Skip to content

Merge pull request #137 from boinkor-net/dependabot/go_modules/gomod-… #35

Merge pull request #137 from boinkor-net/dependabot/go_modules/gomod-…

Merge pull request #137 from boinkor-net/dependabot/go_modules/gomod-… #35

# This action is suuuuper ripped off from tailscale's:
# https://github.com/tailscale/tailscale/blob/main/.github/workflows/update-flake.yml
name: "File PR for updated SRI hash"
on:
push:
branches:
- main
paths:
- go.mod
- go.sum
- .github/workflows/auto_update_sri_pr.yml
workflow_dispatch:
inputs:
push_change:
type: boolean
description: Directly commit and push to the branch in question
default: true
concurrency:
group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
update_sri_hash:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Generate token
id: generate-token
uses: tibdex/github-app-token@v2
with:
app_id: ${{ vars.PR_FIXUP_APP_ID }}
private_key: ${{ secrets.PR_FIXUP_APP_PRIVATE_KEY }}
- uses: actions/checkout@v4
with:
token: ${{secrets.REPO_CONTENT_UPDATE_TOKEN}}
fetch-depth: 0 # otherwise, you will failed to push refs to dest repo
- uses: cachix/install-nix-action@V27
- uses: DeterminateSystems/magic-nix-cache-action@v6
- name: re-generate SRI
run: "nix --extra-experimental-features nix-command --extra-experimental-features flakes run .#regenSRI"
- name: Push changes to ${{github.base_ref}}
if: github.event_name == 'workflow_dispatch' && github.event.inputs.push_change
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "Update gomod SRI hash"
file_pattern: "*.sri"
- name: File pull request
uses: peter-evans/create-pull-request@v6
if: github.event_name != 'workflow_dispatch' || !github.event.inputs.push_change
with:
token: ${{ steps.generate-token.outputs.token }}
author: Flakes Updater <[email protected]>
committer: Flakes Updater <[email protected]>
branch: auto-update-sri
commit-message: "tsnsrv.sri: update SRI hash for go module changes"
title: "tsnsrv.sri: update SRI hash for go module changes"
body: Triggered by ${{ github.repository }}@${{ github.sha }}
signoff: true
delete-branch: true
reviewers: antifuchs