name: "Update" on: workflow_dispatch: schedule: # chosen by fair dice rolling - cron: '40 * * * *' push: branches: - main concurrency: group: update cancel-in-progress: false jobs: update_nur: runs-on: ubuntu-latest # Don't trigger when the last push was done by a bot if: github.event_name != 'push' || !endsWith(github.actor, '[bot]') steps: - id: get_workflow_token uses: peter-murray/workflow-application-token-action@d17e3a9a36850ea89f35db16c1067dd2b68ee343 # v4.0.1 with: application_id: '${{ secrets.GH_APPLICATION_ID }}' application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}' permissions: "contents:write" revoke_token: true - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - uses: cachix/install-nix-action@17fe5fb4a23ad6cbbe47d6b3f359611ad276644c # v31 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | experimental-features = nix-command flakes - name: update nur / nur-combined run: ./ci/update-nur.sh env: API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' - name: rebase # TODO: fix upstream push-protected to retry when push fails run: | source ./ci/lib/setup-git.sh git fetch origin ${{ github.event.repository.default_branch }} git pull --rebase origin ${{ github.event.repository.default_branch }} env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} - uses: CasperWA/push-protected@74d25b8aa10e0c29024138735d32f3c0b75f9279 # v2 with: token: ${{ steps.get_workflow_token.outputs.token }} branch: ${{ github.event.repository.default_branch }} - name: Dispatch NUR-combined update uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 with: token: ${{ steps.get_workflow_token.outputs.token }} repository: nix-community/nur-combined event-type: nur_update - name: Dispatch NUR-search update uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3 with: token: ${{ steps.get_workflow_token.outputs.token }} repository: nix-community/nur-search event-type: nur_update