ci: improve workflows and update flake

gopad · May 25, 2024 · 37081f5 · 37081f5
1 parent a84b436
commit 37081f5
Show file tree

Hide file tree

Showing 5 changed files with 577 additions and 31 deletions.
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -0,0 +1,49 @@
+---
+name: automerge
+
+"on":
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - master
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  dependabot:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+
+    steps:
+      - name: Generate token
+        id: token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.TOKEN_EXCHANGE_APP }}
+          installation_retrieval_mode: id
+          installation_retrieval_payload: ${{ secrets.TOKEN_EXCHANGE_INSTALL }}
+          private_key: ${{ secrets.TOKEN_EXCHANGE_KEY }}
+          permissions: >-
+            {"contents": "write", "pull_requests": "write", "issues": "write"}
+
+      - name: Fetch metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Approve request
+        id: approve
+        run: gh pr review --approve "${{github.event.pull_request.html_url}}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Enable automerge
+        id: automerge
+        run: gh pr merge --rebase --auto "${{github.event.pull_request.html_url}}"
+        env:
+          GH_TOKEN: ${{ steps.token.outputs.token }}
+
+...
diff --git a/.github/workflows/flake.yml b/.github/workflows/flake.yml
@@ -0,0 +1,56 @@
+---
+name: flake
+
+"on":
+  workflow_dispatch:
+  schedule:
+    - cron: "0 8 * * 1"
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  flake:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Generate token
+        id: token
+        uses: tibdex/github-app-token@v2
+        with:
+          app_id: ${{ secrets.TOKEN_EXCHANGE_APP }}
+          installation_retrieval_mode: id
+          installation_retrieval_payload: ${{ secrets.TOKEN_EXCHANGE_INSTALL }}
+          private_key: ${{ secrets.TOKEN_EXCHANGE_KEY }}
+          permissions: >-
+            {"contents": "write", "pull_requests": "write"}
+
+      - name: Checkout source
+        id: source
+        uses: actions/checkout@v4
+
+      - name: Install nix
+        id: nix
+        uses: cachix/install-nix-action@v27
+
+      - name: Update flake
+        id: flake
+        uses: DeterminateSystems/update-flake-lock@v21
+        with:
+          commit-msg: "chore(flake): updated lockfile"
+          pr-title: "chore: automated flake update"
+          pr-body: "New flakelock generated, automerge should handle that!"
+          pr-labels: renovate
+          git-author-name: GitHub Actions
+          git-author-email: github@cloudhippie.de
+          token: ${{ steps.token.outputs.token }}
+
+      - name: Enable automerge
+        id: automerge
+        if: steps.flake.outputs.pull-request-operation == 'created'
+        run: gh pr merge --rebase --auto "${{ steps.flake.outputs.pull-request-number }}"
+        env:
+          GH_TOKEN: ${{ steps.token.outputs.token }}
+
+...
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 .direnv
+.devenv
+
 .yardoc
 .bundle
-Original file line number
+Diff line change
@@ -1,3 +1,5 @@
     .direnv
+    .devenv
     .yardoc
     .bundle