name: "Update" on: workflow_dispatch: schedule: # chosen by fair dice rolling - cron: '40 * * * *' push: branches: - main concurrency: group: update cancel-in-progress: false jobs: update_nur: runs-on: ubuntu-latest # Don't trigger when the last push was done by a bot if: github.event_name != 'push' || !endsWith(github.actor, '[bot]') steps: - id: get_workflow_token uses: peter-murray/workflow-application-token-action@d17e3a9a36850ea89f35db16c1067dd2b68ee343 # v4.0.1 with: application_id: '${{ secrets.GH_APPLICATION_ID }}' application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}' permissions: "contents:write" revoke_token: true - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 - uses: cachix/install-nix-action@fd24c48048070c1be9acd18c9d369a83f0fe94d7 # v31 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | experimental-features = nix-command flakes - name: update nur / nur-combined run: ./ci/update-nur.sh env: API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' - name: rebase # TODO: fix upstream push-protected to retry when push fails run: | source ./ci/lib/setup-git.sh git fetch origin ${{ github.event.repository.default_branch }} git pull --rebase origin ${{ github.event.repository.default_branch }} env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} - uses: CasperWA/push-protected@74d25b8aa10e0c29024138735d32f3c0b75f9279 # v2 with: token: ${{ steps.get_workflow_token.outputs.token }} branch: ${{ github.event.repository.default_branch }} - name: Dispatch NUR-combined update uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4 with: token: ${{ steps.get_workflow_token.outputs.token }} repository: nix-community/nur-combined event-type: nur_update - name: Dispatch NUR-search update uses: peter-evans/repository-dispatch@5fc4efd1a4797ddb68ffd0714a238564e4cc0e6f # v4 with: token: ${{ steps.get_workflow_token.outputs.token }} repository: nix-community/nur-search event-type: nur_update