nix/6.NUR
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
6.NUR/.github/workflows/update.yml
Gavin John ad552a61df Use push-protected to use correct token
2025-02-13 15:20:04 -08:00

138 lines
4.5 KiB
YAML
Raw Blame History

name: "Update"
on:
workflow_dispatch:
schedule:
# chosen by fair dice rolling
- cron: '40 * * * *'
push:
branches:
- master
concurrency:
group: update
cancel-in-progress: false
jobs:
update_nur:
runs-on: ubuntu-latest
# Don't trigger when the last push was done by a bot
if: github.event_name != 'push' || !endsWith(github.actor, '[bot]')
steps:
- id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v4.0.1
with:
application_id: '${{ secrets.GH_APPLICATION_ID }}'
application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}'
permissions: "contents:write"
revoke_token: true
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
experimental-features = nix-command flakes
- name: update nur / nur-combined
run: ./ci/update-nur.sh
env:
API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}'
- name: rebase # TODO: fix upstream push-protected to retry when push fails
run: |
source ./ci/lib/setup-git.sh
git fetch origin master
git pull --rebase origin master
env:
GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
- uses: CasperWA/push-protected@v2
with:
token: ${{ steps.get_workflow_token.outputs.token }}
branch: master
update_combined:
runs-on: ubuntu-latest
needs: update_nur
steps:
- id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v4.0.1
with:
application_id: '${{ secrets.GH_APPLICATION_ID }}'
application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}'
permissions: "contents:write"
revoke_token: true
- uses: actions/checkout@v4
with:
repository: nix-community/NUR
fetch-depth: '0'
- uses: actions/checkout@v4
with:
repository: nix-community/nur-combined
fetch-depth: '0'
path: nur-combined
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
experimental-features = nix-command flakes
- name: update nur-combined
run: ./ci/update-nur-combined.sh
env:
API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}'
- name: rebase
run: |
source ./ci/lib/setup-git.sh
git -C $GITHUB_WORKSPACE/nur-combined fetch origin master
git -C $GITHUB_WORKSPACE/nur-combined pull --rebase origin master
env:
GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
- uses: CasperWA/push-protected@v2
with:
token: ${{ steps.get_workflow_token.outputs.token }}
branch: master
path: './nur-combined'
update_search:
runs-on: ubuntu-latest
needs: update_nur
steps:
- id: get_workflow_token
uses: peter-murray/workflow-application-token-action@v4.0.1
with:
application_id: '${{ secrets.GH_APPLICATION_ID }}'
application_private_key: '${{ secrets.GH_APPLICATION_PRIVATE_KEY }}'
permissions: "contents:write"
revoke_token: true
- uses: actions/checkout@v4
with:
repository: nix-community/NUR
fetch-depth: '0'
- uses: actions/checkout@v4
with:
repository: nix-community/nur-combined
fetch-depth: '0'
submodules: 'recursive'
path: nur-combined
- uses: actions/checkout@v4
with:
repository: nix-community/nur-search
fetch-depth: '0'
path: nur-search
- uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixos-unstable
extra_nix_config: |
experimental-features = nix-command flakes
- name: update nur-search/data/packages.json
run: ./ci/update-nur-search.sh
env:
API_TOKEN_GITHUB: '${{ steps.get_workflow_token.outputs.token }}'
- name: rebase
run: |
source ./ci/lib/setup-git.sh
git -C $GITHUB_WORKSPACE/nur-search fetch origin master
git -C $GITHUB_WORKSPACE/nur-search pull --rebase origin master
env:
GITHUB_TOKEN: ${{ steps.get_workflow_token.outputs.token }}
- uses: CasperWA/push-protected@v2
with:
token: ${{ steps.get_workflow_token.outputs.token }}
branch: master
path: './nur-search'
Reference in a new issue View git blame Copy permalink