wip: zen #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update Nix Hashes | |
| permissions: | |
| contents: write | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths: | |
| - "bun.lock" | |
| - "package.json" | |
| - "packages/*/package.json" | |
| pull_request: | |
| paths: | |
| - "bun.lock" | |
| - "package.json" | |
| - "packages/*/package.json" | |
| jobs: | |
| update-flake: | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
| runs-on: ubuntu-latest | |
| env: | |
| TITLE: flake.lock | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| ref: ${{ github.head_ref || github.ref_name }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} | |
| - name: Setup Nix | |
| uses: nixbuild/nix-quick-install-action@v34 | |
| - name: Configure git | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Github Action" | |
| - name: Update ${{ env.TITLE }} | |
| run: | | |
| set -euo pipefail | |
| echo "π¦ Updating $TITLE..." | |
| nix flake update | |
| echo "β $TITLE updated successfully" | |
| - name: Commit ${{ env.TITLE }} changes | |
| env: | |
| TARGET_BRANCH: ${{ github.head_ref || github.ref_name }} | |
| run: | | |
| set -euo pipefail | |
| echo "π Checking for changes in tracked files..." | |
| summarize() { | |
| local status="$1" | |
| { | |
| echo "### Nix $TITLE" | |
| echo "" | |
| echo "- ref: ${GITHUB_REF_NAME}" | |
| echo "- status: ${status}" | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| if [ -n "${GITHUB_SERVER_URL:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ] && [ -n "${GITHUB_RUN_ID:-}" ]; then | |
| echo "- run: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY" | |
| fi | |
| echo "" >> "$GITHUB_STEP_SUMMARY" | |
| } | |
| FILES=(flake.lock flake.nix) | |
| STATUS="$(git status --short -- "${FILES[@]}" || true)" | |
| if [ -z "$STATUS" ]; then | |
| echo "β No changes detected." | |
| summarize "no changes" | |
| exit 0 | |
| fi | |
| echo "π Changes detected:" | |
| echo "$STATUS" | |
| echo "π Staging files..." | |
| git add "${FILES[@]}" | |
| echo "πΎ Committing changes..." | |
| git commit -m "Update $TITLE" | |
| echo "β Changes committed" | |
| BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}" | |
| echo "π³ Pulling latest from branch: $BRANCH" | |
| git pull --rebase origin "$BRANCH" | |
| echo "π Pushing changes to branch: $BRANCH" | |
| git push origin HEAD:"$BRANCH" | |
| echo "β Changes pushed successfully" | |
| summarize "committed $(git rev-parse --short HEAD)" | |
| update-node-modules-hash: | |
| needs: update-flake | |
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - system: x86_64-linux | |
| host: ubuntu-latest | |
| - system: aarch64-linux | |
| host: ubuntu-22.04-arm | |
| - system: x86_64-darwin | |
| host: macos-15-intel | |
| - system: aarch64-darwin | |
| host: macos-latest | |
| runs-on: ${{ matrix.host }} | |
| env: | |
| SYSTEM: ${{ matrix.system }} | |
| TITLE: node_modules hash (${{ matrix.system }}) | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| fetch-depth: 0 | |
| ref: ${{ github.head_ref || github.ref_name }} | |
| repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} | |
| - name: Setup Nix | |
| uses: nixbuild/nix-quick-install-action@v34 | |
| - name: Configure git | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "Github Action" | |
| - name: Pull latest changes | |
| env: | |
| TARGET_BRANCH: ${{ github.head_ref || github.ref_name }} | |
| run: | | |
| BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}" | |
| git pull origin "$BRANCH" | |
| - name: Update ${{ env.TITLE }} | |
| run: | | |
| set -euo pipefail | |
| echo "π Updating $TITLE..." | |
| nix/scripts/update-hashes.sh | |
| echo "β $TITLE updated successfully" | |
| - name: Commit ${{ env.TITLE }} changes | |
| env: | |
| TARGET_BRANCH: ${{ github.head_ref || github.ref_name }} | |
| run: | | |
| set -euo pipefail | |
| echo "π Checking for changes in tracked files..." | |
| summarize() { | |
| local status="$1" | |
| { | |
| echo "### Nix $TITLE" | |
| echo "" | |
| echo "- ref: ${GITHUB_REF_NAME}" | |
| echo "- status: ${status}" | |
| } >> "$GITHUB_STEP_SUMMARY" | |
| if [ -n "${GITHUB_SERVER_URL:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ] && [ -n "${GITHUB_RUN_ID:-}" ]; then | |
| echo "- run: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY" | |
| fi | |
| echo "" >> "$GITHUB_STEP_SUMMARY" | |
| } | |
| FILES=(nix/hashes.json) | |
| STATUS="$(git status --short -- "${FILES[@]}" || true)" | |
| if [ -z "$STATUS" ]; then | |
| echo "β No changes detected." | |
| summarize "no changes" | |
| exit 0 | |
| fi | |
| echo "π Changes detected:" | |
| echo "$STATUS" | |
| echo "π Staging files..." | |
| git add "${FILES[@]}" | |
| echo "πΎ Committing changes..." | |
| git commit -m "Update $TITLE" | |
| echo "β Changes committed" | |
| BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}" | |
| echo "π³ Pulling latest from branch: $BRANCH" | |
| git pull --rebase origin "$BRANCH" | |
| echo "π Pushing changes to branch: $BRANCH" | |
| git push origin HEAD:"$BRANCH" | |
| echo "β Changes pushed successfully" | |
| summarize "committed $(git rev-parse --short HEAD)" |