github: update flake.lock weekly with pull request

github: use DeterminateSystems nix installer github: run cicid on prs github/flake-update-inputs: use PAT to trigger subsequent workflows github: simplify workflow runs github: setup git after checkout github/flake-update-inputs: don't self assign reviews github/git-sync-mirrors: only run on master github: don't sync to codeberg github: only run nix checks on .nix updates github: only run nix checks on .nix and .lock updates github: ignore .github and _img paths
2024-11-21 20:33:55 -05:00 · 2024-07-14 10:28:53 -04:00 · 2024-07-14 10:28:53 -04:00 · 1413801e6d
parent 240ec1ac8e
commit 1413801e6d
3 changed files with 27 additions and 34 deletions
--- a/.github/workflows/flake-checks.yml
+++ b/.github/workflows/flake-checks.yml
@ -1,5 +1,10 @@
 name: "nix"
-on: [push]
+on:
+  push:
+    paths-ignore:
+      - '.github/**'
+      - '_img/**'
+  workflow_dispatch:
 jobs:
  check-format:
    runs-on: ubuntu-latest
@ -7,7 +12,8 @@ jobs:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 1
-      - uses: cachix/install-nix-action@v27
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
      - name: check if flake complies with default style
        run: nix fmt -- -c .
  check-eval:
@ -16,6 +22,7 @@ jobs:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 1
-      - uses: cachix/install-nix-action@v27
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
      - name: check if flake evaluates
        run: nix flake check
--- a/.github/workflows/flake-update-inputs.yml
+++ b/.github/workflows/flake-update-inputs.yml
@ -1,7 +1,7 @@
-name: "flake: update inputs"
+name: "update-flake-inputs"
 on:
  schedule:
-    - cron: "0 6 * * *"
+    - cron: "0 0 * * 0"
  workflow_dispatch:
 jobs:
  update-inputs:
@ -11,17 +11,18 @@ jobs:
        with:
          ref: ${{ github.head_ref }}
          fetch-depth: 1
-      - name: "git: setup"
+      - name: Setup Git
        run: |
-          git config --local user.email "github-actions[bot]@users.noreply.github.com"
-          git config --local user.name "github-actions[bot]"
-      - uses: cachix/install-nix-action@v27
-      - name: "flake: update inputs"
-        run: nix flake update --commit-lock-file
-      - name: "flake: check eval"
-        run: nix flake check
-      - name: "git: push changes"
-        uses: ad-m/github-push-action@master
+          git config --local user.name  "github-actions[bot]"
+          git config --local user.email  "github-actions[bot]@users.noreply.github.com"
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@main
        with:
-          branch: ${{ github.head_ref }}
-
+          token: ${{ secrets.FLAKE_UPDATE_PAT }}
+          pr-title: "flake: update inputs"
+          pr-assignees: alyraffauf
+          pr-labels: |
+            dependencies
+            automated
--- a/.github/workflows/git-sync-mirrors.yml
+++ b/.github/workflows/git-sync-mirrors.yml
@ -1,25 +1,10 @@
 name: "git"
 on: 
  push:
-  workflow_run:
-    workflows: ["flake: update inputs"]
-    types:
-      - completed
+    branches:
+      - master
  workflow_dispatch:
 jobs:
-  sync-codeberg:
-    runs-on: ubuntu-latest
-    steps:
-      - name: check out repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: "sync codeberg mirror"
-        uses: yesolutions/mirror-action@v0.7.0
-        with:
-          REMOTE: 'https://codeberg.org/alyraffauf/nixcfg.git'
-          GIT_USERNAME: alyraffauf
-          GIT_PASSWORD: ${{ secrets.CODEBERG_PASSWORD }}
  sync-gitlab:
    runs-on: ubuntu-latest
    steps: