
exit 1
fi
tea login delete m3ta >/dev/null 2>&1 || true
tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /')
tea pr create \
--head "${BRANCH}" \
--base master \
--title "chore: update packages with nix-update" \
--body "$(printf "Automated package updates using nix-update.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \
--assignees m3tam3re \
--labels automated-update || echo "PR creation failed"
# Cleanup
rm -f $HOME/.netrc
- name: Summary
if: always()
run: |
if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then
echo "✅ Success: ${{ steps.update.outputs.updated_packages }}"
else
echo " No updates"
fi
Reference in New Issue View Git Blame Copy Permalink