diff --git a/.github/workflows/flakeupdate.yml b/.github/workflows/flakeupdate.yml new file mode 100644 index 000000000..5a92a1ddf --- /dev/null +++ b/.github/workflows/flakeupdate.yml @@ -0,0 +1,39 @@ +name: update flake + +on: + workflow_dispatch: + schedule: + - cron: "0 0 * * 0" + +jobs: + update: + runs-on: ubuntu-latest + permissions: + id-token: write + contents: read + steps: + - name: Checkout + uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0 + + - name: Install Nix + uses: cachix/install-nix-action@7ac1ec25491415c381d9b62f0657c7a028df52a7 # v24 + with: + github_access_token: ${{ secrets.GITHUB_TOKEN }} + + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@da2fd6f2563fe3e4f2af8be73b864088564e263d # v20 + with: + pr-title: "flake.lock: Update" + pr-labels: | + dependencies + pr-body: | + Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action. + + ``` + {{ env.GIT_COMMIT_MESSAGE }} + ``` + git-author-name: 'edgelessci' + git-author-email: 'edgelessci@users.noreply.github.com' + git-committer-name: 'edgelessci' + git-committer-email: 'edgelessci@users.noreply.github.com' + token: ${{ secrets.NUNKI_CI_COMMIT_PUSH_PR }}