Use reuseable action for flake update actions (#42)

Reviewed-on: https://codeberg.org/tmayoff/.dotfiles/pulls/42 Co-authored-by: Tyler Mayoff <tyler@tylermayoff.com> Co-committed-by: Tyler Mayoff <tyler@tylermayoff.com>
2025-12-06 08:48:34 -05:00 · 2025-10-10 04:21:08 +02:00 · 2025-10-10 04:21:08 +02:00 · 44ad567b17
commit 44ad567b17
parent e93090ba51
3 changed files with 105 additions and 60 deletions
--- a/.forgejo/actions/flake-update/action.yml
+++ b/.forgejo/actions/flake-update/action.yml
@ -0,0 +1,54 @@
+name: "Flake lock updater"
+description: "Updates the flake lock file"
+inputs:
+  flake_path:
+    description: "Relative path to the flake.nix file"
+    default: './'
+    required: false
+  token:
+    description: "Authentication token"
+    default: ""
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Update flake.lock
+      id: update
+      shell: bash
+      run: |
+        nix flake update --flake ${{ inputs.flake_path }} 2> >(tee /dev/stderr) | awk '
+          /^• Updated input/ {in_update = 1; print; next}
+          in_update && !/^warning:/ {print}
+          /^$/ {in_update = 0}
+        ' > update.log
+
+        echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
+        cat update.log >> $GITHUB_ENV 
+        echo "EOF" >> $GITHUB_ENV
+
+        rm update.log
+
+    - name: Create PR
+      shell: bash
+      run: |
+        BRANCH="update-flake-lock"
+
+        git fetch origin
+        git checkout main
+
+        if git show-ref --verify --quiet refs/heads/$BRANCH; then
+          git checkout $BRANCH
+          git reset --hard origin/main
+        else
+          git checkout -b $BRANCH origin/main
+        fi
+
+        git checkout -B update-flake-lock
+        git add ${{ inputs.flake_path }}/flake.lock
+        git config user.name "${{ env.GITHUB_ACTOR }}"
+        git config user.email "tyler@mayoff.ca"
+        git commit -m "updated lockfile"
+        git push origin update-flake-lock
+        nix run nixpkgs#forgejo-cli -- auth add-key ${{ env.GITHUB_ACTOR }} ${{ inputs.token }}
+        nix run nixpkgs#forgejo-cli -- pr create "automated: Update flake.lock" --body "body tests" --head update-flake-lock  || echo "PR may already exist"
--- a/.forgejo/workflows/flake-updater.yml
+++ b/.forgejo/workflows/flake-updater.yml
@ -2,7 +2,7 @@ name: Update `flake.lock`
 on:
  workflow_dispatch:
  schedule:
-    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+    - cron: '0 0 * * 5' # runs weekly on Friday at 00:00

 jobs:
  update_lockfile:
@ -15,71 +15,62 @@ jobs:
      - name: Setup Action cache for nix
        uses: https://github.com/DeterminateSystems/magic-nix-cache-action@main

-      - name: Update flake.lock
-        id: update
-        run: |
-          nix flake update 2> >(tee /dev/stderr) | awk '
-            /^• Updated input/ {in_update = 1; print; next}
-            in_update && !/^warning:/ {print}
-            /^$/ {in_update = 0}
-          ' > update.log
-
-          echo "UPDATE_LOG<<EOF" >> $GITHUB_ENV
-          cat update.log >> $GITHUB_ENV 
-          echo "EOF" >> $GITHUB_ENV
-
-          rm update.log
-
-      - name: Write PR body template
-        uses: https://github.com/DamianReeves/write-file-action@v1.3
+      - name: Update flake inputs
+        uses: ./.forgejo/actions/flake-update
        with:
-          path: pr_body.template
-          contents: |
-            - The following Nix Flake inputs were updated:
+          flake_path: "./dot_config/flake"
+          token: ${{ secrets.FLAKE_PR_TOKEN }}

-            ```
-            ${{ env.UPDATE_LOG }}
-            ```
+      # - name: Write PR body template
+      #   uses: https://github.com/DamianReeves/write-file-action@v1.3
+      #   with:
+      #     path: pr_body.template
+      #     contents: |
+      #       - The following Nix Flake inputs were updated:

-            Auto-generated by [update.yml][1] with the help of
-            [create-pull-request][2].
+      #       ```
+      #       ${{ env.UPDATE_LOG }}
+      #       ```

-            [1]: https://forgejo.stefka.eu/jiriks74/nix.nvim/src/branch/main/.github/workflows/update.yml
-            [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request
+      #       Auto-generated by [update.yml][1] with the help of
+      #       [create-pull-request][2].

-      - name: Generate PR body
-        uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
-        with:
-          files: "pr_body.template"
-          output-filename: "pr_body.md"
-      - name: Save PR body
-        id: pr_body
-        uses: juliangruber/read-file-action@v1
-        with:
-          path: "pr_body.md"
+      #       [1]: https://forgejo.stefka.eu/jiriks74/nix.nvim/src/branch/main/.github/workflows/update.yml
+      #       [2]: https://forgejo.stefka.eu/jiriks74/create-pull-request

-      - name: Remove temporary files
-        run: |
-          rm pr_body.template
-          rm pr_body.md
+      # - name: Generate PR body
+      #   uses: pedrolamas/handlebars-action@v2.4.0 # v2.4.0
+      #   with:
+      #     files: "pr_body.template"
+      #     output-filename: "pr_body.md"
+      # - name: Save PR body
+      #   id: pr_body
+      #   uses: juliangruber/read-file-action@v1
+      #   with:
+      #     path: "pr_body.md"

-      - name: Create Pull Request
-        id: create-pull-request
-        uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@2c60f3517609825873003cde0d4367c6cc2cd74c
-        with:
-          token: ${{ secrets.FORGEJO_TOKEN_FOR_UPDATES  }}
-          body: ${{ steps.pr_body.outputs.content }}
-          author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
-          title: 'automated: Update `flake.lock`'
-          commit-message: |
-            automated: Update `flake.lock`
+      # - name: Remove temporary files
+      #   run: |
+      #     rm pr_body.template
+      #     rm pr_body.md

-            ${{ steps.pr_body.outputs.content }}
+      # - name: Create Pull Request
+      #   id: create-pull-request
+      #   uses: https://forgejo.stefka.eu/jiriks74/create-pull-request@2c60f3517609825873003cde0d4367c6cc2cd74c
+      #   with:
+      #     token: ${{ secrets.FORGEJO_TOKEN_FOR_UPDATES  }}
+      #     body: ${{ steps.pr_body.outputs.content }}
+      #     author: '"github-actions[bot]" <github-actions[bot]@users.noreply.github.com>'
+      #     title: 'automated: Update `flake.lock`'
+      #     commit-message: |
+      #       automated: Update `flake.lock`

-          branch: update-flake-lock
-          delete-branch: true
+      #       ${{ steps.pr_body.outputs.content }}

-      - name: Print PR number
-        run: |
-          echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
-          echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
+      #     branch: update-flake-lock
+      #     delete-branch: true
+
+      # - name: Print PR number
+      #   run: |
+      #     echo "Pull request number is ${{ steps.create-pull-request.outputs.pull-request-number }}."
+      #     echo "Pull Request URL - ${{ steps.cpr.outputs.pull-request-url }}"
--- a/dot_config/flake/machines/wash/configuration.nix
+++ b/dot_config/flake/machines/wash/configuration.nix
@ -15,7 +15,7 @@
    # ../../modules/nixos/gnome.nix
    # ../../modules/nixos/android-studio.nix
    # ../../modules/nixos/docker.nix
-    # ../../modules/nixos/podman.nix
+    ../../modules/nixos/podman.nix
  ];

  nixpkgs = {