mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2024-12-14 11:57:52 +00:00
Code Activity

update github action to also update private flake

Browse source
This commit is contained in:
Jörg Thalheim 2024-11-17 13:02:33 +01:00 committed by Jörg Thalheim
parent 7769727634
commit 5f3869dfd2
3 changed files with 27 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.github/workflows/upgrade-flakes.yml vendored
View file

@ -4,6 +4,10 @@ on:
workflow_dispatch: workflow_dispatch:
schedule: schedule:
- cron: '51 2 * * 0' - cron: '51 2 * * 0'
permissions:
pull-requests: write
jobs: jobs:
createPullRequest: createPullRequest:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -14,9 +18,12 @@ jobs:
with: with:
extra_nix_config: | extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Update flake.lock - name: Update flakes
uses: DeterminateSystems/update-flake-lock@v24 run: |
with: nix flake update
token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} pushd dev/private
pr-labels: | nix flake update
merge-queue popd
nix run .#update-dev-private-narHash
- name: Create Pull Request
uses: peter-evans/create-pull-request@v7

13
flake.nix
View file

@ -93,6 +93,19 @@
tests // (suffix-stable tests-stable) // (suffix-stable packages-stable) tests // (suffix-stable tests-stable) // (suffix-stable packages-stable)
); );
apps = eachSystem (
{ pkgs, ... }:
{
update-dev-private-narHash = {
type = "app";
program = "${pkgs.writeShellScript "update-dev-private-narHash" ''
nix --extra-experimental-features "nix-command flakes" flake lock ./dev/private
nix --extra-experimental-features "nix-command flakes" hash path ./dev/private | tr -d '\n' > ./dev/private.narHash
''}";
};
}
);
devShells = eachSystem ( devShells = eachSystem (
{ pkgs, ... }: { pkgs, ... }:
{ {

5
shell.nix
View file

@ -10,11 +10,6 @@ pkgs.mkShell {
util-linux util-linux
nix nix
golangci-lint golangci-lint
(pkgs.writeScriptBin "update-dev-private-narHash" ''
nix --extra-experimental-features "nix-command flakes" flake lock ./dev/private
nix --extra-experimental-features "nix-command flakes" hash path ./dev/private | tr -d '\n' > ./dev/private.narHash
'')
]; ];
# delve does not compile with hardening enabled # delve does not compile with hardening enabled
hardeningDisable = [ "all" ]; hardeningDisable = [ "all" ];