diff --git a/.github/workflows/updatecli-ci.yaml b/.github/workflows/updatecli-ci.yaml new file mode 100644 index 0000000..3ca1510 --- /dev/null +++ b/.github/workflows/updatecli-ci.yaml @@ -0,0 +1,32 @@ +name: Updatecli +on: + workflow_dispatch: + schedule: + - cron: '0 */6 * * *' # every 6 hours +permissions: + contents: 'write' + pull-requests: 'write' +jobs: + updatecli: + runs-on: 'ubuntu-latest' + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install Updatecli in the runner + uses: updatecli/updatecli-action@v2 + - name: Get Nixpkgs revision for nixfmt + run: | + # This should not be a URL, because it would allow PRs to run arbitrary code in CI! + url=$(jq -r .pins.nixpkgs.url npins/sources.json) + echo "url=$url" >> "$GITHUB_ENV" + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27 + with: + nix_path: nixpkgs=${{ env.url }} + extra_nix_config: | + trusted-public-keys = didactiklabs-nixcache:PxLKN0+ZkP07M8g8/B6xbP6A4MYpqQg6LH7V3muiy/0= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= + extra-substituters = https://s3.didactiklabs.io/nix-cache https://cache.nixos.org/ + - name: Run Updatecli in apply mode + run: 'updatecli apply --config ./updatecli/updatecli.d --values updatecli/values.yaml' + env: + UPDATECLI_GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' + GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' diff --git a/updatecli/updatecli.d/nixpkgs-master.yaml b/updatecli/updatecli.d/nixpkgs-master.yaml new file mode 100644 index 0000000..4e1fa66 --- /dev/null +++ b/updatecli/updatecli.d/nixpkgs-master.yaml @@ -0,0 +1,52 @@ +# manifest.yaml +name: Nixpkgs master Update +scms: + default: + kind: 'github' + spec: + email: 'updatecli@didactiklabs.io' + owner: 'didactiklabs' + repository: 'nixbook' + token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}' + username: '{{ requiredEnv "GITHUB_ACTOR" }}' + branch: 'main' +# Defines how to get "source" information such as Jenkins version +sources: + default: + name: Get value from json + scmid: 'default' + kind: json + spec: + file: npins/sources.json + key: pins.nixpkgs-master.revision +# Defines "conditions" required to update targets +conditions: + default: + name: Check if revision is the same + scmid: 'default' + kind: shell + spec: + environments: + - name: PATH + command: test $(git ls-remote https://github.com/NixOS/nixpkgs master | head -n 1 | awk '{print $1}') != +# Defines "targets" which need to be updated if different than "source" information. +targets: + default: + name: npins nixpkgs-master update + kind: shell + scmid: 'default' + spec: + environments: + - name: PATH + - name: NIX_PATH + command: nix-shell -p npins --command "npins update nixpkgs-master" && echo +# Define action configurations if one needs to be created +actions: + default: + kind: 'github/pullrequest' + scmid: 'default' + spec: + automerge: false + description: 'Update Nixpkgs Master using npins.' + draft: false + title: 'UPDATECLI: Update Nixpkgs Master' diff --git a/updatecli/updatecli.d/nixpkgs-unstable.yaml b/updatecli/updatecli.d/nixpkgs-unstable.yaml new file mode 100644 index 0000000..8a8a646 --- /dev/null +++ b/updatecli/updatecli.d/nixpkgs-unstable.yaml @@ -0,0 +1,52 @@ +# manifest.yaml +name: Nixpkgs Unstable Update +scms: + default: + kind: 'github' + spec: + email: 'updatecli@didactiklabs.io' + owner: 'didactiklabs' + repository: 'nixbook' + token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}' + username: '{{ requiredEnv "GITHUB_ACTOR" }}' + branch: 'main' +# Defines how to get "source" information such as Jenkins version +sources: + default: + name: Get value from json + scmid: 'default' + kind: json + spec: + file: npins/sources.json + key: pins.nixpkgs-unstable.revision +# Defines "conditions" required to update targets +conditions: + default: + name: Check if revision is the same + scmid: 'default' + kind: shell + spec: + environments: + - name: PATH + command: test $(git ls-remote https://github.com/NixOS/nixpkgs nixos-unstable | head -n 1 | awk '{print $1}') != +# Defines "targets" which need to be updated if different than "source" information. +targets: + default: + name: NpinsUpdate + kind: shell + scmid: 'default' + spec: + environments: + - name: PATH + - name: NIX_PATH + command: nix-shell -p npins --command "npins update nixpkgs-unstable" && echo +# Define action configurations if one needs to be created +actions: + default: + kind: 'github/pullrequest' + scmid: 'default' + spec: + automerge: false + description: 'Update Nixpkgs Unstable using npins.' + draft: false + title: 'UPDATECLI: Update Nixpkgs Unstable' diff --git a/updatecli/updatecli.d/nixpkgs.yaml b/updatecli/updatecli.d/nixpkgs.yaml new file mode 100644 index 0000000..9e8ceaf --- /dev/null +++ b/updatecli/updatecli.d/nixpkgs.yaml @@ -0,0 +1,52 @@ +# manifest.yaml +name: Nixpkgs Update +scms: + default: + kind: 'github' + spec: + email: 'updatecli@didactiklabs.io' + owner: 'didactiklabs' + repository: 'nixbook' + token: '{{ requiredEnv "UPDATECLI_GITHUB_TOKEN" }}' + username: '{{ requiredEnv "GITHUB_ACTOR" }}' + branch: 'main' +# Defines how to get "source" information such as Jenkins version +sources: + default: + name: Get value from json + scmid: 'default' + kind: json + spec: + file: npins/sources.json + key: pins.nixpkgs.revision +# Defines "conditions" required to update targets +conditions: + default: + name: Check if revision is the same + scmid: 'default' + kind: shell + spec: + environments: + - name: PATH + command: test $(git ls-remote https://github.com/NixOS/nixpkgs nixos-24.11 | head -n 1 | awk '{print $1}') != +# Defines "targets" which need to be updated if different than "source" information. +targets: + default: + name: NpinsUpdate + kind: shell + scmid: 'default' + spec: + environments: + - name: PATH + - name: NIX_PATH + command: nix-shell -p npins --command "npins update nixpkgs" && echo +# Define action configurations if one needs to be created +actions: + default: + kind: 'github/pullrequest' + scmid: 'default' + spec: + automerge: false + description: 'Update Nixpkgs Master npins.' + draft: false + title: 'UPDATECLI: Update Nixpkgs' diff --git a/updatecli/values.yaml b/updatecli/values.yaml new file mode 100644 index 0000000..3df043c --- /dev/null +++ b/updatecli/values.yaml @@ -0,0 +1,5 @@ +github: + user: 'GitHub Actions Bot' + email: 'bots@didactiklabs.io' + username: 'didactik-bot' + token: 'UPDATECLI_GITHUB_TOKEN'