Skip to content

update-flake-lock

update-flake-lock #289

name: update-flake-lock
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: "0 0 * * 1,4" # Run twice a week
jobs:
lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Create GitHub App token
uses: actions/create-github-app-token@v2
id: app-token
with:
app-id: ${{ vars.CI_APP_ID }}
private-key: ${{ secrets.CI_APP_PRIVATE_KEY }}
permission-contents: write
permission-pull-requests: write
- name: Install Nix
uses: cachix/install-nix-action@v31
with:
extra_nix_config: |
accept-flake-config = true
experimental-features = nix-command flakes
- name: Eval flake
run: |
nix flake show
- name: setup
run: |
git config user.email "github-actions[bot]@users.noreply.github.com"
git config user.name "github-actions[bot]"
- name: Update flake
run: |
nix flake update --commit-lock-file
- name: Update dev flake
run: |
pushd dev/private
nix flake update --commit-lock-file
popd
./dev/update-private-narhash
git commit --amend --no-edit dev/private.narHash
- uses: peter-evans/create-pull-request@v7
id: pr
with:
title: Update flake.lock files
branch: update-flake-lock
- name: Enable Automerge
run: gh pr merge --auto --rebase ${{ steps.pr.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}