.github/workflows/update-packages.yml at main

jaspermayone.com / dots
fork atom
@jaspermayone.com's dotfiles
fork atom
dots / .github / workflows / update-packages.yml
at main 123 lines 4.7 kB view raw
wrap content
jaspermayone.com Fix update-packages workflow 2mo ago
993cd675
  1name: Update Custom Packages
  2
  3on:
  4  schedule:
  5    # Run daily at 4am UTC
  6    - cron: '0 4 * * *'
  7  workflow_dispatch: # Allow manual trigger
  8
  9permissions:
 10  contents: write
 11  pull-requests: write
 12
 13jobs:
 14  update-wut:
 15    name: Update wut package
 16    runs-on: ubuntu-latest
 17    steps:
 18      - name: Checkout repository
 19        uses: actions/checkout@v4
 20
 21      - name: Install Nix
 22        uses: DeterminateSystems/nix-installer-action@main
 23
 24      - name: Setup Git
 25        run: |
 26          git config user.name "github-actions[bot]"
 27          git config user.email "github-actions[bot]@users.noreply.github.com"
 28
 29      - name: Check for new wut release
 30        id: check-release
 31        run: |
 32          # Get latest release from GitHub
 33          LATEST=$(curl -s https://api.github.com/repos/simonbs/wut/releases/latest | jq -r .tag_name)
 34          CURRENT=$(grep 'version = ' packages/wut.nix | sed 's/.*"\(.*\)".*/\1/')
 35
 36          echo "Latest version: $LATEST"
 37          echo "Current version: v$CURRENT"
 38
 39          if [ "$LATEST" != "v$CURRENT" ]; then
 40            echo "update_needed=true" >> $GITHUB_OUTPUT
 41            echo "new_version=${LATEST#v}" >> $GITHUB_OUTPUT
 42            echo "Update needed: $LATEST"
 43          else
 44            echo "update_needed=false" >> $GITHUB_OUTPUT
 45            echo "Already up to date"
 46          fi
 47
 48      - name: Update wut package
 49        if: steps.check-release.outputs.update_needed == 'true'
 50        env:
 51          NEW_VERSION: ${{ steps.check-release.outputs.new_version }}
 52        run: |
 53          # Update version
 54          sed -i "s/version = \".*\";/version = \"$NEW_VERSION\";/" packages/wut.nix
 55
 56          # Get new source hash
 57          NEW_HASH=$(nix-prefetch-url --unpack "https://github.com/simonbs/wut/archive/refs/tags/v${NEW_VERSION}.tar.gz")
 58          NEW_HASH_SRI=$(nix hash convert --hash-algo sha256 "$NEW_HASH")
 59
 60          # Update source hash
 61          sed -i "s|hash = \"sha256-.*\";|hash = \"$NEW_HASH_SRI\";|" packages/wut.nix
 62
 63          # Try to build to get vendorHash
 64          # Save build log but don't commit it
 65          if ! nix build .#nixosConfigurations.horace.pkgs.wut 2>&1 | tee /tmp/build.log; then
 66            # Extract the correct vendorHash from the error message
 67            VENDOR_HASH=$(grep "got:" /tmp/build.log | tail -1 | awk '{print $2}')
 68            if [ -n "$VENDOR_HASH" ]; then
 69              sed -i "s|vendorHash = \"sha256-.*\";|vendorHash = \"$VENDOR_HASH\";|" packages/wut.nix
 70            fi
 71          fi
 72
 73          # Save build log for later comment
 74          echo "BUILD_LOG<<EOF" >> $GITHUB_ENV
 75          cat /tmp/build.log >> $GITHUB_ENV
 76          echo "EOF" >> $GITHUB_ENV
 77
 78      - name: Create Pull Request
 79        if: steps.check-release.outputs.update_needed == 'true'
 80        id: create-pr
 81        uses: peter-evans/create-pull-request@v6
 82        with:
 83          token: ${{ secrets.GITHUB_TOKEN }}
 84          commit-message: "Update wut to v${{ steps.check-release.outputs.new_version }}"
 85          title: "Update wut to v${{ steps.check-release.outputs.new_version }}"
 86          body: |
 87            Automated update of wut package to latest release.
 88
 89            **Changes:**
 90            - Update wut to v${{ steps.check-release.outputs.new_version }}
 91            - Update source hash
 92            - Update vendorHash if needed
 93
 94            **Release Notes:** https://github.com/simonbs/wut/releases/tag/v${{ steps.check-release.outputs.new_version }}
 95          branch: update-wut-v${{ steps.check-release.outputs.new_version }}
 96          delete-branch: true
 97
 98      - name: Add build log comment
 99        if: steps.check-release.outputs.update_needed == 'true' && steps.create-pr.outputs.pull-request-number
100        uses: actions/github-script@v7
101        env:
102          BUILD_LOG: ${{ env.BUILD_LOG }}
103        with:
104          script: |
105            const buildLog = process.env.BUILD_LOG;
106            await github.rest.issues.createComment({
107              owner: context.repo.owner,
108              repo: context.repo.repo,
109              issue_number: ${{ steps.create-pr.outputs.pull-request-number }},
110              body: `<details>\n<summary>Build Log</summary>\n\n\`\`\`\n${buildLog}\n\`\`\`\n\n</details>`
111            });
112
113      - name: Request review
114        if: steps.check-release.outputs.update_needed == 'true' && steps.create-pr.outputs.pull-request-number
115        uses: actions/github-script@v7
116        with:
117          script: |
118            await github.rest.pulls.requestReviewers({
119              owner: context.repo.owner,
120              repo: context.repo.repo,
121              pull_number: ${{ steps.create-pr.outputs.pull-request-number }},
122              reviewers: ['jaspermayone']
123            });