Update ⬆️ #259
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Update ⬆️ | |
| 'on': | |
| schedule: | |
| - cron: '30 3 * * 1,5' # At 03:30 on Monday, and Friday. | |
| workflow_dispatch: | |
| jobs: | |
| update: | |
| name: Update dependencies | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@v10 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v4 | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # Update flake | |
| - name: Update flake inputs | |
| run: 'nix flake update' | |
| env: | |
| github_token: '${{ secrets.GITHUB_TOKEN }}' | |
| # Pre-fetch deps | |
| - name: Pre-fetch deps | |
| run: 'nix develop --command true' | |
| env: | |
| github_token: '${{ secrets.GITHUB_TOKEN }}' | |
| # Do updates of nixpkgs and other dependencies. | |
| - name: Update all dependencies | |
| run: 'nix develop --command make update-all' | |
| env: | |
| github_token: '${{ secrets.GITHUB_TOKEN }}' | |
| # Commit the updated dependencies to temporary branch | |
| - uses: stefanzweifel/git-auto-commit-action@v5.0.0 | |
| with: | |
| commit_message: 'cron(treewide): Upgrade systems' | |
| branch: tmp-updater-branch | |
| create_branch: true | |
| push_options: '--force' | |
| cache: | |
| name: Cache system | |
| runs-on: ubuntu-22.04 | |
| needs: update | |
| strategy: | |
| matrix: | |
| hostname: | |
| - laptop-private-elis | |
| - server-main-elis | |
| - server-sparv | |
| - vps04 | |
| - vps06 | |
| steps: | |
| # Clone the code from the temporary branch | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: tmp-updater-branch | |
| - uses: DeterminateSystems/nix-installer-action@v10 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v4 | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # Build systems. | |
| - name: Build system derivation | |
| uses: nick-fields/retry@v3 | |
| with: | |
| max_attempts: 3 | |
| timeout_minutes: 60 | |
| command: 'nix build .#nixosConfigurations.${{ matrix.hostname }}.config.system.build.toplevel' | |
| cache-shell: | |
| name: Cache nix shell | |
| runs-on: ubuntu-22.04 | |
| needs: update | |
| steps: | |
| # Clone the code from the temporary branch | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: tmp-updater-branch | |
| - uses: DeterminateSystems/nix-installer-action@v10 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v4 | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Check the flake | |
| run: 'nix build .#devShells.x86_64-linux.default' | |
| check: | |
| name: Check flake | |
| runs-on: ubuntu-22.04 | |
| needs: cache | |
| steps: | |
| # Clone the code from the temporary branch | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: tmp-updater-branch | |
| - uses: DeterminateSystems/nix-installer-action@v10 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v4 | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: etu | |
| extraPullNames: 'nix-community' | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: Check the flake | |
| run: 'nix flake check' | |
| promote: | |
| name: Promote to main branch | |
| runs-on: ubuntu-22.04 | |
| needs: check | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| ref: main | |
| - name: Get remote branch data | |
| run: 'git fetch' | |
| - name: Get the tmp-updater-branch branch | |
| run: 'git checkout tmp-updater-branch' | |
| - name: Push temporary branch to main branch | |
| run: 'git push origin tmp-updater-branch:main' | |
| - name: Delete the temporary branch | |
| run: 'git push origin --delete tmp-updater-branch' | |
| deploy: | |
| name: Deploy systems | |
| runs-on: ubuntu-22.04 | |
| needs: promote | |
| # Don't cancel jobs if one job fails | |
| continue-on-error: true | |
| strategy: | |
| matrix: | |
| hostname: | |
| - server-main-elis | |
| - server-sparv | |
| - vps04 | |
| - vps06 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: | | |
| git pull | |
| - uses: DeterminateSystems/nix-installer-action@v10 | |
| - uses: DeterminateSystems/magic-nix-cache-action@v4 | |
| # Build systems. | |
| - name: Build system derivation | |
| uses: nick-fields/retry@v3 | |
| with: | |
| max_attempts: 2 | |
| timeout_minutes: 30 | |
| command: 'nix build .#nixosConfigurations.${{ matrix.hostname }}.config.system.build.toplevel' | |
| # Configure SSH key | |
| - uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| name: id_ed25519 | |
| known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} | |
| # Deploy systems | |
| - name: Deploy system | |
| run: 'nix develop -c deploy --skip-checks --targets .#${{ matrix.hostname }}' |