-
Notifications
You must be signed in to change notification settings - Fork 0
108 lines (96 loc) · 3.54 KB
/
update.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
name: "Update packages weekly"
on:
push:
paths:
- '.github/workflows/update.yml'
schedule:
- cron: '19 18 * * 2'
repository_dispatch:
workflow_dispatch:
inputs:
update_lock:
description: Update flake.lock
required: true
default: true
type: boolean
update_source:
description: Update source
required: true
default: true
type: boolean
jobs:
bump_lock:
runs-on: ubuntu-latest
permissions:
contents: write
env:
NIXPKGS_ALLOW_UNFREE: 1
# ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
# ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
# ATTIC_ACCESS_TOKEN: ${{ secrets.ATTIC_ACCESS_TOKEN }}
steps:
- name: 0-1. Checkout repository
uses: actions/checkout@v4
- name: 0-2. Install nix
uses: cachix/install-nix-action@V27
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
experimental-features = nix-command flakes
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
substituters = https://cache.nixos.org/ https://cache.garnix.io
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=
- name: 1-1. Update flake.lock
if: ${{ inputs.update_lock == true || github.event_name != 'workflow_dispatch' }}
run: nix flake update --impure
# - name: 2-1. Setup Attic
# if: ${{ inputs.update_source == true || github.event_name != 'workflow_dispatch' }}
# run: |
# # curl -LO https://raw.githubusercontent.com/zhaofengli/attic/main/.github/install-attic-ci.sh
# curl -LO https://raw.githubusercontent.com/icewind1991/attic-action/master/dist/main/install-attic-ci.sh
# bash install-attic-ci.sh
#
# # https://github.com/zhaofengli/attic/blob/main/.github/workflows/build.yml#L30
# export PATH=$HOME/.nix-profile/bin:$PATH
# attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_ACCESS_TOKEN"
# attic use "$ATTIC_CACHE"
- name: 2-2. Update package sources
if: ${{ inputs.update_source == true || github.event_name != 'workflow_dispatch' }}
run: nix run .#update --impure
- name: 3-1. Show flake metadata
if: ${{ always() }}
run: nix flake metadata --impure
- name: 3-2. Bump flake.lock ONLY
if: ${{ inputs.update_lock == true && inputs.update_source == false }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Update: sources"
file_pattern: "pkgs/_sources"
- name: 3-3. Bump package sources ONLY
if: ${{ inputs.update_source == true && inputs.update_lock == false }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Update: flake.lock"
file_pattern: "flake.lock"
- name: 3-4. Bump flake.lock & package sources
if: ${{ inputs.update_source == true && inputs.update_lock == true || github.event_name != 'workflow_dispatch' }}
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Update: flake.lock&sources"
file_pattern: "flake.lock pkgs/_sources"
build_bundles:
needs: bump_lock
secrets: inherit
permissions:
contents: write
strategy:
matrix:
bundles:
- ciPackages
- unfreePackages
# - JetBrainsPackages
- uncategorized
- trivialPackages
uses: ./.github/workflows/build.yml
with:
packages: ${{ matrix.bundles }}