feat ✨: add updatecli

Signed-off-by: Victor Hang <[email protected]>

.github/workflows/updatecli-ci.yaml

@@ -0,0 +1,32 @@
+name: Updatecli
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 */6 * * *' # every 6 hours
+permissions:
+  contents: 'write'
+  pull-requests: 'write'
+jobs:
+  updatecli:
+    runs-on: 'ubuntu-latest'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Install Updatecli in the runner
+        uses: updatecli/updatecli-action@v2
+      - name: Get Nixpkgs revision for nixfmt
+        run: |
+          # This should not be a URL, because it would allow PRs to run arbitrary code in CI!
+          url=$(jq -r .pins.nixpkgs.url npins/sources.json)
+          echo "url=$url" >> "$GITHUB_ENV"
+      - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+        with:
+          nix_path: nixpkgs=${{ env.url }}
+          extra_nix_config: |
+            trusted-public-keys = didactiklabs-nixcache:PxLKN0+ZkP07M8g8/B6xbP6A4MYpqQg6LH7V3muiy/0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+            extra-substituters = https://s3.didactiklabs.io/nix-cache https://cache.nixos.org/
+      - name: Run Updatecli in apply mode
+        run: 'updatecli apply --config ./updatecli/updatecli.d --values updatecli/values.yaml'
+        env:
+          UPDATECLI_GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'
+          GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}'

updatecli/updatecli.d/nixpkgs-master.yaml

@@ -0,0 +1,52 @@
+# manifest.yaml
+name: Nixpkgs master Update
+scms:
+  default:
+    kind: 'github'
+    spec:
+      email: '[email protected]'
+      owner: 'didactiklabs'
+      repository: 'nixbook'
+      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      branch: 'main'
+# Defines how to get "source" information such as Jenkins version
+sources:
+  default:
+    name: Get value from json
+    scmid: 'default'
+    kind: json
+    spec:
+      file: npins/sources.json
+      key: pins.nixpkgs-master.revision
+# Defines "conditions" required to update targets
+conditions:
+  default:
+    name: Check if revision is the same
+    scmid: 'default'
+    kind: shell
+    spec:
+      environments:
+        - name: PATH
+      command: test $(git ls-remote https://github.com/NixOS/nixpkgs master | head -n 1 | awk '{print $1}') !=
+# Defines "targets" which need to be updated if different than "source" information.
+targets:
+  default:
+    name: npins nixpkgs-master update
+    kind: shell
+    scmid: 'default'
+    spec:
+      environments:
+        - name: PATH
+        - name: NIX_PATH
+      command: nix-shell -p npins --command "npins update nixpkgs-master" && echo
+# Define action configurations if one needs to be created
+actions:
+  default:
+    kind: 'github/pullrequest'
+    scmid: 'default'
+    spec:
+      automerge: false
+      description: 'Update Nixpkgs Master using npins.'
+      draft: false
+      title: 'UPDATECLI: Update Nixpkgs Master'

updatecli/updatecli.d/nixpkgs-unstable.yaml

@@ -0,0 +1,52 @@
+# manifest.yaml
+name: Nixpkgs Unstable Update
+scms:
+  default:
+    kind: 'github'
+    spec:
+      email: '[email protected]'
+      owner: 'didactiklabs'
+      repository: 'nixbook'
+      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      branch: 'main'
+# Defines how to get "source" information such as Jenkins version
+sources:
+  default:
+    name: Get value from json
+    scmid: 'default'
+    kind: json
+    spec:
+      file: npins/sources.json
+      key: pins.nixpkgs-unstable.revision
+# Defines "conditions" required to update targets
+conditions:
+  default:
+    name: Check if revision is the same
+    scmid: 'default'
+    kind: shell
+    spec:
+      environments:
+        - name: PATH
+      command: test $(git ls-remote https://github.com/NixOS/nixpkgs nixos-unstable | head -n 1 | awk '{print $1}') !=
+# Defines "targets" which need to be updated if different than "source" information.
+targets:
+  default:
+    name: NpinsUpdate
+    kind: shell
+    scmid: 'default'
+    spec:
+      environments:
+        - name: PATH
+        - name: NIX_PATH
+      command: nix-shell -p npins --command "npins update nixpkgs-unstable" && echo
+# Define action configurations if one needs to be created
+actions:
+  default:
+    kind: 'github/pullrequest'
+    scmid: 'default'
+    spec:
+      automerge: false
+      description: 'Update Nixpkgs Unstable using npins.'
+      draft: false
+      title: 'UPDATECLI: Update Nixpkgs Unstable'

updatecli/updatecli.d/nixpkgs.yaml

@@ -0,0 +1,52 @@
+# manifest.yaml
+name: Nixpkgs Update
+scms:
+  default:
+    kind: 'github'
+    spec:
+      email: '[email protected]'
+      owner: 'didactiklabs'
+      repository: 'nixbook'
+      token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}'
+      username: '{{ requiredEnv "GITHUB_ACTOR" }}'
+      branch: 'main'
+# Defines how to get "source" information such as Jenkins version
+sources:
+  default:
+    name: Get value from json
+    scmid: 'default'
+    kind: json
+    spec:
+      file: npins/sources.json
+      key: pins.nixpkgs.revision
+# Defines "conditions" required to update targets
+conditions:
+  default:
+    name: Check if revision is the same
+    scmid: 'default'
+    kind: shell
+    spec:
+      environments:
+        - name: PATH
+      command: test $(git ls-remote https://github.com/NixOS/nixpkgs nixos-24.11 | head -n 1 | awk '{print $1}') !=
+# Defines "targets" which need to be updated if different than "source" information.
+targets:
+  default:
+    name: NpinsUpdate
+    kind: shell
+    scmid: 'default'
+    spec:
+      environments:
+        - name: PATH
+        - name: NIX_PATH
+      command: nix-shell -p npins --command "npins update nixpkgs" && echo
+# Define action configurations if one needs to be created
+actions:
+  default:
+    kind: 'github/pullrequest'
+    scmid: 'default'
+    spec:
+      automerge: false
+      description: 'Update Nixpkgs Master npins.'
+      draft: false
+      title: 'UPDATECLI: Update Nixpkgs'

updatecli/values.yaml

@@ -0,0 +1,5 @@
+github:
+  user: 'GitHub Actions Bot'
+  email: '[email protected]'
+  username: 'didactik-bot'
+  token: 'UPDATECLI_GITHUB_TOKEN'