- Notifications
You must be signed in to change notification settings - Fork0
Update flake packages by nix-update via github-actions
License
winapps-org/nix-update-action
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
This action usesnix-update to update flake packages.
Heavily inspired byupdate-flake-lock.
There are several examples of how to use this workflow to update flake packages.
To update all packages in flake you may use this workflow:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesuses:winapps-org/nix-update-action@v1.3.0
It's possible to update only certain packages by specifying them inpackages variable in a comma-separated list
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesuses:winapps-org/nix-update-action@v1.3.0with:packages:"geth,besu"
We also can blacklist some packages in updates:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesuses:winapps-org/nix-update-action@v1.3.0with:blacklist:"teku,lighthouse"
To print the number of the created PR you can use this workflow:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesid:updateuses:winapps-org/nix-update-action@v1.3.0 -name:Print PR numberrun:echo Pull request number is ${{ steps.update.outputs.pull-request-number }}.
To modify author and/or commiter you can do:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesid:updateuses:winapps-org/nix-update-action@v1.3.0with:git-author-name:'John Author'git-author-email:'github-actions[bot]@users.noreply.github.com'git-committer-name:'John Committer'git-committer-email:'github-actions[bot]@users.noreply.github.com'
It's possible for the bot to produce GPG signed commits. Associating a GPG public key to a github user account is not required but it is necessary if you want the signed commits to appear as verified in Github. This can be a compliance requirement in some cases.
You can followGithub's guide on creating and/or adding a new GPG key to an user account. Using a specific github user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal github account.
For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that withGithub secrets as explained here.
When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.
If you want to sign using a subkey, you must specify the subkey fingerprint using thegpg-fingerprint input parameter.
You can find an example of how to using this action with commit signing below:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesid:updateuses:winapps-org/nix-update-action@v1.3.0with:sign-commits:truegpg-private-key:${{ secrets.GPG_PRIVATE_KEY }}gpg-passphrase:${{ secrets.GPG_PASSPHRASE }}gpg-fingerprint:${{ secrets.GPG_FINGERPRINT }}# specify subkey fingerprint (optional)
To request a review in PR you can usepr-assignees andpr-reviewers like that:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesid:updateuses:winapps-org/nix-update-action@v1.3.0with:pr-assignees:User1pr-reviewers:User2,User3
If extra arguments need to be passed tonix-update (like for example--version=branch) useextra-args like:
name:"Update Flake Packages ❄️"on:workflow_dispatch:schedule: -cron:"0 10 * * 0"# https://crontab.guru/#0_10_*_*_0jobs:updateFlakePackages:runs-on:ubuntu-lateststeps: -name:Checkout repositoryuses:actions/checkout@v4 -name:Install Nixuses:cachix/install-nix-action@v27 -name:Update flake packagesid:updateuses:winapps-org/nix-update-action@v1.3.0with:extra-args:--version=branch
Note that these arguments will be passed after the default--flake --commit, which cannot be overridden.
If you only want to test the build on a newer commit, setskip-pr totrue.
About
Update flake packages by nix-update via github-actions
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.
Languages
- Nix63.7%
- Shell36.3%