name: "Update" on: workflow_dispatch: schedule: # chosen by fair dice rolling - cron: '40 * * * *' push: branches: - master concurrency: group: update cancel-in-progress: false jobs: update_nur: runs-on: ubuntu-latest # Don't trigger when the last push was done by a bot if: github.event_name != 'push' || !endsWith(github.actor, '[bot]') steps: - id: get_workflow_token uses: peter-murray/workflow-application-token-action@v4.0.1 with: application_id: '${{ secrets.GH_APPLICATION_ID }}' application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}' permissions: "contents:write" revoke_token: true - uses: actions/checkout@v4 with: fetch-depth: '0' - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | experimental-features = nix-command flakes - name: update nur / nur-combined run: ./ci/update-nur.sh env: API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' - name: rebase # TODO: fix upstream push-protected to retry when push fails run: | source ./ci/lib/setup-git.sh git fetch origin master git pull --rebase origin master env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} - uses: CasperWA/push-protected@v2 with: token: ${{ steps.get_workflow_token.outputs.token }} branch: master update_combined: runs-on: ubuntu-latest needs: update_nur steps: - id: get_workflow_token uses: peter-murray/workflow-application-token-action@v4.0.1 with: application_id: '${{ secrets.GH_APPLICATION_ID }}' application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}' permissions: "contents:write" revoke_token: true - uses: actions/checkout@v4 with: repository: nix-community/NUR fetch-depth: '0' - uses: actions/checkout@v4 with: repository: nix-community/nur-combined fetch-depth: '0' path: nur-combined - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | experimental-features = nix-command flakes - name: update nur-combined run: ./ci/update-nur-combined.sh env: API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' - name: rebase run: | source ./ci/lib/setup-git.sh git -C $GITHUB_WORKSPACE/nur-combined fetch origin master git -C $GITHUB_WORKSPACE/nur-combined pull --rebase origin master env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} - uses: ad-m/github-push-action@v0.8.0 with: directory: "./nur-combined" repository: nix-community/nur-combined github_token: ${{ secrets.API_TOKEN_GITHUB }} branch: master update_search: runs-on: ubuntu-latest needs: update_nur steps: - id: get_workflow_token uses: peter-murray/workflow-application-token-action@v4.0.1 with: application_id: '${{ secrets.GH_APPLICATION_ID }}' application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}' permissions: "contents:write" revoke_token: true - uses: actions/checkout@v4 with: repository: nix-community/NUR fetch-depth: '0' - uses: actions/checkout@v4 with: repository: nix-community/nur-combined fetch-depth: '0' submodules: 'recursive' path: nur-combined - uses: actions/checkout@v4 with: repository: nix-community/nur-search fetch-depth: '0' path: nur-search - uses: cachix/install-nix-action@v30 with: nix_path: nixpkgs=channel:nixos-unstable extra_nix_config: | experimental-features = nix-command flakes - name: update nur-search/data/packages.json run: ./ci/update-nur-search.sh env: API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}' - name: rebase run: | source ./ci/lib/setup-git.sh git -C $GITHUB_WORKSPACE/nur-search fetch origin master git -C $GITHUB_WORKSPACE/nur-search pull --rebase origin master env: GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }} - uses: ad-m/github-push-action@v0.8.0 with: directory: "./nur-search" repository: nix-community/nur-search github_token: ${{ secrets.API_TOKEN_GITHUB }} branch: master