-
Notifications
You must be signed in to change notification settings - Fork 1
53 lines (46 loc) · 1.7 KB
/
update-flake-packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
name: "Update Flake Packages ❄️"
on:
# Allow this workflow to be reused by other workflows:
workflow_call:
secrets:
NIX_GITHUB_TOKEN:
description: GitHub token to add as access-token in nix.conf
required: false
CACHIX_AUTH_TOKEN:
description: 'Cachix auth token'
required: true
CREATE_PR_APP_ID:
description: ID of the GitHub App used for opening pull requests.
required: true
CREATE_PR_APP_PRIVATE_KEY:
description: Private key of the GitHub App used for opening pull requests.
required: true
# Allow this workflow to be triggered manually:
workflow_dispatch:
# Run everyday at 00:00:
schedule:
- cron: "0 0 * * *" # https://crontab.guru/#0_0_*_*_*
jobs:
updateFlakePackages:
runs-on: self-hosted
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: metacraft-labs/nixos-modules/.github/install-nix@main
with:
nix-github-token: ${{ secrets.NIX_GITHUB_TOKEN }}
cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
cachix-cache: ${{ vars.CACHIX_CACHE }}
trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
substituters: ${{ vars.SUBSTITUTERS }}
- uses: tibdex/[email protected]
id: generate-token
with:
app_id: ${{ secrets.CREATE_PR_APP_ID }}
private_key: ${{ secrets.CREATE_PR_APP_PRIVATE_KEY }}
- name: Update flake packages
uses: metacraft-labs/nix-update-action@main
with:
token: ${{ steps.generate-token.outputs.token }}
blacklist: "ci-matrix,folder-size-metrics,mcl,grafana-agent,validator-ejector"