dadada/gitlab-ci-templates
dadada/gitlab-ci-templates
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move nix-flake-update.yml

Browse source
This commit is contained in:
Tim Schubert 2023-10-18 17:52:39 +02:00
parent 1a48ce0459
commit 29534f2bfb
Signed by: dadada
SSH key fingerprint: SHA256:bFAjFH3hR8zRBaJjzQDjc3o4jqoq5EZ87l+KXEjxIz0
1 changed files with 0 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

54
nix-flake-update.yml Normal file
View file

@ -0,0 +1,54 @@
# # GitLab CI job template for `nix flake update --commit-lock-file`
#
# This requires a masked or protected variable `UPDATE_ACCESS_TOKEN` that contains a project access token with at least the scope `api` and `write_repository`.
# The job is intended to be run from a scheduled pipeline. See https://docs.gitlab.com/ee/ci/pipelines/schedules.html
#
# ## Example
#
# ```
# include:
# - https://gist.github.com/dadada/c9184fef6dc7b66c8e94ecf65783ce43/raw
# nix-flake-update:
# variables:
# # The name of the branch that will have the updates.
# BRANCH: update-flake-inputs
# NOTIFY_USERS: "@admin"
# stage: update
# extends: .nix-flake-update
# ```
.nix-flake-update:
# NixOS Docker image
image: nixos/nix
script:
nix flake update --commit-lock-file
before_script:
# Enable support for flakes.
- echo "experimental-features = nix-command flakes" >> /etc/nix/nix.conf
# Use the vendored nixpkgs version.
- nix registry add nixpkgs path:$(readlink -f ${NIX_PATH%%:*}/nixpkgs)
# Install jq for processing MR.
- nix profile install nixpkgs#jq nixpkgs#gnused
# Set up git.
- git config user.email "noreply@${CI_SERVER_HOST}"
- git config user.name "Update Flakes"
- git remote remove gitlab_origin || true
- git remote add gitlab_origin "https://oauth2:${UPDATE_ACCESS_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git"
- git fetch gitlab_origin main
after_script:
- |
if git diff --exit-code HEAD gitlab_origin/main
then
exit
fi
# Upload changes to merge request.
git push -f gitlab_origin HEAD:refs/heads/${BRANCH}
PROJECT_PATH="$(sed 's/\//%2F/g' <<< $CI_PROJECT_PATH)"
MR_ID=$(curl --silent --header "PRIVATE-TOKEN: ${UPDATE_ACCESS_TOKEN}" "${CI_API_V4_URL}/projects/${PROJECT_PATH}/merge_requests?source_branch=${BRANCH}&state=opened" | jq '.[0].id')
if [ "$MR_ID" = "null" ]
then
curl --fail --json "{\"source_branch\": \"$BRANCH\", \"target_branch\": \"main\", \"title\": \"Update inputs\", \"should_remove_source_branch\": true, \"description\": \"$NOTIFY_USERS\"}" --header "PRIVATE-TOKEN: ${UPDATE_ACCESS_TOKEN}" "${CI_API_V4_URL}/projects/${PROJECT_PATH}/merge_requests"
fi
rules:
# Only run on scheduled pipelines.
- if: $CI_PIPELINE_SOURCE == "schedule"