Skip to content

Commit

Permalink
ci: add update command action
Browse files Browse the repository at this point in the history
  • Loading branch information
NyCodeGHG committed Sep 3, 2023
1 parent 4db2f84 commit a6ce7d1
Show file tree
Hide file tree
Showing 3 changed files with 174 additions and 12 deletions.
20 changes: 20 additions & 0 deletions .github/allowed-nix-update-users.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
github:
let
commenter = github.event.sender;
allowlist = {
# See id on https://api.github.com/users/<username>
"HerrLevin" = 1267894;
"jeyemwey" = 2796271;
"MrKrisKrisu" = 4103693;
"NyCodeGHG" = 37078297;
"xanderio" = 6298052;
};
isAllowedUser = builtins.elem commenter.id (
(builtins.attrValues allowlist) ++ [github.event.issue.user.id]
);
in
if isAllowedUser then
builtins.trace "The user '${commenter.login}' is allowed to run the command. ✅"
true
else
builtins.throw "The user '${commenter.login}' is not allowed to run the command. ❌"
60 changes: 48 additions & 12 deletions .github/workflows/nix-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,22 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check if relevant files changed
shell: bash
run: |
# most sane regex
# checks if one of these files/directories has been touched
# - package.json
# - package-lock.json
# - nix/
# - composer.json
# - composer.lock
if [ -n "$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} | grep -P '^(?:package(?:-lock)?\.json$|nix\/|composer\.(?:json|lock)$')" ]; then
echo "File(s) changed so this job runs"
else
echo "no files changed so we exit neutrally (not success or failure)"
exit 78
fi
- name: Install nix
uses: cachix/install-nix-action@v22
with:
Expand All @@ -17,25 +33,45 @@ jobs:
# name: trawelling
# authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

- name: Prepare Nix shell
run: nix develop --impure .#ci

- name: Update npm Hashes
working-directory: nix/package/web
run: nix develop --impure .#ci --command "./update.sh"

- name: Update Composer Hashes
working-directory: nix/package
run: nix develop --impure .#ci --command "./update.sh"
- name: Update generated files
run: nix develop --impure .#ci --command "update-nix-package-deps"

- name: Check if up-to-date
shell: bash
id: check
run: |
if [ "$(git status --porcelain=v1 2>/dev/null | wc -l)" = "1" ]; then
if [[ ! -z $(git status -s) ]]; then
git status
echo "::error::Nix hashes are not up to date. Update them with the `update-nix-package-dep` command in the nix devshell."
echo "up-to-date=false" >> "$GITHUB_OUTPUT"
fi
- name: Find Comment
uses: peter-evans/find-comment@v2
if: "github.event_name == 'pull_request' && steps.check.outputs.up-to-date == 'false'"
id: fc
with:
issue-number: ${{ github.event.pull_request.number }}
comment-author: 'github-actions[bot]'
body-includes: This comment was written by a bot!

- name: Create comment
if: "steps.fc.outputs.comment-id == '' && github.event_name == 'pull_request' && steps.check.outputs.up-to-date == 'false'"
uses: peter-evans/create-or-update-comment@v3
with:
issue-number: ${{ github.event.pull_request.number }}
body: |
The composer or npm dependencies are out of sync with the generated nix files.
Please update the files by either running the `update-nix-package-dep` script locally
or let GitHub actions do it by running `/nix-update`.
*This comment was written by a bot!* 🤖
- name: Fail Build
if: "steps.check.outputs.up-to-date == 'false'"
shell: bash
run: exit 1

build:
name: Build Package
runs-on: ubuntu-latest
Expand Down
106 changes: 106 additions & 0 deletions .github/workflows/nix-update-command.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,106 @@
name: Nix Update Command
on:
issue_comment:
types:
- created
- edited

concurrency: nix-update-${{ github.event.issue.number }}

jobs:
command:
if: "github.event.comment.body == '/nix-update' && github.event.issue.pull_request"
runs-on: ubuntu-latest
permissions:
contents: write
issues: write
pull-requests: write
steps:
- name: Install Nix
uses: cachix/install-nix-action@v22
with:
nix_path: nixpkgs=channel:nixos-unstable

- name: Checkout Self
uses: actions/checkout@v3
with:
repository: ${{ github.repository }}
ref: refs/heads/${{ github.event.repository.default_branch }}

- name: Check if user is allowed to run the command
shell: bash
id: perms
run: |
echo '${{ toJSON(github) }}' > /tmp/context.json
if nix eval --expr 'import ./.github/allowed-nix-update-users.nix (builtins.fromJSON (builtins.readFile /tmp/context.json))' --impure; then
echo "allowed=true" >> "$GITHUB_OUTPUT"
else
echo "allowed=false" >> "$GITHUB_OUTPUT"
fi
- name: Add no permission reacton
if: "${{ steps.perms.outputs.allowed == 'false' }}"
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ github.event.comment.id }}
reactions: '-1'

- name: Add okay reaction
if: "${{ steps.perms.outputs.allowed }}"
uses: peter-evans/create-or-update-comment@v3
with:
comment-id: ${{ github.event.comment.id }}
reactions: '+1'

- id: get-branch
if: "${{ steps.perms.outputs.allowed }}"
name: Get PR branch
run: echo "branch=$(gh pr view $PR_NO --repo $REPO --json headRefName --jq '.headRefName')" >> "$GITHUB_OUTPUT"
env:
REPO: ${{ github.repository }}
PR_NO: ${{ github.event.issue.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Checkout PR
if: "${{ steps.perms.outputs.allowed }}"
uses: actions/checkout@v3
with:
ref: ${{ steps.get-branch.outputs.branch }}

- name: Update Nix Files
if: "${{ steps.perms.outputs.allowed }}"
run: nix develop --impure .#ci --command "update-nix-package-deps"

- name: Commit and Push changes
if: "${{ steps.perms.outputs.allowed }}"
shell: bash
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Configure git user
git config user.name "GitHub Actions"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
# Check if any changes were made
if [[ ! -z $(git status -s) ]]; then
git commit -a -F - <<EOF
nix: Update generated files
This commit was automatically generated by [this workflow run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
EOF
git push
gh pr comment ${{ github.event.issue.number }} -F - <<EOF
Successfully updated generated nix files! 🚀
Run triggered by @${{ github.event.sender.login }} (${{ github.event.comment.html_url }})
*This comment was written by a bot!* 🤖
EOF
else
gh pr comment ${{ github.event.issue.number }} -F - <<EOF
Generated files are up to date! 👌
Run triggered by @${{ github.event.sender.login }} (${{ github.event.comment.html_url }})
*This comment was written by a bot!* 🤖
EOF
fi

0 comments on commit a6ce7d1

Please sign in to comment.