diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 0000000..cf8daac --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,66 @@ +name: Fix pnpm dependency hash + +on: + push: + branches: [main] + pull_request: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +jobs: + fix-nix-hash: + runs-on: ubuntu-latest + permissions: write-all + steps: + - name: "Checkout Repository" + uses: actions/checkout@v5 + with: + fetch-depth: 2 + + - name: "Get changed files" + id: changed-files + uses: dorny/paths-filter@v3 + with: + filters: | + files: + - 'flake.nix' + - 'package.json' + - 'pnpm-lock.yaml' + + # Exit early if no relevant files are updated + - name: Install Nix + uses: cachix/install-nix-action@v31.9.0 + if: steps.changed-files.outputs.files == 'true' + with: + nix_path: nixpkgs=channel:nixos-unstable + extra_nix_config: | + substituters = https://cache.nixos.org/ https://feel-co.cachix.org + trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= feel-co.cachix.org-1:nwEFNnwZvtl4KKSH5LDg+/+K7bV0vcs6faMHAJ6xx0w= + + - name: Update Dependency Hash + if: steps.changed-files.outputs.files == 'true' + run: | + if nix build --print-build-logs .# 2> /tmp/log; then + exit 0 + fi + + hash="$(grep 'got:' /tmp/log | awk '{print $2}')" + + if [ -n "$hash" ]; then + echo "hash=$hash" + echo "Updating hash in package.nix" + sed -e "s#hash =.*\$#hash = \"$hash\";#g" -i nix/package.nix + else + echo "No hash found, exiting" + exit 0 # exit with success, this is not error worthy + fi + + git diff + + - name: Update dependencies + uses: stefanzweifel/git-auto-commit-action@v7 + with: + commit_message: "meta: auto-update dependencies"