name: "Update Nix Flake Lock" description: "Update your Nix flake.lock and send a PR" inputs: inputs: description: "A space-separated list of inputs to update. Leave empty to update all inputs." required: false default: "" token: description: "GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)" required: false default: ${{ github.token }} commit-msg: description: "The message provided with the commit" required: false default: "flake.lock: Update" base: description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow." required: false branch: description: "The branch of the PR to be created" required: false default: "update_flake_lock_action" path-to-flake-dir: description: "The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository." required: false pr-title: description: "The title of the PR to be created" required: false default: "flake.lock: Update" pr-body: description: "The body of the PR to be created" required: false default: | Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action. ``` {{ env.GIT_COMMIT_MESSAGE }} ``` ### Running GitHub Actions on this PR GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action. To run GitHub Actions workflows on this PR, run: ```sh git branch -D update_flake_lock_action git fetch origin git checkout update_flake_lock_action git commit --amend --no-edit git push origin update_flake_lock_action --force ``` pr-labels: description: "A comma or newline separated list of labels to set on the Pull Request to be created" required: false default: "" pr-assignees: description: "A comma or newline separated list of assignees (GitHub usernames)." required: false default: "" pr-reviewers: description: "A comma or newline separated list of reviewers (GitHub usernames) to request a review from." required: false default: "" git-author-name: description: "Author name used for commit. Only used if sign-commits is false." required: false default: "github-actions[bot]" git-author-email: description: "Author email used for commit. Only used if sign-commits is false." required: false default: "github-actions[bot]@users.noreply.github.com" git-committer-name: description: "Committer name used for commit. Only used if sign-commits is false." required: false default: "github-actions[bot]" git-committer-email: description: "Committer email used for commit. Only used if sign-commits is false." required: false default: "github-actions[bot]@users.noreply.github.com" sign-commits: description: "Set to true if the action should sign the commit with GPG" required: false default: "false" gpg-private-key: description: "GPG Private Key with which to sign the commits in the PR to be created" required: false default: "" gpg-fingerprint: description: "Fingerprint of specific GPG subkey to use" required: false gpg-passphrase: description: "GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created" required: false default: "" nix-options: description: "A space-separated list of options to pass to the nix command" required: false default: "" outputs: pull-request-number: description: "The number of the opened pull request" value: ${{ steps.create-pr.outputs.pull-request-number }} pull-request-operation: description: "The pull request operation performed by the action, `created`, `updated` or `closed`." value: ${{ steps.create-pr.outputs.pull-request-operation }} runs: using: "composite" steps: - name: Import bot's GPG key for signing commits if: ${{ inputs.sign-commits == 'true' }} id: import-gpg uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ inputs.gpg-private-key }} fingerprint: ${{ inputs.gpg-fingerprint }} passphrase: ${{ inputs.gpg-passphrase }} git_config_global: true git_user_signingkey: true git_commit_gpgsign: true - name: Set environment variables (signed commits) if: ${{ inputs.sign-commits == 'true' }} shell: bash env: GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }} GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }} GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }} GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }} TARGETS: ${{ inputs.inputs }} run: | echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV echo "GIT_AUTHOR_EMAIL=<$GIT_AUTHOR_EMAIL>" >> $GITHUB_ENV echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV echo "GIT_COMMITTER_EMAIL=<$GIT_COMMITTER_EMAIL>" >> $GITHUB_ENV - name: Set environment variables (unsigned commits) if: ${{ inputs.sign-commits != 'true' }} shell: bash run: | echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV - name: Run update-flake-lock.sh runs: using: node20 main: dist/index.js - name: Save PR Body as file uses: DamianReeves/write-file-action@v1.3 with: path: pr_body.template contents: ${{ inputs.pr-body }} env: {} - name: Set additional env variables (GIT_COMMIT_MESSAGE) shell: bash run: | DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) COMMIT_MESSAGE="$(git log --format=%b -n 1)" echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV echo "$COMMIT_MESSAGE" >> $GITHUB_ENV echo "$DELIMITER" >> $GITHUB_ENV echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}" - name: Interpolate PR Body uses: pedrolamas/handlebars-action@v2.4.0 with: files: "pr_body.template" output-filename: "pr_body.txt" - name: Read pr_body.txt id: pr_body uses: juliangruber/read-file-action@v1 with: path: "pr_body.txt" # We need to remove the pr_body files so that the # peter-evans/create-pull-request action does not commit it (the # action commits all new and modified files). - name: Remove PR body template files shell: bash run: rm -f pr_body.txt pr_body.template - name: Create PR id: create-pr uses: peter-evans/create-pull-request@v6 with: base: ${{ inputs.base }} branch: ${{ inputs.branch }} delete-branch: true committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }} author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }} title: ${{ inputs.pr-title }} token: ${{ inputs.token }} assignees: ${{ inputs.pr-assignees }} labels: ${{ inputs.pr-labels }} reviewers: ${{ inputs.pr-reviewers }} body: ${{ steps.pr_body.outputs.content }}