nixos/.github/workflows/flake-update.yaml

37 lines
1.1 KiB
YAML

---
name: Periodic flake update
on: # yamllint disable-line rule:truthy
schedule:
- cron: "0 */2 * * *"
permissions:
contents: write
jobs:
flake-update:
runs-on: ubuntu-latest
container:
image: ghcr.io/catthehacker/ubuntu:runner-latest
steps:
- uses: actions/checkout@v3
with:
ref: master
- uses: cachix/install-nix-action@v27
- name: configure git
env:
SSH_PRIVKEY: ${{ secrets.BOT_SSH_PRIVKEY }}
SSH_PUBKEY: ${{ secrets.BOT_SSH_PUBKEY }}
run: |
echo "$SSH_PRIVKEY" > "$RUNNER_TEMP/id_ed25519"
echo "$SSH_PUBKEY" > "$RUNNER_TEMP/id_ed25519.pub"
chmod -R 0600 "$RUNNER_TEMP/id_ed25519.pub" "$RUNNER_TEMP/id_ed25519"
git config --global user.name 'torjus-bot'
git config --global user.email 'torjus-bot@git.t-juice.club'
git config --global user.signingKey "$RUNNER_TEMP/id_ed25519.pub"
git config --global gpg.format ssh
git config --global commit.gpgsign true
- name: flake update
run: nix flake update --commit-lock-file
- name: push
run: git push