1name: Nixpkgs Bump PR
2
3# Triggers on stable release publish. Opens PR against NixOS/nixpkgs
4# bumping pkgs/by-name/ma/matcha/package.nix to the new version.
5# Requires:
6# - Fork floatpane/nixpkgs to exist
7# - NIXPKGS_BUMP_TOKEN secret: PAT with `repo` scope on floatpane/nixpkgs
8# and permission to open PRs against NixOS/nixpkgs
9# - Initial matcha package already merged into nixpkgs (this workflow updates, not inits)
10
11on:
12 release:
13 types: [published]
14 workflow_dispatch:
15 inputs:
16 version:
17 description: "Version to bump to (without v prefix)"
18 required: true
19
20permissions:
21 contents: read
22
23jobs:
24 bump:
25 runs-on: ubuntu-latest
26 steps:
27 - name: Determine version
28 id: ver
29 run: |
30 if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
31 VERSION="${{ inputs.version }}"
32 else
33 TAG="${{ github.event.release.tag_name }}"
34 VERSION="${TAG#v}"
35 fi
36 # Skip nightly / preview tags
37 if [[ "$VERSION" == nightly* || "$VERSION" == preview* ]]; then
38 echo "Skipping non-stable release: $VERSION"
39 echo "skip=true" >> $GITHUB_OUTPUT
40 else
41 echo "skip=false" >> $GITHUB_OUTPUT
42 fi
43 echo "version=$VERSION" >> $GITHUB_OUTPUT
44
45 - name: Install Nix
46 if: steps.ver.outputs.skip != 'true'
47 uses: cachix/install-nix-action@v31
48 with:
49 extra_nix_config: |
50 experimental-features = nix-command flakes
51
52 - name: Checkout nixpkgs fork
53 if: steps.ver.outputs.skip != 'true'
54 uses: actions/checkout@v6
55 with:
56 repository: floatpane/nixpkgs
57 token: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
58 path: nixpkgs
59 fetch-depth: 0
60
61 - name: Sync fork with upstream master
62 if: steps.ver.outputs.skip != 'true'
63 working-directory: nixpkgs
64 run: |
65 git config user.name "Floatpane Bot"
66 git config user.email "us@floatpane.com"
67 git remote add upstream https://github.com/NixOS/nixpkgs.git
68 git fetch upstream master
69 git checkout master
70 git reset --hard upstream/master
71 git push origin master --force-with-lease
72
73 - name: Create bump branch
74 if: steps.ver.outputs.skip != 'true'
75 working-directory: nixpkgs
76 run: |
77 BRANCH="matcha-${{ steps.ver.outputs.version }}"
78 git checkout -b "$BRANCH"
79 echo "BRANCH=$BRANCH" >> $GITHUB_ENV
80
81 - name: Get current version
82 if: steps.ver.outputs.skip != 'true'
83 id: current
84 working-directory: nixpkgs
85 run: |
86 PKG=pkgs/by-name/ma/matcha/package.nix
87 OLD=$(grep -E '^\s*version\s*=\s*"' "$PKG" | head -1 | sed -E 's/.*"([^"]+)".*/\1/')
88 echo "old=$OLD" >> $GITHUB_OUTPUT
89
90 - name: Bump version and reset hashes
91 if: steps.ver.outputs.skip != 'true'
92 working-directory: nixpkgs
93 run: |
94 PKG=pkgs/by-name/ma/matcha/package.nix
95 NEW="${{ steps.ver.outputs.version }}"
96 # Replace version line
97 sed -i -E "s/(version\s*=\s*\")[^\"]+(\")/\1$NEW\2/" "$PKG"
98 # Reset src hash + vendorHash to fakeHash so nix build prints real ones
99 sed -i -E 's|hash = "sha256-[A-Za-z0-9+/=]+"|hash = lib.fakeHash|' "$PKG"
100 sed -i -E 's|vendorHash = "sha256-[A-Za-z0-9+/=]+"|vendorHash = lib.fakeHash|' "$PKG"
101
102 - name: Build to extract src hash
103 if: steps.ver.outputs.skip != 'true'
104 id: src_hash
105 working-directory: nixpkgs
106 run: |
107 set +e
108 OUT=$(nix-build -A matcha --no-out-link 2>&1)
109 RC=$?
110 echo "$OUT"
111 HASH=$(echo "$OUT" | grep -A1 "got:" | tail -1 | tr -d ' ')
112 if [ -z "$HASH" ]; then
113 echo "Failed to extract src hash"; exit 1
114 fi
115 echo "hash=$HASH" >> $GITHUB_OUTPUT
116 sed -i -E "s|hash = lib.fakeHash|hash = \"$HASH\"|" pkgs/by-name/ma/matcha/package.nix
117
118 - name: Build to extract vendorHash
119 if: steps.ver.outputs.skip != 'true'
120 working-directory: nixpkgs
121 run: |
122 set +e
123 OUT=$(nix-build -A matcha --no-out-link 2>&1)
124 RC=$?
125 echo "$OUT"
126 HASH=$(echo "$OUT" | grep -A1 "got:" | tail -1 | tr -d ' ')
127 if [ -z "$HASH" ]; then
128 echo "Failed to extract vendorHash"; exit 1
129 fi
130 sed -i -E "s|vendorHash = lib.fakeHash|vendorHash = \"$HASH\"|" pkgs/by-name/ma/matcha/package.nix
131
132 - name: Final build (sanity check)
133 if: steps.ver.outputs.skip != 'true'
134 working-directory: nixpkgs
135 run: nix-build -A matcha --no-out-link
136
137 - name: Commit and push
138 if: steps.ver.outputs.skip != 'true'
139 working-directory: nixpkgs
140 run: |
141 git add pkgs/by-name/ma/matcha/package.nix
142 git commit -m "matcha: ${{ steps.current.outputs.old }} -> ${{ steps.ver.outputs.version }}"
143 git push -u origin "$BRANCH" --force-with-lease
144
145 - name: Open PR against NixOS/nixpkgs
146 if: steps.ver.outputs.skip != 'true'
147 env:
148 GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_TOKEN }}
149 working-directory: nixpkgs
150 run: |
151 BODY=$(cat <<EOF
152 ## Description
153
154 Automated version bump for \`matcha\` email client.
155
156 - Old: ${{ steps.current.outputs.old }}
157 - New: ${{ steps.ver.outputs.version }}
158 - Upstream release: https://github.com/floatpane/matcha/releases/tag/v${{ steps.ver.outputs.version }}
159
160 ## Things done
161
162 - Built on \`x86_64-linux\` via GitHub Actions
163 - Hashes regenerated from upstream tarball
164 - No package metadata changes beyond version + hashes
165
166 cc maintainer for review.
167 EOF
168 )
169 gh pr create \
170 --repo NixOS/nixpkgs \
171 --base master \
172 --head "floatpane:$BRANCH" \
173 --title "matcha: ${{ steps.current.outputs.old }} -> ${{ steps.ver.outputs.version }}" \
174 --body "$BODY"