diff --git a/.github/workflows/check-nix-format.yml b/.github/workflows/check-nix-format.yml index 2d735ee9c..2265de9bf 100644 --- a/.github/workflows/check-nix-format.yml +++ b/.github/workflows/check-nix-format.yml @@ -6,6 +6,10 @@ name: Check that Nix files are formatted on: pull_request: types: [opened, synchronize, reopened] + push: + branches: + - master + - 'push-action/**' merge_group: permissions: contents: read diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 90516b7cd..decf3d16b 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -33,6 +33,47 @@ jobs: run: ./ci/update-nur.sh env: API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' + - uses: CasperWA/push-protected@v2 + with: + token: ${{ steps.get_workflow_token.outputs.token }} + branch: master + + update_combined: + runs-on: ubuntu-latest + needs: update_nur + steps: + - id: get_workflow_token + uses: peter-murray/workflow-application-token-action@v4.0.1 + with: + application_id: '${{ secrets.GH_APPLICATION_ID }}' + application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}' + permissions: "contents:write" + revoke_token: true + - uses: actions/checkout@v4 + with: + repository: nix-community/nur-combined + path: nur + - uses: actions/checkout@v4 + with: + repository: nix-community/nur-combined + path: nur-combined + - uses: cachix/install-nix-action@v30 + with: + nix_path: nixpkgs=channel:nixos-unstable + extra_nix_config: | + experimental-features = nix-command flakes + - name: update nur-combined + run: ./ci/update-nur-combined.sh + env: + API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' + - name: rebase and push + run: | + ./ci/lib/setup-git.sh + git -C $GITHUB_WORKSPACE/nur-combined pull --rebase origin master + git -C $GITHUB_WORKSPACE/nur-combined push origin HEAD:master + env: + GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} + update_search: runs-on: ubuntu-latest needs: update_nur diff --git a/ci/update-nur-combined.sh b/ci/update-nur-combined.sh new file mode 100644 index 000000000..98a8f5a28 --- /dev/null +++ b/ci/update-nur-combined.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env nix-shell +#!nix-shell -p git -p nix -p bash -i bash + +set -eu -o pipefail # Exit with nonzero exit code if anything fails + + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null && pwd )" + +source ${DIR}/lib/setup-git.sh +set -x + +cd ${DIR}/.. + +nix run "${DIR}#" -- combine nur-combined + +git -C nur-combined pull --rebase origin master +git -C nur-combined push origin HEAD:master diff --git a/ci/update-nur.sh b/ci/update-nur.sh index 87dae8954..9b9db1078 100755 --- a/ci/update-nur.sh +++ b/ci/update-nur.sh @@ -13,10 +13,6 @@ nix run "${DIR}#" -- update cd ${DIR}/.. -git clone \ - --single-branch \ - "https://$API_TOKEN_GITHUB@github.com/nix-community/nur-combined.git" - nix run "${DIR}#" -- combine nur-combined nix flake update nixpkgs @@ -26,10 +22,4 @@ if [[ -z "$(git diff --exit-code)" ]]; then else git add --all repos.json* flake.lock git commit -m "automatic update" - # in case we are getting overtaken by a different job - git pull --rebase origin master - git push "https://$API_TOKEN_GITHUB@github.com/nix-community/NUR" HEAD:master fi - -git -C nur-combined pull --rebase origin master -git -C nur-combined push origin HEAD:master