name: Update Nix Packages with nix-update on: schedule: - cron: '0 2 * * *' workflow_dispatch: # Allow manual triggering inputs: package: description: 'Specific package to update (optional)' required: false type: string env: GIT_AUTHOR_NAME: 'nix-update bot' GIT_AUTHOR_EMAIL: 'bot@m3ta.dev' GIT_COMMITTER_NAME: 'nix-update bot' GIT_COMMITTER_EMAIL: 'bot@m3ta.dev' jobs: nix-update: runs-on: nixos steps: - name: Checkout repository uses: actions/checkout@v4 with: fetch-depth: 0 token: ${{ secrets.NIX_UPDATE_TOKEN }} - name: Check for available packages to update id: check-packages run: | echo "Found packages in pkgs/ directory:" ls -1 pkgs/ | grep -v default.nix | grep -v AGENTS.md || echo "No package directories found" # Check if flake.nix exists if [ -f "flake.nix" ]; then echo "✓ Found flake.nix" echo "has_flake=true" >> $GITHUB_OUTPUT else echo "✗ No flake.nix found" echo "has_flake=false" >> $GITHUB_OUTPUT fi - name: Setup git config run: | git config --global user.name "${{ env.GIT_AUTHOR_NAME }}" git config --global user.email "${{ env.GIT_AUTHOR_EMAIL }}" git config --global init.defaultBranch master - name: Update packages id: update run: | set -e # Create timestamp for branch naming TIMESTAMP=$(date +%Y%m%d-%H%M%S) BRANCH_NAME="nix-update-${TIMESTAMP}" # Create and checkout new branch git checkout -b "${BRANCH_NAME}" # Track if any packages were updated UPDATES_FOUND=false UPDATED_PACKAGES="" # Check if specific package was requested if [ -n "${{ inputs.package }}" ]; then echo "Updating specific package: ${{ inputs.package }}" if [ -d "pkgs/${{ inputs.package }}" ]; then if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then UPDATES_FOUND=true UPDATED_PACKAGES="${{ inputs.package }}" echo "✓ Updated ${{ inputs.package }}" else echo "ℹ️ Package ${{ inputs.package }} update failed or not needed" cat /tmp/update.log fi else echo "✗ Package directory pkgs/${{ inputs.package }} not found" fi else echo "Checking all packages for updates..." # Get list of package directories (exclude default.nix and AGENTS.md) PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort) if [ -z "$PACKAGES" ]; then echo "No packages found to update" echo "has_updates=false" >> $GITHUB_OUTPUT exit 0 fi # Update each package for pkg in $PACKAGES; do echo "" echo "━━━ Checking $pkg ━━━" if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then UPDATES_FOUND=true UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg" echo "✓ Updated $pkg" else # Check if it was actually an update or just "already up to date" if grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then echo "ℹ️ $pkg already up to date" else echo "⚠️ Update check for $pkg failed:" cat /tmp/update-${pkg}.log fi fi done fi # Remove trailing comma from package list UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //') # Check if there are any changes if [ "$UPDATES_FOUND" = "true" ]; then echo "" echo "━━━ Summary ━━━" echo "✓ Package updates found: $UPDATED_PACKAGES" echo "has_updates=true" >> $GITHUB_OUTPUT echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT # Check if there are actual git changes if git diff-index --quiet HEAD --; then echo "⚠️ No actual git changes detected despite nix-update success" echo "has_updates=false" >> $GITHUB_OUTPUT else echo "✓ Git changes detected" git status fi else echo "" echo "━━━ Summary ━━━" echo "ℹ️ No package updates found" echo "has_updates=false" >> $GITHUB_OUTPUT # Switch back to master if no updates git checkout master git branch -D "${BRANCH_NAME}" 2>/dev/null || true fi - name: Verify packages build if: steps.update.outputs.has_updates == 'true' run: | PACKAGES="${{ steps.update.outputs.updated_packages }}" echo "Verifying builds for: $PACKAGES" # Parse comma-separated package list IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES" for pkg in "${PKG_ARRAY[@]}"; do echo "━━━ Building $pkg ━━━" if nix build .#$pkg; then echo "✓ $pkg built successfully" else echo "❌ Build failed for $pkg" exit 1 fi done - name: Push branch and create pull request if: steps.update.outputs.has_updates == 'true' run: | BRANCH="${{ steps.update.outputs.branch_name }}" PACKAGES="${{ steps.update.outputs.updated_packages }}" echo "Pushing branch ${BRANCH}..." # Push the branch git push origin "${BRANCH}" || (git fetch origin "${BRANCH}" 2>/dev/null && git push origin "${BRANCH}" --force) echo "Creating pull request..." # Create pull request using tea CLI wget -q https://dl.gitea.com/tea/latest/tea-linux-amd64 -O /tmp/tea chmod +x /tmp/tea # Get commit messages for PR description COMMITS=$(git log origin/master..origin/"${BRANCH}" --pretty=format:"%h %s" | sed 's/^/- /') # Create PR /tmp/tea pr create \ --head "${BRANCH}" \ --base master \ --title "chore: update packages with nix-update" \ --body "Automated package updates using nix-update.\n\nUpdated packages:\n${PACKAGES}\n\nCommits:\n${COMMITS}" \ --assignees m3tam3re \ --labels automated-update || echo "Failed to create PR. Please create manually." echo "✓ Pull request created or branch pushed: ${BRANCH}" - name: Summary if: always() run: | echo "━━━ Workflow Summary ━━━" if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then echo "✅ Successfully updated packages" echo "Branch: ${{ steps.update.outputs.branch_name }}" echo "Packages: ${{ steps.update.outputs.updated_packages }}" else echo "ℹ️ No package updates needed or found" fi