diff options
| author | seth <[email protected]> | 2024-09-30 07:35:54 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2024-09-30 17:07:07 -0400 |
| commit | 7285c13651cb7aa9c11d51760b7ee9447e86069c (patch) | |
| tree | d2ef09408477cd0cee2bde803db4dcb0cea61655 /.github | |
| parent | a7b5a8272fab9d4a954c86dcc31efd2826ab7576 (diff) | |
ci: use github app for flake.lock PRs
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/update-flake.yaml | 40 |
1 files changed, 26 insertions, 14 deletions
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index 06eabfd..4473811 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -8,30 +8,42 @@ on: jobs: update: - name: Run update - runs-on: ubuntu-latest + name: Run update & create PR - permissions: - contents: write - pull-requests: write + runs-on: ubuntu-latest steps: + - name: Generate GitHub App token + uses: actions/create-github-app-token@v1 + id: app-token + with: + app-id: ${{ vars.APP_ID }} + private-key: ${{ secrets.PRIVATE_KEY }} + - name: Checkout repository uses: actions/checkout@v4 + with: + token: ${{ steps.app-token.outputs.token }} - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v13 + uses: DeterminateSystems/nix-installer-action@v14 + + - name: Run update + run: nix flake update - - name: Update flake.lock & make PR - id: update - uses: DeterminateSystems/update-flake-lock@v23 + - name: Create pull request + id: pull-request + uses: peter-evans/create-pull-request@v7 with: - commit-msg: "nix: update flake.lock" - pr-title: "nix: update flake.lock" + branch: update-flake-lock + commit-message: "nix: update flake.lock" + title: "nix: update flake.lock" + token: ${{ steps.app-token.outputs.token }} + sign-commits: true - name: Enable auto-merge - if: env.PR_ID != '' + if: ${{ env.PR_ID != '' }} run: gh pr merge --auto --squash "$PR_ID" env: - GH_TOKEN: ${{ secrets.MERGE_TOKEN }} - PR_ID: ${{ steps.update.outputs.pull-request-number }} + PR_ID: ${{ steps.pull-request.outputs.pull-request-number }} + GH_TOKEN: ${{ steps.app-token.outputs.token }} |