-
Notifications
You must be signed in to change notification settings - Fork 7
/
Copy pathaction.yaml
143 lines (143 loc) · 5.44 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
---
# Inspired by https://github.com/DeterminateSystems/update-flake-lock
name: 'nix-update action'
description: 'A GitHub action that detects and updates flake outputs via nix-update tool'
inputs:
token:
description: 'The token that the action will use to create and update the pull request.'
default: ${{ github.token }}
packages:
description: 'A space-separated list of inputs to update. Leave empty to update all inputs.'
required: false
default: ''
blacklist:
description: 'A list of dependencies, comma separated, to skip from updating.'
required: false
default: ''
branch:
description: 'The branch of the PR to be created'
required: false
default: "chore/nix_update_actions"
path-to-flake-dir:
description: 'The path of the directory containing `flake.nix` file within your repository.'
required: false
default: ''
pr-title:
description: 'The title of the PR to be created'
required: false
default: "Packages: update"
pr-body:
description: 'The body of the PR to be created'
required: false
default: |
Automated changes by the [nix-update-actions](https://github.com/selfuryon/nix-update-action) GitHub Action.
pr-labels:
description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
required: false
default: ''
pr-assignees:
description: 'A comma or newline separated list of assignees (GitHub usernames).'
required: false
default: ''
pr-reviewers:
description: 'A comma or newline separated list of reviewers (GitHub usernames) to request a review from.'
required: false
default: ''
git-author-name:
description: 'Author name used for commit.'
required: false
default: 'github-actions[bot]'
git-author-email:
description: 'Author email used for commit.'
required: false
default: 'github-actions[bot]@users.noreply.github.com'
git-committer-name:
description: 'Committer name used for commit.'
required: false
default: 'github-actions[bot]'
git-committer-email:
description: 'Committer email used for commit.'
required: false
default: 'github-actions[bot]@users.noreply.github.com'
sign-commits:
description: 'Set to true if the action should sign the commit with GPG'
required: false
default: 'false'
gpg-private-key:
description: 'GPG Private Key with which to sign the commits in the PR to be created'
required: false
default: ''
gpg-fingerprint:
description: 'Fingerprint of specific GPG subkey to use'
required: false
gpg-passphrase:
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
required: false
default: ''
outputs:
pull-request-number:
description: 'The number of the opened pull request'
value: ${{ steps.create-pr.outputs.pull-request-number }}
runs:
using: "composite"
steps:
- uses: yaxitech/nix-install-pkgs-action@v3
with:
packages: "nix-update,jq"
inputs-from: nixpkgs
- name: Import bot's GPG key for signing commits
if: ${{ inputs.sign-commits == 'true' }}
id: import-gpg
uses: crazy-max/ghaction-import-gpg@v5
with:
gpg_private_key: ${{ inputs.gpg-private-key }}
fingerprint: ${{ inputs.gpg-fingerprint }}
passphrase: ${{ inputs.gpg-passphrase }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Set environment variables (signed commits)
if: ${{ inputs.sign-commits == 'true' }}
shell: bash
env:
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
TARGETS: ${{ inputs.inputs }}
run: |
echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=<$GIT_AUTHOR_EMAIL>" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=<$GIT_COMMITTER_EMAIL>" >> $GITHUB_ENV
- name: Set environment variables (unsigned commits)
if: ${{ inputs.sign-commits != 'true' }}
shell: bash
run: |
echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
- name: Run nix-update
run: $GITHUB_ACTION_PATH/nix-update.sh
shell: bash
env:
PACKAGES: ${{ inputs.packages }}
BLACKLIST: ${{ inputs.blacklist }}
GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }}
GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
- name: Create PR
id: create-pr
uses: peter-evans/create-pull-request@v4
with:
token: ${{ inputs.token }}
branch: ${{ inputs.branch }}
delete-branch: true
title: ${{ inputs.pr-title }}
assignees: ${{ inputs.pr-assignees }}
labels: ${{ inputs.pr-labels }}
reviewers: ${{ inputs.pr-reviewers }}
body: ${{ inputs.pr-body }}