ci: Add workflow for updating flake dependencies

2024-11-22 23:17:15 +03:00 · 2022-10-19 20:45:01 -07:00 · 2022-10-19 20:45:01 -07:00 · e98f7263f4
commit e98f7263f4
parent 097afacc53
2 changed files with 37 additions and 1 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -1,4 +1,4 @@
-name: "Test"
+name: "Run test suite"
 on:
  pull_request:
    types: [opened, synchronize, reopened]
@ -7,6 +7,9 @@ on:
      - 'master'
      - 'ci*' # Allow testing CI fixes without opening a PR

+permissions:
+  contents: read
+
 jobs:
  tests:
    strategy:
--- a/.github/workflows/update-flake.yml
+++ b/.github/workflows/update-flake.yml
@ -0,0 +1,33 @@
+name: Update flake dependencies
+
+on:
+  workflow_dispatch: # for allowing manual triggers of the workflow
+
+permissions:
+  contents: read
+
+jobs:
+  update-dependencies:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3
+    - uses: cachix/install-nix-action@v17
+    - name: update flake.lock
+      run: nix flake update
+    - name: run test suite
+      uses: ./.github/workflows/test.yml
+
+    # Use the REST API to commit changes, so we get automatic commit signing
+    # https://gist.github.com/swinton/03e84635b45c78353b1f71e41007fc7c
+    - name: Commit changes
+      permissions:
+        contents: write
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        FILE_TO_COMMIT: flake.lock
+      run: |
+        gh api --method PUT /repos/:owner/:repo/contents/$FILE_TO_COMMIT \
+          --field message="chore: update flake inputs" \
+          --field content=@<( base64 -i $FILE_TO_COMMIT ) \
+          --field branch="$GITHUB_REF" \
+          --field sha="$( git rev-parse $GITHUB_REF:$FILE_TO_COMMIT )"