update-flake-lock/action.yml
dependabot[bot] 0631a12d9a build(deps): bump crazy-max/ghaction-import-gpg from 5 to 6
Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 5 to 6.
- [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases)
- [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/v5...v6)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-import-gpg
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-02-28 14:54:51 -08:00

202 lines
7.8 KiB
YAML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: 'Update Nix Flake Lock'
description: 'Update your Nix flake.lock and send a PR'
inputs:
inputs:
description: 'A space-separated list of inputs to update. Leave empty to update all inputs.'
required: false
default: ''
token:
description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
required: false
default: ${{ github.token }}
commit-msg:
description: 'The message provided with the commit'
required: false
default: "flake.lock: Update"
base:
description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow."
required: false
branch:
description: 'The branch of the PR to be created'
required: false
default: "update_flake_lock_action"
path-to-flake-dir:
description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.'
required: false
default: ''
pr-title:
description: 'The title of the PR to be created'
required: false
default: "flake.lock: Update"
pr-body:
description: 'The body of the PR to be created'
required: false
default: |
Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
```
{{ env.GIT_COMMIT_MESSAGE }}
```
### Running GitHub Actions on this PR
GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.
To run GitHub Actions workflows on this PR, run:
```sh
git branch -D update_flake_lock_action
git fetch origin
git checkout update_flake_lock_action
git commit --amend --no-edit
git push origin update_flake_lock_action --force
```
pr-labels:
description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
required: false
default: ''
pr-assignees:
description: 'A comma or newline separated list of assignees (GitHub usernames).'
required: false
default: ''
pr-reviewers:
description: 'A comma or newline separated list of reviewers (GitHub usernames) to request a review from.'
required: false
default: ''
git-author-name:
description: 'Author name used for commit. Only used if sign-commits is false.'
required: false
default: 'github-actions[bot]'
git-author-email:
description: 'Author email used for commit. Only used if sign-commits is false.'
required: false
default: 'github-actions[bot]@users.noreply.github.com'
git-committer-name:
description: 'Committer name used for commit. Only used if sign-commits is false.'
required: false
default: 'github-actions[bot]'
git-committer-email:
description: 'Committer email used for commit. Only used if sign-commits is false.'
required: false
default: 'github-actions[bot]@users.noreply.github.com'
sign-commits:
description: 'Set to true if the action should sign the commit with GPG'
required: false
default: 'false'
gpg-private-key:
description: 'GPG Private Key with which to sign the commits in the PR to be created'
required: false
default: ''
gpg-fingerprint:
description: 'Fingerprint of specific GPG subkey to use'
required: false
gpg-passphrase:
description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
required: false
default: ''
nix-options:
description: 'A space-separated list of options to pass to the nix command'
required: false
default: ''
outputs:
pull-request-number:
description: 'The number of the opened pull request'
value: ${{ steps.create-pr.outputs.pull-request-number }}
pull-request-operation:
description: 'The pull request operation performed by the action, `created`, `updated` or `closed`.'
value: ${{ steps.create-pr.outputs.pull-request-operation }}
runs:
using: "composite"
steps:
- name: Import bot's GPG key for signing commits
if: ${{ inputs.sign-commits == 'true' }}
id: import-gpg
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: ${{ inputs.gpg-private-key }}
fingerprint: ${{ inputs.gpg-fingerprint }}
passphrase: ${{ inputs.gpg-passphrase }}
git_config_global: true
git_user_signingkey: true
git_commit_gpgsign: true
- name: Set environment variables (signed commits)
if: ${{ inputs.sign-commits == 'true' }}
shell: bash
env:
GIT_AUTHOR_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_AUTHOR_EMAIL: ${{ steps.import-gpg.outputs.email }}
GIT_COMMITTER_NAME: ${{ steps.import-gpg.outputs.name }}
GIT_COMMITTER_EMAIL: ${{ steps.import-gpg.outputs.email }}
TARGETS: ${{ inputs.inputs }}
run: |
echo "GIT_AUTHOR_NAME=$GIT_AUTHOR_NAME" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=<$GIT_AUTHOR_EMAIL>" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=$GIT_COMMITTER_NAME" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=<$GIT_COMMITTER_EMAIL>" >> $GITHUB_ENV
- name: Set environment variables (unsigned commits)
if: ${{ inputs.sign-commits != 'true' }}
shell: bash
run: |
echo "GIT_AUTHOR_NAME=${{ inputs.git-author-name }}" >> $GITHUB_ENV
echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
- name: Run update-flake-lock.sh
run: $GITHUB_ACTION_PATH/update-flake-lock.sh
shell: bash
env:
GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }}
GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
NIX_OPTIONS: ${{ inputs.nix-options }}
TARGETS: ${{ inputs.inputs }}
COMMIT_MSG: ${{ inputs.commit-msg }}
PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
- name: Save PR Body as file
uses: DamianReeves/write-file-action@v1.2
with:
path: pr_body.template
contents: ${{ inputs.pr-body }}
env: {}
- name: Set additional env variables (GIT_COMMIT_MESSAGE)
shell: bash
run: |
DELIMITER=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
COMMIT_MESSAGE="$(git log --format=%b -n 1)"
echo "GIT_COMMIT_MESSAGE<<$DELIMITER" >> $GITHUB_ENV
echo "$COMMIT_MESSAGE" >> $GITHUB_ENV
echo "$DELIMITER" >> $GITHUB_ENV
echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}"
- name: Interpolate PR Body
uses: pedrolamas/handlebars-action@v2.2.0
with:
files: 'pr_body.template'
output-filename: 'pr_body.txt'
- name: Read pr_body.txt
id: pr_body
uses: juliangruber/read-file-action@v1
with:
path: "pr_body.txt"
# We need to remove the pr_body files so that the
# peter-evans/create-pull-request action does not commit it (the
# action commits all new and modified files).
- name: Remove PR body template files
shell: bash
run: rm -f pr_body.txt pr_body.template
- name: Create PR
id: create-pr
uses: peter-evans/create-pull-request@v6
with:
base: ${{ inputs.base }}
branch: ${{ inputs.branch }}
delete-branch: true
committer: ${{ env.GIT_COMMITTER_NAME }} ${{ env.GIT_COMMITTER_EMAIL }}
author: ${{ env.GIT_AUTHOR_NAME }} ${{ env.GIT_AUTHOR_EMAIL }}
title: ${{ inputs.pr-title }}
token: ${{ inputs.token }}
assignees: ${{ inputs.pr-assignees }}
labels: ${{ inputs.pr-labels }}
reviewers: ${{ inputs.pr-reviewers }}
body: ${{ steps.pr_body.outputs.content }}