diff --git a/.forgejo/workflows/npins-update.yaml b/.forgejo/workflows/npins-update.yaml index 9a268f2..d95fdff 100644 --- a/.forgejo/workflows/npins-update.yaml +++ b/.forgejo/workflows/npins-update.yaml @@ -4,21 +4,24 @@ jobs: steps: - uses: actions/checkout@v3 with: - depth: 0 + fetch-depth: 0 token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - name: Update dependencies and open PR if necessary + - env: + GIT_AUTHOR_EMAIL: tech@dgnum.eu + GIT_AUTHOR_NAME: DGNum Chores + GIT_COMMITTER_EMAIL: tech@dgnum.eu + GIT_COMMITTER_NAME: DGNum Chores + name: Update dependencies and open PR if necessary run: "npins update\n\nif [ ! -z \"$(git diff --name-only)\" ]; then\n echo \"[+] Changes detected, pushing updates.\"\n\n git switch -C npins-update\n\ - \n git add npins\n\n git config user.name \"DGNum Chores\"\n git config - user.email \"tech@dgnum.eu\"\n\n git commit --message \"chore(npins): Update\"\ - \n git push --set-upstream origin npins-update --force\n\n # Connect to - the server with the cli\n tea login add \\\n -n dgnum-chores \\\n -t - \"${{ secrets.TEA_DGNUM_CHORES_TOKEN }}\" \\\n -u https://git.dgnum.eu\n\ - \n # Create a pull request if needed\n # i.e. no PR with the same title - exists\n if [ -z \"$(tea pr ls -f='title,author' -o simple | grep 'chore(npins): - Update dgnum-chores')\" ]; then\n tea pr create \\\n --description - \"Automatic npins update\" \\\n --title \"chore(npins): Update\" \\\n\ - \ --head npins-update\n fi\nfi\n" + \n git add npins\n\n git commit --message \"chore(npins): Update\"\n git + push --set-upstream origin npins-update --force\n\n # Connect to the server + with the cli\n tea login add \\\n -n dgnum-chores \\\n -t \"${{ secrets.TEA_DGNUM_CHORES_TOKEN + }}\" \\\n -u https://git.dgnum.eu\n\n # Create a pull request if needed\n\ + \ # i.e. no PR with the same title exists\n if [ -z \"$(tea pr ls -f='title,author' + -o simple | grep 'chore(npins): Update dgnum-chores')\" ]; then\n tea pr + create \\\n --description \"Automatic npins update\" \\\n --title + \"chore(npins): Update\" \\\n --head npins-update\n fi\nfi\n" name: npins update on: schedule: diff --git a/default.nix b/default.nix index c1d506f..fa56d8a 100644 --- a/default.nix +++ b/default.nix @@ -18,6 +18,7 @@ let ; nix-reuse = import sources.nix-reuse { inherit pkgs; }; + nix-actions = import sources.nix-actions { inherit pkgs; }; git-checks = (import sources.git-hooks).run { src = ./.; @@ -117,7 +118,7 @@ let ]; }; - workflows = (import sources.nix-actions { inherit pkgs; }).install { + workflows = nix-actions.install { src = ./.; workflows = mapAttrs' ( @@ -125,8 +126,12 @@ let nameValuePair (removeSuffix ".nix" name) ( let w = import ./workflows/${name}; + args = { + inherit nix-actions; + inherit (pkgs) lib; + }; in - if isFunction w then w { inherit (pkgs) lib; } else w + if (isFunction w) then (w args) else w ) ) (builtins.readDir ./workflows); }; @@ -165,11 +170,11 @@ in (pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { }) ] ++ git-checks.enabledPackages ++ (builtins.attrValues scripts); - shellHook = '' - ${git-checks.shellHook} - ${workflows.shellHook} - ${reuse.shellHook} - ''; + shellHook = builtins.concatStringsSep "\n" [ + git-checks.shellHook + reuse.shellHook + workflows.shellHook + ]; preferLocalBuild = true; diff --git a/npins/sources.json b/npins/sources.json index 8df4b74..948b4d4 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -225,10 +225,10 @@ "pre_releases": false, "version_upper_bound": null, "release_prefix": null, - "version": "v0.2.2", - "revision": "b9cb5d6f945d1e3fd7b70d63848c70335e9912e8", + "version": "v0.2.3", + "revision": "3c07af3887626062cf9d25967998c582c1b2d9df", "url": null, - "hash": "0m6bw5qlrchsigx7x4nz3xkcn3dnr14k5j0ws9lbggnldnz9qg2w" + "hash": "135g3sjx885vp880ijnfjmrc7krkr85c1xxxqkdy5qagr454k1jv" }, "nix-modules": { "type": "Git", diff --git a/workflows/eval-nodes.nix b/workflows/eval-nodes.nix index d8974ab..e2b904d 100644 --- a/workflows/eval-nodes.nix +++ b/workflows/eval-nodes.nix @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: EUPL-1.2 -{ lib }: +{ lib, nix-actions }: let inherit (lib) attrNames genAttrs; @@ -27,7 +27,7 @@ in env = { STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/"; STORE_USER = "admin"; - STORE_PASSWORD = "\${{ secrets.STORE_PASSWORD }}"; + STORE_PASSWORD = nix-actions.lib.secret "STORE_PASSWORD"; BUILD_NODE = node; }; } diff --git a/workflows/eval-shell.nix b/workflows/eval-shell.nix index 3bdd043..93540be 100644 --- a/workflows/eval-shell.nix +++ b/workflows/eval-shell.nix @@ -2,6 +2,8 @@ # # SPDX-License-Identifier: EUPL-1.2 +{ nix-actions, ... }: + { name = "Build the shell"; on = { @@ -20,7 +22,7 @@ env = { STORE_ENDPOINT = "https://tvix-store.dgnum.eu/infra-signing/"; STORE_USER = "admin"; - STORE_PASSWORD = "\${{ secrets.STORE_PASSWORD }}"; + STORE_PASSWORD = nix-actions.lib.secret "STORE_PASSWORD"; }; } ]; diff --git a/workflows/npins-update.nix b/workflows/npins-update.nix index 76ec16c..773f92e 100644 --- a/workflows/npins-update.nix +++ b/workflows/npins-update.nix @@ -2,58 +2,62 @@ # # SPDX-License-Identifier: EUPL-1.2 +{ nix-actions, ... }: + { name = "npins update"; on.schedule = [ - # Run at 11 o'clock every wednesday + # Run at 15:25 everyday { cron = "25 15 * * *"; } ]; jobs.npins_update = { runs-on = "nix"; steps = [ - { - uses = "actions/checkout@v3"; - "with" = { - depth = 0; - token = "\${{ secrets.TEA_DGNUM_CHORES_TOKEN }}"; - }; - } + (nix-actions.steps.checkout { + fetch-depth = 0; + token = nix-actions.lib.secret "TEA_DGNUM_CHORES_TOKEN"; + }) { name = "Update dependencies and open PR if necessary"; - run = '' - npins update + run = # bash + '' + npins update - if [ ! -z "$(git diff --name-only)" ]; then - echo "[+] Changes detected, pushing updates." + if [ ! -z "$(git diff --name-only)" ]; then + echo "[+] Changes detected, pushing updates." - git switch -C npins-update + git switch -C npins-update - git add npins + git add npins - git config user.name "DGNum Chores" - git config user.email "tech@dgnum.eu" + git commit --message "chore(npins): Update" + git push --set-upstream origin npins-update --force - git commit --message "chore(npins): Update" - git push --set-upstream origin npins-update --force + # Connect to the server with the cli + tea login add \ + -n dgnum-chores \ + -t "${nix-actions.lib.secret "TEA_DGNUM_CHORES_TOKEN"}" \ + -u https://git.dgnum.eu - # Connect to the server with the cli - tea login add \ - -n dgnum-chores \ - -t "''${{ secrets.TEA_DGNUM_CHORES_TOKEN }}" \ - -u https://git.dgnum.eu - - # Create a pull request if needed - # i.e. no PR with the same title exists - if [ -z "$(tea pr ls -f='title,author' -o simple | grep 'chore(npins): Update dgnum-chores')" ]; then - tea pr create \ - --description "Automatic npins update" \ - --title "chore(npins): Update" \ - --head npins-update + # Create a pull request if needed + # i.e. no PR with the same title exists + if [ -z "$(tea pr ls -f='title,author' -o simple | grep 'chore(npins): Update dgnum-chores')" ]; then + tea pr create \ + --description "Automatic npins update" \ + --title "chore(npins): Update" \ + --head npins-update + fi fi - fi - ''; + ''; + + env = { + GIT_AUTHOR_NAME = "DGNum Chores"; + GIT_AUTHOR_EMAIL = "tech@dgnum.eu"; + GIT_COMMITTER_NAME = "DGNum Chores"; + GIT_COMMITTER_EMAIL = "tech@dgnum.eu"; + }; } ]; };