diff --git a/.github/workflows/flake_vendorhash.yaml b/.github/workflows/flake_vendorhash.yaml new file mode 100644 index 0000000000..68788602d0 --- /dev/null +++ b/.github/workflows/flake_vendorhash.yaml @@ -0,0 +1,62 @@ +name: "Flake vendorHash Updater" +on: + push: + branches: + - main + paths: + - 'go.mod' + - 'go.sum' + workflow_dispatch: + workflow_call: + +jobs: + updateVendorHash: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: write + steps: + - name: Generate token + id: generate_token + uses: tibdex/github-app-token@v2 + with: + app_id: ${{ secrets.OCMBOT_APP_ID }} + private_key: ${{ secrets.OCMBOT_PRIV_KEY }} + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ steps.generate_token.outputs.token }} + - name: Setup git config + run: | + git config user.name "GitHub Actions Bot" + git config user.email "<41898282+github-actions[bot]@users.noreply.github.com>" + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + - name: Update ocm vendor hash + run: nix run .#nixpkgs.nix-update -- --flake --version=skip ocm + - name: Check diff + id: check-diff + run: | + diff=$(git diff) + if [[ -z "$diff" ]]; then + echo "Everything is tidy." + exit 0 + fi + + cat << EOF >> "${GITHUB_STEP_SUMMARY}" + \`\`\`diff + ${diff} + \`\`\` + EOF + echo "push='true'" >> $GITHUB_ENV + - name: Push changes + if: github.event.pull_request.head.repo.fork == false && env.push == 'true' + run: | + diff=$(git diff) + if [[ ! -z "$diff" ]]; then + git config --global user.name "ocm-vendorhash" + git config --global user.email "ocm-vendorhash@users.noreply.github.com" + git commit -am "flake: update ocm vendorHash" + git push + fi diff --git a/flake.nix b/flake.nix index f27a550d44..e6f9d9ddd2 100644 --- a/flake.nix +++ b/flake.nix @@ -118,5 +118,10 @@ program = self.packages.${system}.${pname} + "/bin/ecrplugin"; }; }); + + legacyPackages = forAllSystems (system: rec { + nixpkgs = nixpkgsFor.${system}; + }); + }; }