name: Nix Flake Update on: schedule: - cron: '0 0 * * *' # Run daily at midnight UTC workflow_dispatch: # Allow manual trigger env: BRANCH_NAME: auto-update-flake-${{ github.run_number }} HYDRA_INSTANCE: https://hydra.zoeys.computer HYDRA_PROJECT: config HYDRA_JOBSET: pr-${{ github.run_number }} jobs: check-existing-pr: runs-on: ubuntu-latest outputs: pr_exists: ${{ steps.check-pr.outputs.pr_exists }} pr_number: ${{ steps.check-pr.outputs.pr_number }} steps: - name: Check for existing PR id: check-pr env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | existing_pr=$(gh pr list --repo ${{ github.repository }} --head "auto-update-flake-" --state open --json number --jq '.[0].number') if [ -n "$existing_pr" ]; then echo "pr_exists=true" >> $GITHUB_OUTPUT echo "pr_number=$existing_pr" >> $GITHUB_OUTPUT else echo "pr_exists=false" >> $GITHUB_OUTPUT fi update-flake: needs: check-existing-pr if: needs.check-existing-pr.outputs.pr_exists == 'false' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: fetch-depth: 0 - name: Install Nix uses: cachix/install-nix-action@v30 - name: Update flake dependencies id: update-flake run: | git config user.name github-actions git config user.email github-actions@github.com nix flake update --accept-flake-config git diff if [[ -n $(git status -s) ]]; then echo "CHANGED=true" >> $GITHUB_OUTPUT else echo "CHANGED=false" >> $GITHUB_OUTPUT echo "No changes detected." fi - name: Create branch and commit changes if: steps.update-flake.outputs.CHANGED == 'true' run: | git checkout -b ${{ env.BRANCH_NAME }} git add . git commit -m "chore: update flake dependencies" git push -u origin ${{ env.BRANCH_NAME }} - name: Create Pull Request if: steps.update-flake.outputs.CHANGED == 'true' id: create-pr env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr create --title "Auto-update Nix flake dependencies" \ --body "This PR updates the Nix flake dependencies." \ --base main \ --head ${{ env.BRANCH_NAME }} - name: Trigger Hydra build if: steps.update-flake.outputs.CHANGED == 'true' uses: ./.github/actions/trigger-hydra-build with: hydra_instance: ${{ env.HYDRA_INSTANCE }} hydra_project: ${{ env.HYDRA_PROJECT }} hydra_jobset: ${{ env.HYDRA_JOBSET }} hydra_username: ${{ secrets.HYDRA_USERNAME }} hydra_password: ${{ secrets.HYDRA_PASSWORD }} - name: Wait for Hydra build if: steps.update-flake.outputs.CHANGED == 'true' id: wait-for-build uses: ./.github/actions/wait-for-hydra-build with: hydra_instance: ${{ env.HYDRA_INSTANCE }} hydra_project: ${{ env.HYDRA_PROJECT }} hydra_jobset: ${{ env.HYDRA_JOBSET }} hydra_username: ${{ secrets.HYDRA_USERNAME }} hydra_password: ${{ secrets.HYDRA_PASSWORD }} - name: Merge PR if build succeeds if: steps.update-flake.outputs.CHANGED == 'true' && steps.wait-for-build.outputs.BUILD_SUCCESS == 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr merge ${{ steps.create-pr.outputs.pr_number }} --merge - name: Exit if build fails if: steps.update-flake.outputs.CHANGED == 'true' && steps.wait-for-build.outputs.BUILD_SUCCESS != 'true' run: exit 1 retry-update: needs: check-existing-pr if: needs.check-existing-pr.outputs.pr_exists == 'true' runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v3 with: fetch-depth: 0 - name: Install Nix uses: cachix/install-nix-action@v30 - name: Checkout PR branch run: | pr_number="${{ needs.check-existing-pr.outputs.pr_number }}" branch_name=$(gh pr view $pr_number --json headRefName -q .headRefName) git checkout $branch_name env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update flake dependencies id: update-flake run: | git config user.name github-actions git config user.email github-actions@github.com nix flake update --accept-flake-config git diff if [[ -n $(git status -s) ]]; then echo "CHANGED=true" >> $GITHUB_OUTPUT git add . git commit -m "Auto-update flake dependencies (retry)" git push origin HEAD else echo "CHANGED=false" >> $GITHUB_OUTPUT echo "No changes detected." fi - name: Trigger Hydra build if: steps.update-flake.outputs.CHANGED == 'true' uses: ./.github/actions/trigger-hydra-build with: hydra_instance: ${{ env.HYDRA_INSTANCE }} hydra_project: ${{ env.HYDRA_PROJECT }} hydra_jobset: ${{ env.HYDRA_JOBSET }} hydra_username: ${{ secrets.HYDRA_USERNAME }} hydra_password: ${{ secrets.HYDRA_PASSWORD }} - name: Wait for Hydra build if: steps.update-flake.outputs.CHANGED == 'true' id: wait-for-build uses: ./.github/actions/wait-for-hydra-build with: hydra_instance: ${{ env.HYDRA_INSTANCE }} hydra_project: ${{ env.HYDRA_PROJECT }} hydra_jobset: ${{ env.HYDRA_JOBSET }} hydra_username: ${{ secrets.HYDRA_USERNAME }} hydra_password: ${{ secrets.HYDRA_PASSWORD }} - name: Merge PR if build succeeds if: steps.update-flake.outputs.CHANGED == 'true' && steps.wait-for-build.outputs.BUILD_SUCCESS == 'true' env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh pr merge ${{ needs.check-existing-pr.outputs.pr_number }} --merge - name: Exit if build fails if: steps.update-flake.outputs.CHANGED == 'true' && steps.wait-for-build.outputs.BUILD_SUCCESS != 'true' run: exit 1