From b6d45cae4f6ee2eaef23924cc42a5d0d13723514 Mon Sep 17 00:00:00 2001 From: m3tm3re Date: Tue, 13 Jan 2026 20:50:38 +0100 Subject: [PATCH] feat: add Gitea Actions workflow for automated package updates with nix-update --- .gitea/workflows/nix-update.yml | 205 ++++++++++++++++++++++++++++++++ README.md | 22 +++- 2 files changed, 226 insertions(+), 1 deletion(-) create mode 100644 .gitea/workflows/nix-update.yml diff --git a/.gitea/workflows/nix-update.yml b/.gitea/workflows/nix-update.yml new file mode 100644 index 0000000..dd7c576 --- /dev/null +++ b/.gitea/workflows/nix-update.yml @@ -0,0 +1,205 @@ +name: Update Nix Packages with nix-update + +on: + schedule: + - cron: '@weekly' + workflow_dispatch: # Allow manual triggering + inputs: + package: + description: 'Specific package to update (optional)' + required: false + type: string + +env: + GIT_AUTHOR_NAME: 'nix-update bot' + GIT_AUTHOR_EMAIL: 'bot@m3ta.dev' + GIT_COMMITTER_NAME: 'nix-update bot' + GIT_COMMITTER_EMAIL: 'bot@m3ta.dev' + +jobs: + nix-update: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.NIX_UPDATE_TOKEN }} + + - name: Install Nix + uses: https://github.com/cachix/install-nix-action@v31 + with: + extra_nix_config: | + experimental-features = nix-command flakes + sandbox = false + + - name: Configure Nix + run: | + mkdir -p ~/.config/nix + cat >> ~/.config/nix/nix.conf << EOF + experimental-features = nix-command flakes + sandbox = false + EOF + + - name: Check for available packages to update + id: check-packages + run: | + echo "Found packages in pkgs/ directory:" + ls -1 pkgs/ | grep -v default.nix | grep -v AGENTS.md || echo "No package directories found" + + # Check if flake.nix exists + if [ -f "flake.nix" ]; then + echo "✓ Found flake.nix" + echo "has_flake=true" >> $GITHUB_OUTPUT + else + echo "✗ No flake.nix found" + echo "has_flake=false" >> $GITHUB_OUTPUT + fi + + - name: Setup git config + run: | + git config --global user.name "${{ env.GIT_AUTHOR_NAME }}" + git config --global user.email "${{ env.GIT_AUTHOR_EMAIL }}" + git config --global init.defaultBranch master + + - name: Update packages + id: update + run: | + set -e + + # Create timestamp for branch naming + TIMESTAMP=$(date +%Y%m%d-%H%M%S) + BRANCH_NAME="nix-update-${TIMESTAMP}" + + # Create and checkout new branch + git checkout -b "${BRANCH_NAME}" + + # Track if any packages were updated + UPDATES_FOUND=false + UPDATED_PACKAGES="" + + # Check if specific package was requested + if [ -n "${{ inputs.package }}" ]; then + echo "Updating specific package: ${{ inputs.package }}" + if [ -d "pkgs/${{ inputs.package }}" ]; then + if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then + UPDATES_FOUND=true + UPDATED_PACKAGES="${{ inputs.package }}" + echo "✓ Updated ${{ inputs.package }}" + else + echo "ℹ️ Package ${{ inputs.package }} update failed or not needed" + cat /tmp/update.log + fi + else + echo "✗ Package directory pkgs/${{ inputs.package }} not found" + fi + else + echo "Checking all packages for updates..." + + # Get list of package directories (exclude default.nix and AGENTS.md) + PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort) + + if [ -z "$PACKAGES" ]; then + echo "No packages found to update" + echo "has_updates=false" >> $GITHUB_OUTPUT + exit 0 + fi + + # Update each package + for pkg in $PACKAGES; do + echo "" + echo "━━━ Checking $pkg ━━━" + if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then + UPDATES_FOUND=true + UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg" + echo "✓ Updated $pkg" + else + # Check if it was actually an update or just "already up to date" + if grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then + echo "ℹ️ $pkg already up to date" + else + echo "⚠️ Update check for $pkg failed:" + cat /tmp/update-${pkg}.log + fi + fi + done + fi + + # Remove trailing comma from package list + UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //') + + # Check if there are any changes + if [ "$UPDATES_FOUND" = "true" ]; then + echo "" + echo "━━━ Summary ━━━" + echo "✓ Package updates found: $UPDATED_PACKAGES" + echo "has_updates=true" >> $GITHUB_OUTPUT + echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT + echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT + + # Check if there are actual git changes + if git diff-index --quiet HEAD --; then + echo "⚠️ No actual git changes detected despite nix-update success" + echo "has_updates=false" >> $GITHUB_OUTPUT + else + echo "✓ Git changes detected" + git status + fi + else + echo "" + echo "━━━ Summary ━━━" + echo "ℹ️ No package updates found" + echo "has_updates=false" >> $GITHUB_OUTPUT + # Switch back to master if no updates + git checkout master + git branch -D "${BRANCH_NAME}" 2>/dev/null || true + fi + + - name: Push branch and create pull request + if: steps.update.outputs.has_updates == 'true' + run: | + BRANCH="${{ steps.update.outputs.branch_name }}" + PACKAGES="${{ steps.update.outputs.updated_packages }}" + + echo "Pushing branch ${BRANCH}..." + + # Push the branch + git push origin "${BRANCH}" || (git fetch origin "${BRANCH}" 2>/dev/null && git push origin "${BRANCH}" --force) + + echo "Creating pull request..." + + # Create pull request using tea CLI + wget -q https://dl.gitea.com/tea/latest/tea-linux-amd64 -O /tmp/tea + chmod +x /tmp/tea + + # Get commit messages for PR description + COMMITS=$(git log origin/master..origin/"${BRANCH}" --pretty=format:"%h %s" | sed 's/^/- /') + + # Create PR + /tmp/tea pr create \ + --head "${BRANCH}" \ + --base master \ + --title "chore: update packages with nix-update" \ + --body "Automated package updates using nix-update. + +**Updated packages:** +${PACKAGES} + +**Commits:** +${COMMITS}" \ + --assignees m3tam3re \ + --labels automated-update || echo "Failed to create PR. Please create manually." + + echo "✓ Pull request created or branch pushed: ${BRANCH}" + + - name: Summary + if: always() + run: | + echo "━━━ Workflow Summary ━━━" + if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then + echo "✅ Successfully updated packages" + echo "Branch: ${{ steps.update.outputs.branch_name }}" + echo "Packages: ${{ steps.update.outputs.updated_packages }}" + else + echo "ℹ️ No package updates needed or found" + fi diff --git a/README.md b/README.md index 4754d95..3b1d590 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,27 @@ nix run git+https://code.m3ta.dev/m3tam3re/nixpkgs#zellij-ps | `tuxedo-backlight` | Backlight control for Tuxedo laptops | | `zellij-ps` | Project switcher for Zellij | -## Documentation +## Automated Package Updates + +This repository uses Gitea Actions to automatically update packages using `nix-update`: + +**Workflow**: [`.gitea/workflows/nix-update.yml`](./.gitea/workflows/nix-update.yml) + +**Schedule**: Runs weekly on Sundays, and can be triggered manually. + +**What it does**: +- Checks all packages in `pkgs/` for updates +- Updates versions and hashes using `nix-update --flake --commit` +- Creates a new branch with updates +- Opens a pull request automatically + +**Manual Trigger**: +Go to **Actions → Update Nix Packages with nix-update → Run workflow** in Gitea UI, then optionally specify a specific package to update. + +**Setup Required**: +1. Create a Personal Access Token in Gitea (Settings → Applications → Generate Token) +2. Token scopes needed: `user`, `repo`, `write:issue` +3. Add token as secret: Settings → Secrets → New → `NIX_UPDATE_TOKEN` For detailed usage, module documentation, package references, and contribution guidelines, see the [full documentation](./docs).