github: automatically update flake.lock every week
Summary: Keeping the flake.lock up to date and 'fresh' is nice for
all the same reasons that apply to things like Cargo, Poetry, etc.
Unfortunately, dependabot doesn't have support for Nix flakes. There is also
no mechanism to add 'out of band' updates through dependabot, at least not yet.
Instead, we use the `update-flake-lock` action from Determinate Systems, which
can paper over it for us.
This updates once a week on Sunday, which is pretty fine, I think.
A theoretical downside of this approach is that we can't group updates together
like dependabot does; but dependabot only groups 'related' updates together,
i.e. updates to Cargo dependencies. If it also detected updates for e.g. Poetry
or Nix, it would make separate PRs for those.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Change-Id: I6f447deffc545da77fb320519abcf437
2023-10-28 16:54:05 +00:00
|
|
|
name: Update nix flake.lock
|
|
|
|
on:
|
|
|
|
workflow_dispatch: # allows manual triggering
|
|
|
|
schedule:
|
|
|
|
- cron: '40 3 * * 0' # runs weekly on Sunday at 03:40
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
lockfile:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
|
|
- name: Checkout repository
|
2023-11-03 15:44:02 +00:00
|
|
|
uses: actions/checkout@v4
|
github: automatically update flake.lock every week
Summary: Keeping the flake.lock up to date and 'fresh' is nice for
all the same reasons that apply to things like Cargo, Poetry, etc.
Unfortunately, dependabot doesn't have support for Nix flakes. There is also
no mechanism to add 'out of band' updates through dependabot, at least not yet.
Instead, we use the `update-flake-lock` action from Determinate Systems, which
can paper over it for us.
This updates once a week on Sunday, which is pretty fine, I think.
A theoretical downside of this approach is that we can't group updates together
like dependabot does; but dependabot only groups 'related' updates together,
i.e. updates to Cargo dependencies. If it also detected updates for e.g. Poetry
or Nix, it would make separate PRs for those.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Change-Id: I6f447deffc545da77fb320519abcf437
2023-10-28 16:54:05 +00:00
|
|
|
- name: Install Nix
|
2023-11-22 15:58:51 +00:00
|
|
|
uses: DeterminateSystems/nix-installer-action@07b8bcba1b22d847db7ee507180c33e115499665
|
github: automatically update flake.lock every week
Summary: Keeping the flake.lock up to date and 'fresh' is nice for
all the same reasons that apply to things like Cargo, Poetry, etc.
Unfortunately, dependabot doesn't have support for Nix flakes. There is also
no mechanism to add 'out of band' updates through dependabot, at least not yet.
Instead, we use the `update-flake-lock` action from Determinate Systems, which
can paper over it for us.
This updates once a week on Sunday, which is pretty fine, I think.
A theoretical downside of this approach is that we can't group updates together
like dependabot does; but dependabot only groups 'related' updates together,
i.e. updates to Cargo dependencies. If it also detected updates for e.g. Poetry
or Nix, it would make separate PRs for those.
Signed-off-by: Austin Seipp <aseipp@pobox.com>
Change-Id: I6f447deffc545da77fb320519abcf437
2023-10-28 16:54:05 +00:00
|
|
|
- name: Update flake.lock
|
|
|
|
uses: DeterminateSystems/update-flake-lock@da2fd6f2563fe3e4f2af8be73b864088564e263d
|
|
|
|
with:
|
|
|
|
pr-title: "nix: update flake.lock"
|
|
|
|
pr-assignees: thoughtpolice
|
|
|
|
pr-reviewers: thoughtpolice
|
|
|
|
pr-labels: |
|
|
|
|
dependencies
|