From c1b6f2c6665fc934670d1271ed83284f1be37ede Mon Sep 17 00:00:00 2001 From: Austin Seipp Date: Sat, 28 Oct 2023 11:54:05 -0500 Subject: [PATCH] github: automatically update flake.lock every week Summary: Keeping the flake.lock up to date and 'fresh' is nice for all the same reasons that apply to things like Cargo, Poetry, etc. Unfortunately, dependabot doesn't have support for Nix flakes. There is also no mechanism to add 'out of band' updates through dependabot, at least not yet. Instead, we use the `update-flake-lock` action from Determinate Systems, which can paper over it for us. This updates once a week on Sunday, which is pretty fine, I think. A theoretical downside of this approach is that we can't group updates together like dependabot does; but dependabot only groups 'related' updates together, i.e. updates to Cargo dependencies. If it also detected updates for e.g. Poetry or Nix, it would make separate PRs for those. Signed-off-by: Austin Seipp Change-Id: I6f447deffc545da77fb320519abcf437 --- .github/workflows/nix-update-flake.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 .github/workflows/nix-update-flake.yml diff --git a/.github/workflows/nix-update-flake.yml b/.github/workflows/nix-update-flake.yml new file mode 100644 index 0000000000..d152a34814 --- /dev/null +++ b/.github/workflows/nix-update-flake.yml @@ -0,0 +1,22 @@ +name: Update nix flake.lock +on: + workflow_dispatch: # allows manual triggering + schedule: + - cron: '40 3 * * 0' # runs weekly on Sunday at 03:40 + +jobs: + lockfile: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@bc7b19257469c8029b46f45ac99ecc11156c8b2d + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@da2fd6f2563fe3e4f2af8be73b864088564e263d + with: + pr-title: "nix: update flake.lock" + pr-assignees: thoughtpolice + pr-reviewers: thoughtpolice + pr-labels: | + dependencies