From 93da497fc90523b079bbd7c7aa6dea5645e3a250 Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 30 Sep 2024 07:35:07 -0400 Subject: ci: use github app for flake.lock PRs --- .github/workflows/update-flake.yaml | 38 ++++++++++++++++++++++++------------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index 4794422..2ef1ffc 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -8,30 +8,42 @@ on: jobs: update: - name: Run update - runs-on: ubuntu-latest + name: Run update & create PR - permissions: - contents: write + runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ secrets.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + - name: Checkout repository uses: actions/checkout@v4 + with: + token: ${{ steps.app-token.outputs.token }} - name: Install Nix uses: DeterminateSystems/nix-installer-action@v14 - - name: Update flake.lock & make PR - uses: DeterminateSystems/update-flake-lock@v24 - id: update + - name: Run update + run: nix flake update + + - name: Create pull request + id: pull-request + uses: peter-evans/create-pull-request@v7 with: - commit-msg: "nix: update flake.lock" - pr-title: "nix: update flake.lock" - token: ${{ secrets.MERGE_TOKEN }} + branch: update-flake-lock + commit-message: "nix: update flake.lock" + title: "nix: update flake.lock" + token: ${{ steps.app-token.outputs.token }} + sign-commits: true - name: Enable auto-merge - if: env.PR_ID != '' + if: ${{ env.PR_ID != '' }} run: gh pr merge --auto --squash "$PR_ID" env: - GH_TOKEN: ${{ github.token}} - PR_ID: ${{ steps.update.outputs.pull-request-number }} + PR_ID: ${{ steps.pull-request.outputs.pull-request-number }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} -- cgit v1.2.3