m3tam3re/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wf test

Browse Source
This commit is contained in:
m3tm3re
2026-01-18 07:12:45 +01:00
parent a95478fc9e
commit cc9e70d6d6
1 changed files with 39 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
.gitea/workflows/nix-update.yml
View File

@@ -15,9 +15,8 @@ env:
GIT_AUTHOR_EMAIL: "bot@m3ta.dev" GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
GIT_COMMITTER_NAME: "nix-update bot" GIT_COMMITTER_NAME: "nix-update bot"
GIT_COMMITTER_EMAIL: "bot@m3ta.dev" GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
# Global environment variables to prevent interactive prompts in any step
GIT_TERMINAL_PROMPT: "0" GIT_TERMINAL_PROMPT: "0"
GIT_ASKPASS: "echo" GIT_ASKPASS: "/bin/echo"
jobs: jobs:
nix-update: nix-update:
@@ -25,20 +24,29 @@ jobs:
steps: steps:
- name: Checkout repository - name: Checkout repository
run: | run: |
# Clean up any previous runs to avoid "destination path already exists" errors # Clean up any previous runs
if [ -d "/tmp/nixpkgs" ]; then if [ -d "/tmp/nixpkgs" ]; then
echo "Cleaning up existing /tmp/nixpkgs directory..."
rm -rf /tmp/nixpkgs rm -rf /tmp/nixpkgs
fi fi
# Clone repository with token authentication # 1. Configure Credentials Globally using a Credential Helper Script
# This is the most robust way to handle auth without leaking tokens in `ps` output
# and ensuring it works for all git commands (clone, push, submodules)
# Create a dummy askpass script that returns the password (token)
echo 'echo "${{ secrets.NIX_UPDATE_TOKEN }}"' > /tmp/git-askpass-helper.sh
chmod +x /tmp/git-askpass-helper.sh
export GIT_ASKPASS="/tmp/git-askpass-helper.sh"
# Clone using the username 'm3tam3re' explicitly.
# Gitea PATs usually require the username to match the token owner for write operations.
git clone --no-single-branch \ git clone --no-single-branch \
"https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git" \ "https://m3tam3re@code.m3ta.dev/m3tam3re/nixpkgs.git" \
/tmp/nixpkgs /tmp/nixpkgs
cd /tmp/nixpkgs cd /tmp/nixpkgs
# Configure git author/committer (local to this repo) # Configure local git user
git config user.name "${{ env.GIT_AUTHOR_NAME }}" git config user.name "${{ env.GIT_AUTHOR_NAME }}"
git config user.email "${{ env.GIT_AUTHOR_EMAIL }}" git config user.email "${{ env.GIT_AUTHOR_EMAIL }}"
git config init.defaultBranch master git config init.defaultBranch master
@@ -51,19 +59,17 @@ jobs:
id: check-packages id: check-packages
run: | run: |
cd /tmp/nixpkgs cd /tmp/nixpkgs
echo "Found packages in pkgs/ directory:"
if [ -d "pkgs" ]; then if [ -d "pkgs" ]; then
find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix | grep -v AGENTS.md || echo "No packages found" echo "Packages found."
else else
echo "pkgs directory not found" echo "pkgs directory not found"
exit 1
fi fi
# Check if flake.nix exists # Check if flake.nix exists
if [ -f "flake.nix" ]; then if [ -f "flake.nix" ]; then
echo "✓ Found flake.nix"
echo "has_flake=true" >> $GITHUB_OUTPUT echo "has_flake=true" >> $GITHUB_OUTPUT
else else
echo "✗ No flake.nix found"
echo "has_flake=false" >> $GITHUB_OUTPUT echo "has_flake=false" >> $GITHUB_OUTPUT
fi fi
@@ -73,113 +79,73 @@ jobs:
cd /tmp/nixpkgs cd /tmp/nixpkgs
set -e set -e
# Create timestamp for branch naming
TIMESTAMP=$(date +%Y%m%d-%H%M%S) TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BRANCH_NAME="nix-update-${TIMESTAMP}" BRANCH_NAME="nix-update-${TIMESTAMP}"
# Create and checkout new branch
git checkout -b "${BRANCH_NAME}" git checkout -b "${BRANCH_NAME}"
# Track if any packages were updated
UPDATES_FOUND=false UPDATES_FOUND=false
UPDATED_PACKAGES="" UPDATED_PACKAGES=""
# Function to check if commit happened
check_commit() { check_commit() {
local pkg=$1 local pkg=$1
local before=$2 local before=$2
local after=$(git rev-parse HEAD) local after=$(git rev-parse HEAD)
if [ "$before" != "$after" ]; then if [ "$before" != "$after" ]; then
echo "✓ Successfully updated $pkg (commit created)"
echo "true" echo "true"
else else
echo " No changes committed for $pkg"
echo "false" echo "false"
fi fi
} }
# Check if specific package was requested
if [ -n "${{ inputs.package }}" ]; then if [ -n "${{ inputs.package }}" ]; then
echo "Updating specific package: ${{ inputs.package }}" echo "Updating specific package: ${{ inputs.package }}"
if [ -d "pkgs/${{ inputs.package }}" ]; then if [ -d "pkgs/${{ inputs.package }}" ]; then
BEFORE_HASH=$(git rev-parse HEAD) BEFORE_HASH=$(git rev-parse HEAD)
# Run update (allow fail, but capturing output)
if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then
# Check if commit was actually made
if [ "$(check_commit "${{ inputs.package }}" "$BEFORE_HASH")" = "true" ]; then if [ "$(check_commit "${{ inputs.package }}" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true UPDATES_FOUND=true
UPDATED_PACKAGES="${{ inputs.package }}" UPDATED_PACKAGES="${{ inputs.package }}"
echo "✓ Updated ${{ inputs.package }}"
fi fi
else
echo " Package ${{ inputs.package }} update failed or not needed"
cat /tmp/update.log
fi fi
else else
echo "✗ Package directory pkgs/${{ inputs.package }} not found" echo "✗ Package directory pkgs/${{ inputs.package }} not found"
fi fi
else else
echo "Checking all packages for updates..." echo "Checking all packages..."
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
# Get list of package directories
if [ -d "pkgs" ]; then
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
else
PACKAGES=""
fi
if [ -z "$PACKAGES" ]; then if [ -z "$PACKAGES" ]; then
echo "No packages found to update" echo "No packages found to update"
echo "has_updates=false" >> $GITHUB_OUTPUT echo "has_updates=false" >> $GITHUB_OUTPUT
exit 0 exit 0
fi fi
# Update each package
for pkg in $PACKAGES; do for pkg in $PACKAGES; do
echo "" echo "Checking $pkg..."
echo "━━━ Checking $pkg ━━━"
BEFORE_HASH=$(git rev-parse HEAD) BEFORE_HASH=$(git rev-parse HEAD)
if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then
if [ "$(check_commit "$pkg" "$BEFORE_HASH")" = "true" ]; then if [ "$(check_commit "$pkg" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true UPDATES_FOUND=true
UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg" UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg"
fi echo "✓ Updated $pkg"
else
if grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then
echo " $pkg already up to date"
else
echo "⚠️ Update check for $pkg failed:"
cat /tmp/update-${pkg}.log
fi fi
fi fi
done done
fi fi
# Remove trailing comma from package list
UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //') UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //')
# Final verification of changes
COMMIT_COUNT=$(git rev-list --count master..HEAD) COMMIT_COUNT=$(git rev-list --count master..HEAD)
if [ "$COMMIT_COUNT" -gt 0 ]; then if [ "$COMMIT_COUNT" -gt 0 ]; then
echo "" echo "✓ $COMMIT_COUNT updates committed"
echo "━━━ Summary ━━━"
echo "✓ $COMMIT_COUNT package updates committed"
echo "Updates: $UPDATED_PACKAGES"
echo "has_updates=true" >> $GITHUB_OUTPUT echo "has_updates=true" >> $GITHUB_OUTPUT
echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
else else
echo "" echo " No package updates found"
echo "━━━ Summary ━━━"
echo " No package updates found (no commits created)"
echo "has_updates=false" >> $GITHUB_OUTPUT echo "has_updates=false" >> $GITHUB_OUTPUT
# Switch back to master and clean up empty branch
git checkout master git checkout master
git branch -D "${BRANCH_NAME}" 2>/dev/null || true git branch -D "${BRANCH_NAME}" 2>/dev/null || true
fi fi
@@ -189,14 +155,10 @@ jobs:
run: | run: |
cd /tmp/nixpkgs cd /tmp/nixpkgs
PACKAGES="${{ steps.update.outputs.updated_packages }}" PACKAGES="${{ steps.update.outputs.updated_packages }}"
echo "Verifying builds for: $PACKAGES"
IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES" IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES"
for pkg in "${PKG_ARRAY[@]}"; do for pkg in "${PKG_ARRAY[@]}"; do
echo "━━━ Building $pkg ━━━" echo "Building $pkg..."
if nix build .#$pkg; then if ! nix build .#$pkg; then
echo "✓ $pkg built successfully"
else
echo "❌ Build failed for $pkg" echo "❌ Build failed for $pkg"
exit 1 exit 1
fi fi
@@ -209,51 +171,41 @@ jobs:
BRANCH="${{ steps.update.outputs.branch_name }}" BRANCH="${{ steps.update.outputs.branch_name }}"
PACKAGES="${{ steps.update.outputs.updated_packages }}" PACKAGES="${{ steps.update.outputs.updated_packages }}"
echo "Configuring git push authentication..." # Re-export the helper for this step just in case
# Ensure the remote URL has the token to prevent interactive prompts export GIT_ASKPASS="/tmp/git-askpass-helper.sh"
git remote set-url origin "https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git"
echo "Pushing branch ${BRANCH}..." echo "Pushing branch ${BRANCH}..."
# Force push if needed (though branch is new)
git push origin "${BRANCH}" git push origin "${BRANCH}"
echo "Creating pull request..." echo "Creating pull request..."
if ! command -v tea &> /dev/null; then if ! command -v tea &> /dev/null; then
echo "Error: tea not found in PATH" echo "Error: tea not found"
exit 1 exit 1
fi fi
# Remove existing tea login to ensure we use the fresh token # Reset tea login
# We ignore errors in case the login doesn't exist
tea login delete m3ta >/dev/null 2>&1 || true tea login delete m3ta >/dev/null 2>&1 || true
# Add tea login with the secret token
echo "Adding tea login..."
tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}" tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
# Get commit messages
COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /') COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /')
# Create PR
tea pr create \ tea pr create \
--head "${BRANCH}" \ --head "${BRANCH}" \
--base master \ --base master \
--title "chore: update packages with nix-update" \ --title "chore: update packages with nix-update" \
--body "$(printf "Automated package updates using nix-update.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \ --body "$(printf "Automated package updates using nix-update.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \
--assignees m3tam3re \ --assignees m3tam3re \
--labels automated-update || echo "Failed to create PR. Please create manually." --labels automated-update || echo "PR creation failed"
echo "✓ Pull request created or branch pushed: ${BRANCH}" # Cleanup
rm -f /tmp/git-askpass-helper.sh
- name: Summary - name: Summary
if: always() if: always()
run: | run: |
echo "━━━ Workflow Summary ━━━"
if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then
echo "✅ Successfully updated packages" echo "✅ Success: ${{ steps.update.outputs.updated_packages }}"
echo "Branch: ${{ steps.update.outputs.branch_name }}"
echo "Packages: ${{ steps.update.outputs.updated_packages }}"
else else
echo " No package updates needed or found" echo " No updates"
fi fi