-
Notifications
You must be signed in to change notification settings - Fork 10
130 lines (108 loc) · 4.3 KB
/
update-flake.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: "Update Nix flake"
on:
schedule:
# Run on the first of every month
- cron: '0 0 1 * *'
workflow_dispatch:
jobs:
update:
name: Update flake.lock
runs-on: ubuntu-latest
steps:
- name: Install Doppler CLI
uses: dopplerhq/cli-action@v3
- name: Pass all secrets to next steps
run: |
while read -rd $'' line; do echo "$line" >> $GITHUB_ENV; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.key)<<EOF\n\(.value)\nEOF\u0000")[]' )
while read -r line; do echo "::add-mask::$line"; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.value)\u0000")[]' )
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Checkout repository
uses: actions/checkout@v4
- name: Update flake.lock
run: nix flake update
- name: Create diff
id: diff
run: |
git diff --oneline --graph > flake-update.diff
- name: Upload diff artifact
uses: actions/upload-artifact@v4
with:
name: "flake-update.diff"
path: "flake-update.diff"
build:
name: Build
needs: update
runs-on: ubuntu-latest
strategy:
matrix:
cachixName:
- ezkea
steps:
- name: Install Doppler CLI
uses: dopplerhq/cli-action@v3
- name: Pass all secrets to next steps
run: |
while read -rd $'' line; do echo "$line" >> $GITHUB_ENV; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.key)<<EOF\n\(.value)\nEOF\u0000")[]' )
while read -r line; do echo "::add-mask::$line"; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.value)\u0000")[]' )
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Nix
uses: cachix/install-nix-action@v30
- name: Install Cachix
uses: cachix/cachix-action@v15
with:
name: ${{ matrix.cachixName }}
authToken: '${{ env.CACHIX_AUTH_TOKEN }}'
- name: Download diff artifact
uses: actions/download-artifact@v4
with:
name: "flake-update.diff"
path: "flake-update.diff"
- name: Apply diff
run: git apply flake-update.diff/flake-update.diff
- name: Build
run: |
nix build --accept-flake-config -L ".#allLaunchers"
pr:
name: Make PR
needs: [update, build]
runs-on: ubuntu-latest
steps:
- name: Install Doppler CLI
uses: dopplerhq/cli-action@v3
- name: Pass all secrets to next steps
run: |
while read -rd $'' line; do echo "$line" >> $GITHUB_ENV; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.key)<<EOF\n\(.value)\nEOF\u0000")[]' )
while read -r line; do echo "::add-mask::$line"; done < <( doppler secrets download --no-file --format=json | jq "." | grep -v 'DOPPLER_\(CONFIG\|ENVIRONMENT\|PROJECT\)' | jq -r 'to_entries|map("\(.value)\u0000")[]' )
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Download diff artifact
uses: actions/download-artifact@v4
with:
name: "flake-update.diff"
path: "flake-update.diff"
- name: Apply diff
run: git apply flake-update.diff/flake-update.diff
- name: Create pull request
uses: peter-evans/create-pull-request@v7
with:
author: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
commit-message: "chore: update flake.lock"
title: "chore: update flake.lock"
body: |
Auto-generated by [create-pull-request][1]
[1]: https://github.com/peter-evans/create-pull-request
branch: "update-flake"