m3tam3re/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wf test

Browse Source
This commit is contained in:
m3tm3re
2026-01-18 07:33:27 +01:00
parent 7639adc36f
commit 6398637353
1 changed files with 14 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
.gitea/workflows/nix-update.yml
View File

@@ -15,7 +15,7 @@ env:
GIT_AUTHOR_EMAIL: "bot@m3ta.dev" GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
GIT_COMMITTER_NAME: "nix-update bot" GIT_COMMITTER_NAME: "nix-update bot"
GIT_COMMITTER_EMAIL: "bot@m3ta.dev" GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
REPO_DIR: "/tmp/nixpkgs" # Centralized workspace path REPO_DIR: "/tmp/nixpkgs"
jobs: jobs:
nix-update: nix-update:
@@ -23,34 +23,18 @@ jobs:
steps: steps:
- name: Setup Environment and Authenticate - name: Setup Environment and Authenticate
run: | run: |
# 1. Clean Workspace
if [ -d "$REPO_DIR" ]; then rm -rf "$REPO_DIR"; fi if [ -d "$REPO_DIR" ]; then rm -rf "$REPO_DIR"; fi
# 2. Configure Git Credentials
# Using 'store' helper is robust and avoids interactive prompts
git config --global credential.helper store git config --global credential.helper store
echo "https://m3tam3re:${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev" > ~/.git-credentials echo "https://m3tam3re:${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev" > ~/.git-credentials
chmod 600 ~/.git-credentials chmod 600 ~/.git-credentials
# 3. Configure Git Identity
git config --global user.name "$GIT_AUTHOR_NAME" git config --global user.name "$GIT_AUTHOR_NAME"
git config --global user.email "$GIT_AUTHOR_EMAIL" git config --global user.email "$GIT_AUTHOR_EMAIL"
git config --global init.defaultBranch master git config --global init.defaultBranch master
# 4. Verify Authentication (Fail fast)
if command -v tea &> /dev/null; then
echo "Verifying API access..."
tea login delete m3ta >/dev/null 2>&1 || true
if ! tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"; then
echo "❌ Authentication failed. Check NIX_UPDATE_TOKEN."
exit 1
fi
echo "✓ Authentication successful."
fi
- name: Checkout Repository - name: Checkout Repository
run: | run: |
# Clone using explicit username to match credentials
git clone --no-single-branch \ git clone --no-single-branch \
"https://m3tam3re@code.m3ta.dev/m3tam3re/nixpkgs.git" \ "https://m3tam3re@code.m3ta.dev/m3tam3re/nixpkgs.git" \
"$REPO_DIR" "$REPO_DIR"
@@ -59,14 +43,11 @@ jobs:
id: check id: check
run: | run: |
cd "$REPO_DIR" cd "$REPO_DIR"
# Check for packages directory
if [ ! -d "pkgs" ]; then if [ ! -d "pkgs" ]; then
echo "❌ Error: 'pkgs' directory not found." echo "❌ Error: 'pkgs' directory not found."
exit 1 exit 1
fi fi
# Check for flake.nix
if [ -f "flake.nix" ]; then if [ -f "flake.nix" ]; then
echo "has_flake=true" >> $GITHUB_OUTPUT echo "has_flake=true" >> $GITHUB_OUTPUT
else else
@@ -79,15 +60,12 @@ jobs:
cd "$REPO_DIR" cd "$REPO_DIR"
set -e set -e
TIMESTAMP=$(date +%Y%m%d-%H%M%S) # Ensure we are on master
BRANCH_NAME="nix-update-${TIMESTAMP}" git checkout master
git checkout -b "${BRANCH_NAME}"
UPDATES_FOUND=false UPDATES_FOUND=false
UPDATED_PACKAGES="" UPDATED_PACKAGES=""
# Helper to verify commits
check_commit() { check_commit() {
[ "$1" != "$(git rev-parse HEAD)" ] && echo "true" || echo "false" [ "$1" != "$(git rev-parse HEAD)" ] && echo "true" || echo "false"
} }
@@ -97,7 +75,6 @@ jobs:
local before_hash=$(git rev-parse HEAD) local before_hash=$(git rev-parse HEAD)
echo "Checking $pkg..." echo "Checking $pkg..."
# Run nix-update, capturing output to log but allowing failure
if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then
if [ "$(check_commit "$before_hash")" = "true" ]; then if [ "$(check_commit "$before_hash")" = "true" ]; then
echo "✓ Updated $pkg" echo "✓ Updated $pkg"
@@ -105,7 +82,6 @@ jobs:
fi fi
fi fi
# Log failure reason if not just "up to date"
if ! grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then if ! grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then
echo "⚠️ Update failed for $pkg" echo "⚠️ Update failed for $pkg"
fi fi
@@ -113,7 +89,6 @@ jobs:
} }
if [ -n "${{ inputs.package }}" ]; then if [ -n "${{ inputs.package }}" ]; then
# Single package mode
pkg="${{ inputs.package }}" pkg="${{ inputs.package }}"
if [ -d "pkgs/$pkg" ]; then if [ -d "pkgs/$pkg" ]; then
if run_update "$pkg"; then if run_update "$pkg"; then
@@ -124,7 +99,6 @@ jobs:
echo "✗ Package 'pkgs/$pkg' not found" echo "✗ Package 'pkgs/$pkg' not found"
fi fi
else else
# All packages mode
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort) PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
if [ -z "$PACKAGES" ]; then if [ -z "$PACKAGES" ]; then
@@ -141,20 +115,16 @@ jobs:
done done
fi fi
# Finalize
UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //') UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //')
COMMIT_COUNT=$(git rev-list --count master..HEAD) COMMIT_COUNT=$(git rev-list --count origin/master..HEAD)
if [ "$COMMIT_COUNT" -gt 0 ]; then if [ "$COMMIT_COUNT" -gt 0 ]; then
echo "✓ $COMMIT_COUNT updates committed." echo "✓ $COMMIT_COUNT updates committed locally."
echo "has_updates=true" >> $GITHUB_OUTPUT echo "has_updates=true" >> $GITHUB_OUTPUT
echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
else else
echo " No updates found." echo " No updates found."
echo "has_updates=false" >> $GITHUB_OUTPUT echo "has_updates=false" >> $GITHUB_OUTPUT
git checkout master
git branch -D "${BRANCH_NAME}" 2>/dev/null || true
fi fi
- name: Verify Builds - name: Verify Builds
@@ -166,45 +136,36 @@ jobs:
for pkg in "${PKGS[@]}"; do for pkg in "${PKGS[@]}"; do
echo "Building $pkg..." echo "Building $pkg..."
if ! nix build .#$pkg; then if ! nix build .#$pkg; then
echo "❌ Build failed for $pkg" echo "❌ Build failed for $pkg. Aborting push."
exit 1 exit 1
fi fi
echo "✓ Build successful" echo "✓ Build successful"
done done
- name: Push and PR - name: Push Changes
if: steps.update.outputs.has_updates == 'true' if: steps.update.outputs.has_updates == 'true'
run: | run: |
cd "$REPO_DIR" cd "$REPO_DIR"
BRANCH="${{ steps.update.outputs.branch_name }}"
PACKAGES="${{ steps.update.outputs.updated_packages }}" PACKAGES="${{ steps.update.outputs.updated_packages }}"
echo "Pushing branch $BRANCH..." echo "Pulling latest changes (rebase)..."
git push origin "$BRANCH" git pull --rebase origin master
echo "Creating Pull Request..." echo "Pushing changes to master..."
COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /') git push origin master
tea pr create \ echo "✓ Successfully pushed updates for: $PACKAGES"
--head "$BRANCH" \
--base master \
--title "chore: update packages with nix-update" \
--body "$(printf "Automated package updates.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \
--assignees m3tam3re \
--labels automated-update
- name: Cleanup Credentials - name: Cleanup Credentials
if: always() # Run even if job fails if: always()
run: | run: |
rm -f ~/.git-credentials rm -f ~/.git-credentials
# Optional: Clear repo to save space
# rm -rf "$REPO_DIR"
- name: Summary - name: Summary
if: always() if: always()
run: | run: |
if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then
echo "✅ Successfully updated: ${{ steps.update.outputs.updated_packages }}" echo "✅ Successfully updated and pushed: ${{ steps.update.outputs.updated_packages }}"
else else
echo " No updates required." echo " No updates required."
fi fi