name: Update Nix flakes and commit changes on: schedule: - cron: "0 2/5 * * * *" # not to frequent, GitHub only allows a few pulls per hour jobs: update-and-commit: runs-on: native steps: - name: checkout repository uses: actions/checkout@v2 with: ref: "update" depth: 0 - name: setup git run: | git config --local user.email "action@git.ingolf-wagner.de" git config --local user.name "Forgejo Action" # fixme: not working for some reason #- name: rebase with main branch # run: | # git fetch origin main # git rebase origin/main - name: setup ssh run: | cat < .id_rsa ${{ secrets.SSH_KEY }} EOF chmod 600 .id_rsa eval $(ssh-agent) ssh-add .id_rsa cat < "$GITHUB_ENV" SSH_AUTH_SOCK="$SSH_AUTH_SOCK" SSH_AGENT_PID=$SSH_AGENT_PID EOF - name: update nix flakes run: nix flake update # we need the ssh-agent here, otherwise git push would use the GITHUB_TOKEN # which prevents other workflows to be triggered - name: commit and push changes run: | git diff --quiet && \ git diff --staged --quiet || \ (git commit -am "Update Nix flakes" && git push) - name: teardown ssh if: always() run: | echo $SSH_AGENT_PID kill $SSH_AGENT_PID