m3tam3re/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
db2596b1f8f2e694f45ec2141e0e8fdc6c5b2d04
nixpkgs/.gitea/workflows/nix-update.yml
m3tm3re db2596b1f8 wf test
2026-01-18 07:04:49 +01:00

260 lines
9.2 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
name: Update Nix Packages with nix-update
on:
schedule:
- cron: "0 2 * * *"
workflow_dispatch: # Allow manual triggering
inputs:
package:
description: "Specific package to update (optional)"
required: false
type: string
env:
GIT_AUTHOR_NAME: "nix-update bot"
GIT_AUTHOR_EMAIL: "bot@m3ta.dev"
GIT_COMMITTER_NAME: "nix-update bot"
GIT_COMMITTER_EMAIL: "bot@m3ta.dev"
# Global environment variables to prevent interactive prompts in any step
GIT_TERMINAL_PROMPT: "0"
GIT_ASKPASS: "/bin/echo"
jobs:
nix-update:
runs-on: nixos
steps:
- name: Checkout repository
run: |
# Clean up any previous runs to avoid "destination path already exists" errors
if [ -d "/tmp/nixpkgs" ]; then
echo "Cleaning up existing /tmp/nixpkgs directory..."
rm -rf /tmp/nixpkgs
fi
# Clone repository with token authentication
git clone --no-single-branch \
"https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git" \
/tmp/nixpkgs
cd /tmp/nixpkgs
# Configure git author/committer (local to this repo)
git config user.name "${{ env.GIT_AUTHOR_NAME }}"
git config user.email "${{ env.GIT_AUTHOR_EMAIL }}"
git config init.defaultBranch master
# Verify checkout
git status
git log --oneline -5
- name: Check for available packages to update
id: check-packages
run: |
cd /tmp/nixpkgs
echo "Found packages in pkgs/ directory:"
if [ -d "pkgs" ]; then
find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix | grep -v AGENTS.md || echo "No packages found"
else
echo "pkgs directory not found"
fi
# Check if flake.nix exists
if [ -f "flake.nix" ]; then
echo "✓ Found flake.nix"
echo "has_flake=true" >> $GITHUB_OUTPUT
else
echo "✗ No flake.nix found"
echo "has_flake=false" >> $GITHUB_OUTPUT
fi
- name: Update packages
id: update
run: |
cd /tmp/nixpkgs
set -e
# Create timestamp for branch naming
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
BRANCH_NAME="nix-update-${TIMESTAMP}"
# Create and checkout new branch
git checkout -b "${BRANCH_NAME}"
# Track if any packages were updated
UPDATES_FOUND=false
UPDATED_PACKAGES=""
# Function to check if commit happened
check_commit() {
local pkg=$1
local before=$2
local after=$(git rev-parse HEAD)
if [ "$before" != "$after" ]; then
echo "✓ Successfully updated $pkg (commit created)"
echo "true"
else
echo " No changes committed for $pkg"
echo "false"
fi
}
# Check if specific package was requested
if [ -n "${{ inputs.package }}" ]; then
echo "Updating specific package: ${{ inputs.package }}"
if [ -d "pkgs/${{ inputs.package }}" ]; then
BEFORE_HASH=$(git rev-parse HEAD)
# Run update (allow fail, but capturing output)
if nix-update --flake --commit "${{ inputs.package }}" 2>&1 | tee /tmp/update.log; then
# Check if commit was actually made
if [ "$(check_commit "${{ inputs.package }}" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true
UPDATED_PACKAGES="${{ inputs.package }}"
fi
else
echo " Package ${{ inputs.package }} update failed or not needed"
cat /tmp/update.log
fi
else
echo "✗ Package directory pkgs/${{ inputs.package }} not found"
fi
else
echo "Checking all packages for updates..."
# Get list of package directories
if [ -d "pkgs" ]; then
PACKAGES=$(find pkgs -mindepth 1 -maxdepth 1 -type d -not -name default.nix -not -name AGENTS.md -exec basename {} \; 2>/dev/null | sort)
else
PACKAGES=""
fi
if [ -z "$PACKAGES" ]; then
echo "No packages found to update"
echo "has_updates=false" >> $GITHUB_OUTPUT
exit 0
fi
# Update each package
for pkg in $PACKAGES; do
echo ""
echo "━━━ Checking $pkg ━━━"
BEFORE_HASH=$(git rev-parse HEAD)
if nix-update --flake --commit "$pkg" 2>&1 | tee /tmp/update-${pkg}.log; then
if [ "$(check_commit "$pkg" "$BEFORE_HASH")" = "true" ]; then
UPDATES_FOUND=true
UPDATED_PACKAGES="${UPDATED_PACKAGES}, $pkg"
fi
else
if grep -q "already up to date\|No new version found" /tmp/update-${pkg}.log; then
echo " $pkg already up to date"
else
echo "⚠️ Update check for $pkg failed:"
cat /tmp/update-${pkg}.log
fi
fi
done
fi
# Remove trailing comma from package list
UPDATED_PACKAGES=$(echo "$UPDATED_PACKAGES" | sed 's/^, //')
# Final verification of changes
COMMIT_COUNT=$(git rev-list --count master..HEAD)
if [ "$COMMIT_COUNT" -gt 0 ]; then
echo ""
echo "━━━ Summary ━━━"
echo "✓ $COMMIT_COUNT package updates committed"
echo "Updates: $UPDATED_PACKAGES"
echo "has_updates=true" >> $GITHUB_OUTPUT
echo "updated_packages=${UPDATED_PACKAGES}" >> $GITHUB_OUTPUT
echo "branch_name=${BRANCH_NAME}" >> $GITHUB_OUTPUT
else
echo ""
echo "━━━ Summary ━━━"
echo " No package updates found (no commits created)"
echo "has_updates=false" >> $GITHUB_OUTPUT
# Switch back to master and clean up empty branch
git checkout master
git branch -D "${BRANCH_NAME}" 2>/dev/null || true
fi
- name: Verify packages build
if: steps.update.outputs.has_updates == 'true'
run: |
cd /tmp/nixpkgs
PACKAGES="${{ steps.update.outputs.updated_packages }}"
echo "Verifying builds for: $PACKAGES"
IFS=', ' read -ra PKG_ARRAY <<< "$PACKAGES"
for pkg in "${PKG_ARRAY[@]}"; do
echo "━━━ Building $pkg ━━━"
if nix build .#$pkg; then
echo "✓ $pkg built successfully"
else
echo "❌ Build failed for $pkg"
exit 1
fi
done
- name: Push branch and create pull request
if: steps.update.outputs.has_updates == 'true'
run: |
cd /tmp/nixpkgs
BRANCH="${{ steps.update.outputs.branch_name }}"
PACKAGES="${{ steps.update.outputs.updated_packages }}"
echo "Configuring git push authentication..."
# Ensure the remote URL has the token to prevent interactive prompts
git remote set-url origin "https://${{ secrets.NIX_UPDATE_TOKEN }}@code.m3ta.dev/m3tam3re/nixpkgs.git"
echo "Pushing branch ${BRANCH}..."
# Force push if needed (though branch is new)
git push origin "${BRANCH}"
echo "Creating pull request..."
if ! command -v tea &> /dev/null; then
echo "Error: tea not found in PATH"
exit 1
fi
# Remove existing tea login to ensure we use the fresh token
# We ignore errors in case the login doesn't exist
tea login delete m3ta >/dev/null 2>&1 || true
# Add tea login with the secret token
echo "Adding tea login..."
tea login add --name m3ta --url https://code.m3ta.dev --token "${{ secrets.NIX_UPDATE_TOKEN }}"
# Get commit messages
COMMITS=$(git log origin/master..HEAD --pretty=format:"%h %s" | sed 's/^/- /')
# Create PR
tea pr create \
--head "${BRANCH}" \
--base master \
--title "chore: update packages with nix-update" \
--body "$(printf "Automated package updates using nix-update.\n\nUpdated packages:\n%s\n\nCommits:\n%s" "$PACKAGES" "$COMMITS")" \
--assignees m3tam3re \
--labels automated-update || echo "Failed to create PR. Please create manually."
echo "✓ Pull request created or branch pushed: ${BRANCH}"
- name: Summary
if: always()
run: |
echo "━━━ Workflow Summary ━━━"
if [ "${{ steps.update.outputs.has_updates }}" = "true" ]; then
echo "✅ Successfully updated packages"
echo "Branch: ${{ steps.update.outputs.branch_name }}"
echo "Packages: ${{ steps.update.outputs.updated_packages }}"
else
echo " No package updates needed or found"
fi
Reference in New Issue View Git Blame Copy Permalink