feat: add self-update workflow

This commit is contained in:
Defelo 2025-06-26 16:12:58 +02:00
commit defa915959
No known key found for this signature in database
GPG key ID: 2A05272471204DD3
2 changed files with 61 additions and 0 deletions

54
.github/workflows/self-update.yml vendored Normal file
View file

@ -0,0 +1,54 @@
name: self-update
permissions: {}
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
update:
runs-on: ubuntu-latest
steps:
- name: ensure token
run: |
if [[ -z "$GH_TOKEN" ]]; then
echo "::error::GH_SELF_UPDATE_TOKEN secret is not set. Please either set this secret or disable this workflow."
exit 1
fi
env:
GH_TOKEN: ${{ secrets.GH_SELF_UPDATE_TOKEN }}
- name: get upstream repo
id: upstream
run: |
upstream="$(gh api /repos/"$REPO" | jq -er .parent.clone_url)"
echo "upstream=$upstream" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ github.token }}
REPO: ${{ github.repository }}
- name: configure git
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
- name: clone repository
uses: actions/checkout@v2
with:
token: ${{ secrets.GH_SELF_UPDATE_TOKEN }}
fetch-depth: 0
- name: add upstream remote
run: |
git remote add upstream "$UPSTREAM"
git fetch upstream HEAD:upstream/HEAD
env:
UPSTREAM: ${{ steps.upstream.outputs.upstream }}
- name: rebase
run: git rebase upstream/HEAD
- name: push
run: git push --force-with-lease

View file

@ -14,6 +14,7 @@ Run [nixpkgs-review](https://github.com/Mic92/nixpkgs-review) in GitHub Actions
## Setup
1. [Fork](https://github.com/Defelo/nixpkgs-review-gha/fork) this repository.
2. In your fork, go to the [Actions](../../actions) tab and enable GitHub Actions workflows.
3. If you don't want to set up [automatic self-updates](#automatic-self-updates-optional), please disable the `self-update` workflow ([Actions / `self-update`](../../actions/workflows/self-update.yml) > `...` button (top right corner) > `Disable workflow`).
### Post Results / Auto Approve (optional)
If you want nixpkgs-review-gha to automatically post the results on the reviewed pull requests or automatically approve them, you need to generate a [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens):
@ -21,6 +22,12 @@ If you want nixpkgs-review-gha to automatically post the results on the reviewed
1. Go to <https://github.com/settings/tokens> and generate a new **classic** token with the `public_repo` scope.
2. In your fork, go to "Settings" > "Secrets and variables" > "Actions" and [add a new repository secret](../../settings/secrets/actions/new) with the name `GH_TOKEN` and set its value to the personal access token you generated before.
### Automatic Self-Updates (optional)
If you want your fork to update itself on a regular basis, you need to generate a [personal access token](https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens). Note that this token is different from the one used above!
1. Go to <https://github.com/settings/personal-access-tokens> and generate a new **Fine-grained token** token with access to only your fork ("Repository access" > "Only select repositories") and "Read and write" permissions for both "Contents" and "Workflows".
2. In your fork, go to "Settings" > "Secrets and variables" > "Actions" and [add a new repository secret](../../settings/secrets/actions/new) with the name `GH_SELF_UPDATE_TOKEN` and set its value to the personal access token you generated before.
### Push to Attic Cache (optional)
Follow these steps if you want nixpkgs-review-gha to push new packages to an [Attic](https://github.com/zhaofengli/attic) cache. Replace `$CACHE` with the name of your cache (e.g. `nixpkgs`) and `$SERVER` with the url of your Attic server (e.g. `https://attic.example.com/`):