Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 0 additions & 43 deletions .github/workflows/update-packages.yaml

This file was deleted.

29 changes: 0 additions & 29 deletions .github/workflows/update-submodules.yaml

This file was deleted.

93 changes: 72 additions & 21 deletions checks/effects.nix
Original file line number Diff line number Diff line change
@@ -1,12 +1,45 @@
# Dogfood for nixbot effects: exercises the hercules-style
# secrets file and the current-task state API.
{ inputs, self }:
_args: {
_args:
let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;

# Scheduled effect operating on a fresh clone. The GitToken secret
# authenticates git push (token in the origin URL) and gh (GH_TOKEN).
mkRepoEffect =
name: script:
pkgs.runCommand "effect-${name}"
{
nativeBuildInputs = [
pkgs.cacert
pkgs.git
pkgs.gh
pkgs.jq
pkgs.nix
pkgs.openssh
];
# mkEffect JSON-encodes secretsMap; raw derivations must too.
secretsMap = builtins.toJSON { git.type = "GitToken"; };
# The sandbox does not inherit the host HOME.
HOME = "/build";
}
''
set -euo pipefail
token=$(jq -r '.git.data.token' "$HERCULES_CI_SECRETS_JSON")
export GH_TOKEN="$token"
git config --global user.name "dotfiles-bot"
git config --global user.email "dotfiles-bot@users.noreply.github.com"
git config --global safe.directory '*'
git clone --recurse-submodules \
"https://x-access-token:$token@github.com/Mic92/dotfiles" repo
cd repo
${script}
'';
in
{
onPush.default.outputs.effects = {
state-test =
let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
in
pkgs.runCommand "effect-state-test"
{
nativeBuildInputs = [
Expand All @@ -29,21 +62,7 @@ _args: {
[ "$got" = "state-test $rev" ]
'';

# Always fails: verifies nixbot posts a failed commit status for a
# failed effect instead of leaving it green (Mic92/nixbot#30).
fail-test =
let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
in
pkgs.runCommand "effect-fail-test" { } ''
echo "this effect fails on purpose"
exit 1
'';

sandbox-test =
let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
in
pkgs.runCommand "effect-sandbox-test"
{
nativeBuildInputs = [
Expand Down Expand Up @@ -72,9 +91,6 @@ _args: {
onSchedule.heartbeat = {
when = { };
outputs.effects.heartbeat =
let
pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
in
pkgs.runCommand "effect-heartbeat"
{
nativeBuildInputs = [
Expand All @@ -91,4 +107,39 @@ _args: {
echo heartbeat stored
'';
};

# Daily package updates; one PR per changed package.
onSchedule.update-packages = {
when = {
hour = 3;
minute = 0;
};
outputs.effects.update-packages = mkRepoEffect "update-packages" ''
nix run .#updater -- --pr
'';
};

# Daily zsh submodule bump on a single branch and PR.
onSchedule.update-submodules = {
when = {
hour = 2;
minute = 51;
};
outputs.effects.update-submodules = mkRepoEffect "update-submodules" ''
git submodule update --init --recursive
git submodule update --recursive --remote
if git diff --quiet; then
echo "no submodule changes"
exit 0
fi
branch=update-zsh-modules
git checkout -b "$branch"
git commit -am "Update zsh modules"
git push -f origin "$branch"
if ! gh pr view "$branch" >/dev/null 2>&1; then
gh pr create --head "$branch" --title "Update zsh modules" \
--body "Automated zsh submodule update." --label auto-merge
fi
'';
};
}
Loading