From 85a88f4e188062b53b4212d8c43cab30ffd61add Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Sat, 28 Oct 2023 11:54:05 -0500 Subject: [PATCH] github: automatically update flake.lock every week Summary: Keeping the flake.lock up to date and 'fresh' is nice for all the same reasons that apply to things like Cargo, Poetry, etc. Unfortunately, dependabot doesn't have support for Nix flakes. There is also no mechanism to add 'out of band' updates through dependabot, at least not yet. Instead, we use the `update-flake-lock` action from Determinate Systems, which can paper over it for us. This updates once a week on Sunday, which is pretty fine, I think. A theoretical downside of this approach is that we can't group updates together like dependabot does; but dependabot only groups 'related' updates together, i.e. updates to Cargo dependencies. If it also detected updates for e.g. Poetry or Nix, it would make separate PRs for those. Signed-off-by: Austin Seipp Change-Id: I6f447deffc545da77fb320519abcf437 --- .github/workflows/nix-update-flake.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/nix-update-flake.yml diff --git a/.github/workflows/nix-update-flake.yml b/.github/workflows/nix-update-flake.yml new file mode 100644 index 00000000000..3af7d2c21f9 --- /dev/null +++ b/.github/workflows/nix-update-flake.yml @@ -0,0 +1,22 @@ +name: Update nix flake.lock +on: + workflow_dispatch: # allows manual triggering + schedule: + - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 + +jobs: + lockfile: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@bc7b19257469c8029b46f45ac99ecc11156c8b2d + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@da2fd6f2563fe3e4f2af8be73b864088564e263d + with: + pr-title: "nix: update flake.lock" + pr-assignees: thoughtpolice + pr-reviewers: thoughtpolice + pr-labels: | + dependencies