CI: revive cachix #131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Update packages weekly" | |
on: | |
push: | |
paths: | |
- '.github/workflows/update.yml' | |
schedule: | |
- cron: '19 18 * * 2' | |
repository_dispatch: | |
workflow_dispatch: | |
inputs: | |
update_lock: | |
description: Update flake.lock | |
required: true | |
default: true | |
type: boolean | |
update_source: | |
description: Update source | |
required: true | |
default: true | |
type: boolean | |
jobs: | |
bump_lock: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
env: | |
NIXPKGS_ALLOW_UNFREE: 1 | |
# ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }} | |
# ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }} | |
# ATTIC_ACCESS_TOKEN: ${{ secrets.ATTIC_ACCESS_TOKEN }} | |
steps: | |
- name: 0-1. Checkout repository | |
uses: actions/checkout@v4 | |
- name: 0-2. Install nix | |
uses: cachix/install-nix-action@v26 | |
with: | |
nix_path: nixpkgs=channel:nixos-unstable | |
extra_nix_config: | | |
experimental-features = nix-command flakes | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
substituters = https://cache.nixos.org/ https://cache.garnix.io | |
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= | |
- name: 1-1. Update flake.lock | |
if: ${{ inputs.update_lock == true || github.event_name != 'workflow_dispatch' }} | |
run: nix flake update --impure | |
# - name: 2-1. Setup Attic | |
# if: ${{ inputs.update_source == true || github.event_name != 'workflow_dispatch' }} | |
# run: | | |
# # curl -LO https://raw.githubusercontent.com/zhaofengli/attic/main/.github/install-attic-ci.sh | |
# curl -LO https://raw.githubusercontent.com/icewind1991/attic-action/master/dist/main/install-attic-ci.sh | |
# bash install-attic-ci.sh | |
# | |
# # https://github.com/zhaofengli/attic/blob/main/.github/workflows/build.yml#L30 | |
# export PATH=$HOME/.nix-profile/bin:$PATH | |
# attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_ACCESS_TOKEN" | |
# attic use "$ATTIC_CACHE" | |
- name: 2-2. Update package sources | |
if: ${{ inputs.update_source == true || github.event_name != 'workflow_dispatch' }} | |
run: nix run .#update --impure | |
- name: 3-1. Show flake metadata | |
if: ${{ always() }} | |
run: nix flake metadata --impure | |
- name: 3-2. Bump flake.lock ONLY | |
if: ${{ inputs.update_lock == true && inputs.update_source == false }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "Update: sources" | |
file_pattern: "pkgs/_sources" | |
- name: 3-3. Bump package sources ONLY | |
if: ${{ inputs.update_source == true && inputs.update_lock == false }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "Update: flake.lock" | |
file_pattern: "flake.lock" | |
- name: 3-4. Bump flake.lock & package sources | |
if: ${{ inputs.update_source == true && inputs.update_lock == true || github.event_name != 'workflow_dispatch' }} | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "Update: flake.lock&sources" | |
file_pattern: "flake.lock pkgs/_sources" | |
build_bundles: | |
needs: bump_lock | |
secrets: inherit | |
permissions: | |
contents: write | |
strategy: | |
matrix: | |
bundles: | |
- ciPackages | |
- unfreePackages | |
# - JetBrainsPackages | |
- uncategorized | |
uses: ./.github/workflows/build.yml | |
with: | |
packages: ${{ matrix.bundles }} |