Merge pull request #158 from boinkor-net/dependabot/go_modules/gomod-… #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This action is suuuuper ripped off from tailscale's: | |
# https://github.com/tailscale/tailscale/blob/main/.github/workflows/update-flake.yml | |
name: "File PR for updated SRI hash" | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- go.mod | |
- go.sum | |
- .github/workflows/auto_update_sri_pr.yml | |
workflow_dispatch: | |
inputs: | |
push_change: | |
type: boolean | |
description: Directly commit and push to the branch in question | |
default: true | |
concurrency: | |
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
update_sri_hash: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
steps: | |
- name: Generate token | |
id: generate-token | |
uses: tibdex/github-app-token@v2 | |
with: | |
app_id: ${{ vars.PR_FIXUP_APP_ID }} | |
private_key: ${{ secrets.PR_FIXUP_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@v4 | |
with: | |
token: ${{secrets.REPO_CONTENT_UPDATE_TOKEN}} | |
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo | |
- uses: cachix/install-nix-action@V27 | |
- uses: DeterminateSystems/magic-nix-cache-action@v7 | |
- name: re-generate SRI | |
run: "nix --extra-experimental-features nix-command --extra-experimental-features flakes run .#generate-sri-tsnsrv" | |
- name: Push changes to ${{github.base_ref}} | |
if: github.event_name == 'workflow_dispatch' && github.event.inputs.push_change | |
uses: stefanzweifel/git-auto-commit-action@v5 | |
with: | |
commit_message: "Update gomod SRI hash" | |
file_pattern: "*.sri" | |
- name: File pull request | |
uses: peter-evans/create-pull-request@v6 | |
if: github.event_name != 'workflow_dispatch' || !github.event.inputs.push_change | |
with: | |
token: ${{ steps.generate-token.outputs.token }} | |
author: Flakes Updater <[email protected]> | |
committer: Flakes Updater <[email protected]> | |
branch: auto-update-sri | |
commit-message: "tsnsrv.sri: update SRI hash for go module changes" | |
title: "tsnsrv.sri: update SRI hash for go module changes" | |
body: Triggered by ${{ github.repository }}@${{ github.sha }} | |
signoff: true | |
delete-branch: true | |
reviewers: antifuchs |