Improve auto updates and welcome @infinixbot (#15)

Improves upon the automated update PRs introduced in #12 to resolve issues brought up in the first automated PR #14. * Give more information about the updates, not much, but at least the output of npins update * Update all npins sources, not just Nixpkgs. * Run `cargo update` * Make it trigger CI by using an unprivileged separate machine account (welcome, @infinixbot!) * Set committer and author of the commits to the machine account
NixOS · Mar 21, 2024 · 0f556f9 · 0f556f9
2 parents 595ab40 + 157ab23
commit 0f556f9
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
@@ -14,13 +14,20 @@ jobs:
 
       - name: update
         run: |
-          nix-build -A pkgs.npins
-          result/bin/npins update nixpkgs
+          nix-build -A autoPrUpdate
+          result/bin/auto-pr-update > body
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
         with:
-          commit-message: "Automated Nixpkgs update"
-          branch: auto-nixpkgs-update
-          title: "Automated Nixpkgs update"
-          body: "Update the pinned Nixpkgs automatically"
+          # To trigger CI for automated PRs, we use a separate machine account
+          # See https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs
+          # and https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#push-pull-request-branches-to-a-fork
+          token: ${{ secrets.MACHINE_USER_PAT }}
+          push-to-fork: infinixbot/nixpkgs-check-by-name
+          committer: infinixbot <[email protected]>
+          author: infinixbot <[email protected]>
+          commit-message: "Automated update"
+          branch: auto-update
+          title: "Automated update"
+          body-path: body
diff --git a/default.nix b/default.nix
@@ -53,6 +53,30 @@ build // {
     ];
   };
 
+  # Run regularly by CI and turned into a PR
+  autoPrUpdate = pkgs.writeShellApplication {
+    name = "auto-pr-update";
+    runtimeInputs = with pkgs; [
+      npins
+      cargo
+    ];
+    text =
+      let
+        commands = [
+          "npins update"
+          "cargo update"
+        ];
+      in
+      ''
+        echo "Run automated updates"
+      ''
+      + pkgs.lib.concatMapStrings (command: ''
+        echo -e '<details><summary>${command}</summary>\n\n```'
+        ${command} 2>&1
+        echo -e '```\n</details>'
+      '') commands;
+  };
+
   # Tests the tool on the pinned Nixpkgs tree, this is a good sanity check
   checks.nixpkgs = pkgs.runCommand "test-nixpkgs-check-by-name" {
     nativeBuildInputs = [