1name: Update flake.lock
2
3on:
4 push:
5 branches: [master]
6 paths: [go.sum]
7 workflow_dispatch:
8
9permissions:
10 contents: write
11 pull-requests: write
12
13jobs:
14 update:
15 runs-on: ubuntu-latest
16 steps:
17 - uses: actions/checkout@v7
18
19 - uses: DeterminateSystems/nix-installer-action@main
20
21 - name: Update flake.lock
22 run: nix flake update
23
24 - name: Create Pull Request
25 env:
26 GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
27 run: |
28 git diff --quiet flake.lock && exit 0
29 BRANCH="chore/update-flake-lock"
30 git config user.name "Floatpane Bot"
31 git config user.email "us@floatpane.com"
32 git checkout -b "$BRANCH"
33 git add flake.lock
34 git commit -m "chore: update flake.lock"
35 git push -f origin "$BRANCH"
36 if ! gh pr list --head "$BRANCH" --state open | grep -q .; then
37 BODY=$(cat <<'EOF'
38 ## What?
39
40 Updates `flake.lock` to the latest revisions of all flake inputs (`nixpkgs`, `flake-utils`, etc.).
41
42 ## Why?
43
44 Keeps Nix inputs current so contributors and CI build against fresh `nixpkgs`. Picks up upstream security and toolchain fixes. Generated automatically by the flake-lock update workflow on changes to `go.sum`.
45 EOF
46 )
47 gh pr create --title "chore: update flake.lock" --body "$BODY" --base master --label chore --label area/nix
48 fi