diff --git a/.forgejo/workflows/check.yml b/.forgejo/workflows/check.yml index ee386bf..ab33bfa 100644 --- a/.forgejo/workflows/check.yml +++ b/.forgejo/workflows/check.yml @@ -3,12 +3,12 @@ jobs: check: runs-on: nixos steps: - - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://git.salame.cl/actions/checkout@v4 - run: nix --version - run: nix flake check --keep-going --verbose --print-build-logs build: runs-on: nixos steps: - - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://git.salame.cl/actions/checkout@v4 - run: nix --version - run: nix build --print-build-logs .# diff --git a/.forgejo/workflows/update.yml b/.forgejo/workflows/update.yml new file mode 100644 index 0000000..aad6c30 --- /dev/null +++ b/.forgejo/workflows/update.yml @@ -0,0 +1,62 @@ +on: + workflow_dispatch: + schedule: + # 03:42 on Saturdays + - cron: '42 3 * * 6' +env: + PR_TITLE: Weekly `cargo update` of dependencies + PR_MESSAGE: | + Automation to keep dependencies in `Cargo.lock` current. + + The following is the output from `cargo update`: + COMMIT_MESSAGE: "chore: cargo update \n\n" +jobs: + update-cargo: + runs-on: nixos + env: + BRANCH_NAME: cargo-update + steps: + - uses: https://git.salame.cl/actions/checkout@v4 + - run: nix --version + - run: nix run .#cargo-update + - name: craft PR body and commit message + run: | + set -euo pipefail + + echo "${COMMIT_MESSAGE}" > commit.txt + cat cargo_update.log >> commit.txt + + echo "${PR_MESSAGE}" > body.md + echo '```txt' >> body.md + cat cargo_update.log >> body.md + echo '```' >> body.md + - name: commit + run: | + set -euo pipefail + + git config user.name forgejo-actions + git config user.email forgejo-actions@salame.cl + git switch --force-create "$BRANCH_NAME" + git add ./Cargo.lock + DIFF="$(git diff --staged)" + if [[ "$DIFF" == "" ]]; then + echo >2 "Cargo.lock was not changed, bailing out and not making a PR" + exit 1 + fi + git commit --no-verify --file=commit.txt + - name: push + run: | + set -euo pipefail + git push --no-verify --force --set-upstream origin "$BRANCH_NAME" + - name: open new pull request + env: + # We have to use a Personal Access Token (PAT) here. + # PRs opened from a workflow using the standard `GITHUB_TOKEN` in GitHub Actions + # do not automatically trigger more workflows: + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow + # GITHUB_TOKEN: ${{ secrets.DEPS_UPDATER_GITHUB_TOKEN }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + set -euo pipefail + tea login add --name "forgejo-actions" --token "$GITHUB_TOKEN" + tea pr create --title "${PR_TITLE}" --description "$(cat body.md)" --repo "$GITHUB_REPOSITORY" diff --git a/flake.nix b/flake.nix index d78eb96..5f271d0 100644 --- a/flake.nix +++ b/flake.nix @@ -45,18 +45,26 @@ packages = forEachSupportedSystem ( system: let - webnsupdate = nixpkgs.legacyPackages.${system}.callPackage ./default.nix { }; + pkgs = nixpkgs.legacyPackages.${system}; + webnsupdate = pkgs.callPackage ./default.nix { }; in { inherit webnsupdate; default = webnsupdate; - + cargo-update = pkgs.writeShellApplication { + name = "cargo-update-lockfile"; + runtimeInputs = with pkgs; [ + cargo + gnused + ]; + text = '' + CARGO_TERM_COLOR=never cargo update 2>&1 | sed '/crates.io index/d' | tee -a cargo_update.log + ''; + }; } ); - overlays.default = final: prev: { - webnsupdate = final.callPackage ./default.nix { }; - }; + overlays.default = final: prev: { webnsupdate = final.callPackage ./default.nix { }; }; nixosModules.default = ./module.nix;