diff --git a/.github/workflows/flake.yml b/.github/workflows/flake.yml index 09dd06ac..1047a6f7 100644 --- a/.github/workflows/flake.yml +++ b/.github/workflows/flake.yml @@ -8,27 +8,17 @@ name: flake permissions: contents: write - pull-requests: write jobs: flake: runs-on: ubuntu-latest steps: - - name: Generate token - id: token - uses: tibdex/github-app-token@v2 - with: - app_id: ${{ secrets.TOKEN_EXCHANGE_APP }} - installation_retrieval_mode: id - installation_retrieval_payload: ${{ secrets.TOKEN_EXCHANGE_INSTALL }} - private_key: ${{ secrets.TOKEN_EXCHANGE_KEY }} - permissions: >- - {"contents": "write", "pull_requests": "write"} - - name: Checkout source id: source uses: actions/checkout@v4 + with: + token: ${{ secrets.BOT_ACCESS_TOKEN }} - name: Install nix id: nix @@ -36,21 +26,20 @@ jobs: - name: Update flake id: flake - uses: DeterminateSystems/update-flake-lock@v24 + run: nix flake update + + - name: Source rebase + id: rebase + run: git pull --autostash --rebase + + - name: Commit changes + uses: EndBug/add-and-commit@v9 with: - commit-msg: "chore(flake): updated lockfile" - pr-title: "chore: automated flake update" - pr-body: "New flakelock generated, automerge should handle that!" - pr-labels: renovate - git-author-name: GitHub Actions - git-author-email: github@webhippie.de - token: ${{ steps.token.outputs.token }} - - - name: Enable automerge - id: automerge - if: steps.flake.outputs.pull-request-operation == 'created' - run: gh pr merge --rebase --auto "${{ steps.flake.outputs.pull-request-number }}" - env: - GH_TOKEN: ${{ steps.token.outputs.token }} + author_name: GitHub Actions + author_email: github@webhippie.de + add: flake.lock + message: "chore(flake): updated lockfile [skip ci]" + push: true + commit: --signoff ...