|
| 1 | +name: Weekly Dependency Updates |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + schedule: |
| 6 | + # 8 PM UTC every Friday |
| 7 | + - cron: '0 20 * * 5' |
| 8 | + |
| 9 | +jobs: |
| 10 | + update-dependencies: |
| 11 | + runs-on: ubuntu-latest |
| 12 | + steps: |
| 13 | + - name: Checkout repository |
| 14 | + uses: actions/checkout@v4 |
| 15 | + |
| 16 | + - name: Install Nix |
| 17 | + uses: DeterminateSystems/nix-installer-action@main |
| 18 | + |
| 19 | + - name: Set up Git |
| 20 | + run: | |
| 21 | + git config user.name "GitHub Actions Bot" |
| 22 | + git config user.email "[email protected]" |
| 23 | +
|
| 24 | + - name: Create branch for updates |
| 25 | + run: | |
| 26 | + DATE=$(date +%Y-%m-%d) |
| 27 | + BRANCH_NAME="update/dependencies-$DATE" |
| 28 | + git checkout -b $BRANCH_NAME |
| 29 | + echo "BRANCH_NAME=$BRANCH_NAME" >> $GITHUB_ENV |
| 30 | +
|
| 31 | + - name: Update npins |
| 32 | + run: npins update |
| 33 | + |
| 34 | + # Only update npins. mnw might break on update, better to track it manually to avoid |
| 35 | + # unexpected breakage. |
| 36 | + - name: Update nixpkgs |
| 37 | + run: nix flake update nixpkgs |
| 38 | + |
| 39 | + - name: Check for changes |
| 40 | + id: check_changes |
| 41 | + run: | |
| 42 | + if git diff --quiet; then |
| 43 | + echo "No changes detected" |
| 44 | + echo "changes_detected=false" >> "$GITHUB_OUTPUT" |
| 45 | + exit 0 |
| 46 | + else |
| 47 | + echo "Changes detected" |
| 48 | + echo "changes_detected=true" >> "$GITHUB_OUTPUT" |
| 49 | + fi |
| 50 | +
|
| 51 | + - name: Verify changes |
| 52 | + if: steps.check_changes.outputs.changes_detected == 'true' |
| 53 | + run: | |
| 54 | + # Run verification tests to ensure updates don't break anything |
| 55 | + nix flake check |
| 56 | +
|
| 57 | + # Worth adding additional checks for, e.g., fragile plugins |
| 58 | + # or modules |
| 59 | + # nix build .#checks.<system>.check-name |
| 60 | +
|
| 61 | + - name: Set date variable |
| 62 | + run: echo "DATE=$(date +%Y-%m-%d)" >> "$GITHUB_ENV" |
| 63 | + |
| 64 | + - name: Commit and push changes |
| 65 | + if: steps.check_changes.outputs.changes_detected == 'true' |
| 66 | + run: | |
| 67 | + git add . |
| 68 | + git commit -m "pins: bump all plugins (${{ env.DATE }})" |
| 69 | + git push -u origin $BRANCH_NAME |
| 70 | +
|
| 71 | + - name: Create Pull Request |
| 72 | + if: steps.check_changes.outputs.changes_detected == 'true' |
| 73 | + uses: peter-evans/create-pull-request@v7 |
| 74 | + with: |
| 75 | + branch: ${{ env.BRANCH_NAME }} |
| 76 | + base: main |
| 77 | + labels: dependencies,automated pr |
| 78 | + token: ${{ secrets.GITHUB_TOKEN }} |
| 79 | + commit-message: "npins: bump all plugins (${{ env.DATE }})" |
| 80 | + title: "Weekly Dependency Updates: ${{ env.DATE }}" |
| 81 | + body: | |
| 82 | + This PR was automatically generated by the **Weekly Dependency Updates** workflow. Please wait |
| 83 | + for all checks to pass before merging. |
| 84 | +
|
| 85 | + Updates: |
| 86 | + - Updated dependencies using `npins update` |
| 87 | + - Updated nixpkgs using `nix flake update nixpkgs` |
| 88 | +
|
| 89 | + The verification steps have passed, updates should be safe to merge. |
0 commit comments