nix: move dev outputs to subflake

2024-04-10 01:03:45 -04:00 · 2024-04-10 01:03:45 -04:00 · 921540e249
commit 921540e249
parent 3503dda44d
18 changed files with 461 additions and 331 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -27,7 +27,7 @@ jobs:
      - name: Build Docker image
        id: build
        run: |
-          nix build --print-build-logs .#container-${{ matrix.arch }}
+          nix build --print-build-logs ./nix/dev#container-${{ matrix.arch }}
          [ ! -L result ] && exit 1
          echo "path=$(readlink -f result)" >> "$GITHUB_OUTPUT"

--- a/.github/workflows/nix.yml
+++ b/.github/workflows/nix.yml
@ -48,4 +48,6 @@ jobs:
        uses: DeterminateSystems/magic-nix-cache-action@v4

      - name: Run checks
-        run: nix flake check --print-build-logs --show-trace
+        run: |
+          cd ./nix/dev
+          nix flake check --print-build-logs --show-trace
--- a/.github/workflows/update-flake.yml
+++ b/.github/workflows/update-flake.yml
@ -8,21 +8,65 @@ on:

 jobs:
  update:
+    name: Run update
    runs-on: ubuntu-latest

    permissions:
      contents: write
      pull-requests: write

+    env:
+      PR_BRANCH: 'update-lockfiles'
+
    steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4

      - name: Install Nix
-        uses: nixbuild/nix-quick-install-action@v27
+        uses: DeterminateSystems/nix-installer-action@v10

-      - name: Update and create PR
-        uses: DeterminateSystems/update-flake-lock@v21
-        with:
-          commit-msg: 'nix: update flake.lock'
-          pr-title: 'nix: update flake.lock'
-          token: ${{ github.token }}
+      - name: Set Git user info
+        run: |
+          git config user.name 'github-actions[bot]'
+          git config user.email 'github-actions[bot]@users.noreply.github.com'
+
+      - name: Create new branch
+        id: branch
+        run: |
+          git switch -c "$PR_BRANCH"
+
+      - name: Update flake inputs
+        run: |
+          pushd nix/dev
+          nix flake update \
+            --commit-lock-file \
+            --commit-lockfile-summary "nix: update dev flake.lock"
+          popd
+
+          nix flake update \
+            --commit-lock-file \
+            --commit-lockfile-summary "nix: update flake.lock"
+
+      - name: Make PR if needed
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          if ! git diff --color=always --exit-code origin/main; then
+            git fetch origin "$PR_BRANCH" || true
+            git push --force-with-lease -u origin "$PR_BRANCH"
+
+            open_prs="$(gh pr list --base main --head "$PR_BRANCH" | wc -l)"
+            if [ "$open_prs" -eq 0 ]; then
+              gh pr create \
+                --base main \
+                --head "$PR_BRANCH" \
+                --title "chore: update lockfiles" \
+                --fill
+            fi
+          fi
+
+      - name: Enable auto-merge
+        shell: bash
+        run: gh pr merge --auto --squash
+        env:
+          GH_TOKEN: ${{ secrets.MERGE_TOKEN }}