diff --git a/.gitea/workflows/nix-update.yml b/.gitea/workflows/nix-update.yml index 5b059f6..c0d9ad4 100644 --- a/.gitea/workflows/nix-update.yml +++ b/.gitea/workflows/nix-update.yml @@ -15,7 +15,7 @@ env: GIT_AUTHOR_EMAIL: "bot@m3ta.dev" GIT_COMMITTER_NAME: "nix-update bot" GIT_COMMITTER_EMAIL: "bot@m3ta.dev" - REPO_DIR: "/tmp/nixpkgs" # Centralized workspace path + REPO_DIR: "/tmp/nixpkgs" jobs: nix-update: @@ -23,34 +23,18 @@ jobs: steps: - name: Setup Environment and Authenticate run: | - # 1. Clean Workspace if [ -d "$REPO_DIR" ]; then rm -rf "$REPO_DIR"; fi - # 2. Configure Git Credentials - # Using 'store' helper is robust and avoids interactive prompts git config --global credential.helper store echo "https://m3tam3re:${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev" > ~/.git-credentials chmod 600 ~/.git-credentials - # 3. Configure Git Identity git config --global user.name "$GIT_AUTHOR_NAME" git config --global user.email "$GIT_AUTHOR_EMAIL" git config --global init.defaultBranch master - # 4. Verify Authentication (Fail fast) - if command -v tea &> /dev/null; then - echo "Verifying API access..." - tea login delete m3ta >/dev/null 2>&1 || true - if ! tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"; then - echo "❌ Authentication failed. Check NIX_UPDATE_TOKEN." - exit 1 - fi - echo "✓ Authentication successful." - fi - - name: Checkout Repository run: | - # Clone using explicit username to match credentials git clone --no-single-branch \ "https://m3tam3re@code.m3ta.dev/m3tam3re/nixpkgs.git" \ "$REPO_DIR" @@ -59,14 +43,11 @@ jobs: id: check run: | cd "$REPO_DIR" - - # Check for packages directory if [ ! -d "pkgs" ]; then echo "❌ Error: 'pkgs' directory not found." exit 1 fi - # Check for flake.nix if [ -f "flake.nix" ]; then echo "has_flake=true" >> $GITHUB_OUTPUT else @@ -79,15 +60,12 @@ jobs: cd "$REPO_DIR" set -e - TIMESTAMP=$(date +%Y%m%d-%H%M%S) - BRANCH_NAME="nix-update-${TIMESTAMP}" - - git checkout -b "${BRANCH_NAME}" + # Ensure we are on master + git checkout master UPDATES_FOUND=false UPDATED_PACKAGES="" - # Helper to verify commits check_commit() { [ "$1" != "$(git rev-parse HEAD)" ] && echo "true" || echo "false" } @@ -97,7 +75,6 @@ jobs: local before_hash=$(git rev-parse HEAD) echo "Checking $pkg..." - # Run nix-update, capturing output to log but allowing failure if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then if [ "$(check_commit "$before_hash")" = "true" ]; then echo "✓ Updated $pkg" @@ -105,7 +82,6 @@ jobs: fi fi - # Log failure reason if not just "up to date" if ! grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then echo "⚠️ Update failed for $pkg" fi @@ -113,7 +89,6 @@ jobs: } if [ -n "${{ inputs.package }}" ]; then - # Single package mode pkg="${{ inputs.package }}" if [ -d "pkgs/$pkg" ]; then if run_update "$pkg"; then @@ -124,7 +99,6 @@ jobs: echo "✗ Package 'pkgs/$pkg' not found" fi else - # All packages mode PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort) if [ -z "$PACKAGES" ]; then @@ -141,20 +115,16 @@ jobs: done fi - # Finalize UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //') - COMMIT_COUNT=$(git rev-list --count master..HEAD) + COMMIT_COUNT=$(git rev-list --count origin/master..HEAD) if [ "$COMMIT_COUNT" -gt 0 ]; then - echo "✓ $COMMIT_COUNT updates committed." + echo "✓ $COMMIT_COUNT updates committed locally." echo "has_updates=true" >> $GITHUB_OUTPUT echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT - echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT else echo "ℹ️ No updates found." echo "has_updates=false" >> $GITHUB_OUTPUT - git checkout master - git branch -D "${BRANCH_NAME}" 2>/dev/null || true fi - name: Verify Builds @@ -166,45 +136,36 @@ jobs: for pkg in "${PKGS[@]}"; do echo "Building $pkg..." if ! nix build .#$pkg; then - echo "❌ Build failed for $pkg" + echo "❌ Build failed for $pkg. Aborting push." exit 1 fi echo "✓ Build successful" done - - name: Push and PR + - name: Push Changes if: steps.update.outputs.has_updates == 'true' run: | cd "$REPO_DIR" - BRANCH="${{ steps.update.outputs.branch_name }}" PACKAGES="${{ steps.update.outputs.updated_packages }}" - echo "Pushing branch $BRANCH..." - git push origin "$BRANCH" + echo "Pulling latest changes (rebase)..." + git pull --rebase origin master - echo "Creating Pull Request..." - COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /') + echo "Pushing changes to master..." + git push origin master - tea pr create \ - --head "$BRANCH" \ - --base master \ - --title "chore: update packages with nix-update" \ - --body "$(printf "Automated package updates.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \ - --assignees m3tam3re \ - --labels automated-update + echo "✓ Successfully pushed updates for: $PACKAGES" - name: Cleanup Credentials - if: always() # Run even if job fails + if: always() run: | rm -f ~/.git-credentials - # Optional: Clear repo to save space - # rm -rf "$REPO_DIR" - name: Summary if: always() run: | if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then - echo "✅ Successfully updated: ${{ steps.update.outputs.updated_packages }}" + echo "✅ Successfully updated and pushed: ${{ steps.update.outputs.updated_packages }}" else echo "ℹ️ No updates required." fi