update-flake-lock #363
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: update-flake-lock | |
| on: | |
| workflow_dispatch: # allows manual triggering | |
| schedule: | |
| - cron: '5 4 * * *' # daily at 04:05 | |
| permissions: | |
| pull-requests: write | |
| contents: write | |
| jobs: | |
| lockfile: | |
| runs-on: ubuntu-latest | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.PAT }} | |
| GH_TOKEN: ${{ secrets.PAT }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v16 | |
| - name: Setup ssh credentials | |
| run: ./.github/scripts/credentials.sh | |
| env: | |
| LIX_REPO_TOKEN: "${{ secrets.LIX_REPO_TOKEN }}" | |
| - name: Update and create the PR | |
| run: | | |
| export BRANCH_NAME=update_$(date +%Y%m%d%H%M%S) | |
| git config user.name "github-actions[bot]" | |
| git config user.email "<>" | |
| git checkout -b $BRANCH_NAME | |
| nix flake update --commit-lock-file | |
| git push origin $BRANCH_NAME | |
| pr_url="$(gh pr create --title 'Update flake.lock' --body 'Update flake.lock')" | |
| gh pr merge --auto -r "$pr_url" |