name: 'Update Nix Flake Lock' description: 'Update your Nix flake.lock and send a PR' inputs: inputs: description: 'A space-separated list of inputs to update. Leave empty to update all inputs.' required: false default: '' token: description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)' required: false default: ${{ github.token }} commit-msg: description: 'The message provided with the commit' required: false default: "flake.lock: Update" base: description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow." required: false branch: description: 'The branch of the PR to be created' required: false default: "update_flake_lock_action" path-to-flake-dir: description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.' required: false default: '' pr-title: description: 'The title of the PR to be created' required: false default: "flake.lock: Update" pr-body: description: 'The body of the PR to be created' required: false default: | Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action. ``` {{ env.GIT_COMMIT_MESSAGE }} ``` ### Running GitHub Actions on this PR GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action. To run GitHub Actions workflows on this PR, run: ```sh git branch -D update_flake_lock_action git fetch origin git checkout update_flake_lock_action git commit --amend --no-edit git push origin update_flake_lock_action --force ``` pr-labels: description: 'A comma or newline separated list of labels to set on the Pull Request to be created' required: false default: '' pr-assignees: description: 'A comma or newline separated list of assignees (GitHub usernames).' required: false default: '' pr-reviewers: description: 'A comma or newline separated list of reviewers (GitHub usernames) to request a review from.' required: false default: '' git-author-name: description: 'Author name used for commit. Only used if sign-commits is false.' required: false default: 'github-actions[bot]' git-author-email: description: 'Author email used for commit. Only used if sign-commits is false.' required: false default: 'github-actions[bot]@users.noreply.github.com' git-committer-name: description: 'Committer name used for commit. Only used if sign-commits is false.' required: false default: 'github-actions[bot]' git-committer-email: description: 'Committer email used for commit. Only used if sign-commits is false.' required: false default: 'github-actions[bot]@users.noreply.github.com' sign-commits: description: 'Set to true if the action should sign the commit with GPG' required: false default: 'false' gpg-private-key: description: 'GPG Private Key with which to sign the commits in the PR to be created' required: false default: '' gpg-fingerprint: description: 'Fingerprint of specific GPG subkey to use' required: false gpg-passphrase: description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created' required: false default: '' nix-options: description: 'A space-separated list of options to pass to the nix command' required: false default: '' outputs: pull-request-number: description: 'The number of the opened pull request' value: ${{ steps.create-pr.outputs.pull-request-number }} pull-request-operation: description: 'The pull request operation performed by the action, `created`, `updated` or `closed`.' value: ${{ steps.create-pr.outputs.pull-request-operation }} runs: using: "composite" steps: - name: Import bot's GPG key for signing commits if: ${{ inputs.sign-commits == 'true' }} id: import-gpg uses: crazy-max/ghaction-import-gpg@v6 with: gpg_private_key: ${{ inputs.gpg-private-key }} fingerprint: ${{ inputs.gpg-fingerprint }} passphrase: ${{ inputs.gpg-passphrase }} git_config_global: true git_user_signingkey: true git_commit_gpgsign: true - name: Set environment variables (signed commits) if: ${{ inputs.sign-commits == 'true' }} shell: bash env: GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }} GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }} GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }} GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }} TARGETS: ${{ inputs.inputs }} run: | echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV echo "GIT_AUTHOR_EMAIL=<$GIT_AUTHOR_EMAIL>" >> $GITHUB_ENV echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV echo "GIT_COMMITTER_EMAIL=<$GIT_COMMITTER_EMAIL>" >> $GITHUB_ENV - name: Set environment variables (unsigned commits) if: ${{ inputs.sign-commits != 'true' }} shell: bash run: | echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV - name: Run update-flake-lock.sh run: $GITHUB_ACTION_PATH/update-flake-lock.sh shell: bash env: GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }} GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }} GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }} GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }} NIX_OPTIONS: ${{ inputs.nix-options }} TARGETS: ${{ inputs.inputs }} COMMIT_MSG: ${{ inputs.commit-msg }} PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }} - name: Save PR Body as file uses: DamianReeves/write-file-action@v1.3 with: path: pr_body.template contents: ${{ inputs.pr-body }} env: {} - name: Set additional env variables (GIT_COMMIT_MESSAGE) shell: bash run: | DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) COMMIT_MESSAGE="$(git log --format=%b -n 1)" echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV echo "$COMMIT_MESSAGE" >> $GITHUB_ENV echo "$DELIMITER" >> $GITHUB_ENV echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}" - name: Interpolate PR Body uses: pedrolamas/handlebars-action@v2.4.0 with: files: 'pr_body.template' output-filename: 'pr_body.txt' - name: Read pr_body.txt id: pr_body uses: juliangruber/read-file-action@v1 with: path: "pr_body.txt" # We need to remove the pr_body files so that the # peter-evans/create-pull-request action does not commit it (the # action commits all new and modified files). - name: Remove PR body template files shell: bash run: rm -f pr_body.txt pr_body.template - name: Create PR id: create-pr uses: peter-evans/create-pull-request@v6 with: base: ${{ inputs.base }} branch: ${{ inputs.branch }} delete-branch: true committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }} author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }} title: ${{ inputs.pr-title }} token: ${{ inputs.token }} assignees: ${{ inputs.pr-assignees }} labels: ${{ inputs.pr-labels }} reviewers: ${{ inputs.pr-reviewers }} body: ${{ steps.pr_body.outputs.content }}