File PR for updated SRI hash #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This action is suuuuper ripped off from tailscale's: | |
| # https://github.com/tailscale/tailscale/blob/main/.github/workflows/update-flake.yml | |
| name: "File PR for updated SRI hash" | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - go.mod | |
| - go.sum | |
| - .github/workflows/auto_update_sri_pr.yml | |
| workflow_dispatch: | |
| inputs: | |
| push_change: | |
| type: boolean | |
| description: Directly commit and push to the branch in question | |
| default: true | |
| concurrency: | |
| group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| update_sri_hash: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Generate token | |
| id: generate-token | |
| uses: tibdex/github-app-token@v2 | |
| with: | |
| app_id: ${{ vars.PR_FIXUP_APP_ID }} | |
| private_key: ${{ secrets.PR_FIXUP_APP_PRIVATE_KEY }} | |
| - uses: actions/checkout@v4 | |
| with: | |
| token: ${{secrets.REPO_CONTENT_UPDATE_TOKEN}} | |
| fetch-depth: 0 # otherwise, you will failed to push refs to dest repo | |
| - name: Cache install Nix packages | |
| uses: mtoohey31/cache-flake-attrs@v2 | |
| with: | |
| key: ${{ runner.os }}-nix-${{ hashFiles('./flake.nix') }} | |
| flake_paths: ".#regenSRI" | |
| - name: re-generate SRI | |
| run: "nix --extra-experimental-features nix-command --extra-experimental-features flakes run .#regenSRI" | |
| - name: Push changes to ${{github.base_ref}} | |
| if: github.event_name == 'workflow_dispatch' && github.event.inputs.push_change | |
| uses: stefanzweifel/git-auto-commit-action@v4 | |
| - name: File pull request | |
| uses: peter-evans/create-pull-request@v5 | |
| if: github.event_name != 'workflow_dispatch' || !github.event.inputs.push_change | |
| with: | |
| token: ${{ steps.generate-token.outputs.token }} | |
| author: Flakes Updater <noreply+flakes-updater@boinkor.net> | |
| committer: Flakes Updater <noreply+flakes-updater@boinkor.net> | |
| branch: auto-update-sri | |
| commit-message: "tsnsrv.sri: update SRI hash for go module changes" | |
| title: "tsnsrv.sri: update SRI hash for go module changes" | |
| body: Triggered by ${{ github.repository }}@${{ github.sha }} | |
| signoff: true | |
| delete-branch: true | |
| reviewers: antifuchs |