ci(release): add nix module version&sha256 bump

2025-08-30 09:58:00 +02:00 · 2025-07-07 03:48:38 +02:00
parent d85ebc0e78
commit f0ef834eaa
1 changed files with 34 additions and 14 deletions
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -23,26 +23,13 @@ jobs:
        id: check-ver-changed
        run: |
          GIT_TAG=$(git describe --no-long --abbrev=0 --tags --always)
-
          MAKE_TAG=$(make print-version)
-          NIX_VER=$(sed -nE \
-            's/.*version\s*=\s*"([0-9.]*)".*/\1/p' \
-            assets/pkg/nix/module.nix
-          )

          if [[ "$GIT_TAG" == "v$MAKE_TAG" ]]; then
            echo "ERR: Git tag matches makefile, did you bump Makefile up?" >&2
            exit 1
          fi
-          if [[ "$GIT_TAG" == "v$NIX_VER" ]]; then
-            echo "ERR: Nix module version matches git, did you bump Nix up?" >&2
-            exit 1
-          fi

-          if ! [[ "$NIX_VER" == "$MAKE_TAG" ]]; then
-            echo "ERR: Nix module version and make tag don't match" >&2
-            exit 1
-          fi
          echo "VERSION=$MAKE_TAG" >> "$GITHUB_OUTPUT"


@@ -86,7 +73,6 @@ jobs:
    needs: [ release-checks, release ]
    steps:
      - run: pacman -Sy --noconfirm git github-cli base-devel pacman-contrib
-
      - uses: actions/checkout@v4

      - run: |
@@ -112,3 +98,37 @@ jobs:
            --body "*This PR was created automatically*"
        env:
          GH_TOKEN: ${{ github.token }}
+
+  nix-update:
+    name: Update NixOS module
+    runs-on: ubuntu-24.04
+    permissions: write-all
+    needs: [ release-checks, release ]
+    steps:
+      - uses: cachix/install-nix-action@v31
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+
+      - run: |
+          tmpdir=$(mktemp -d)
+          git archive v${{ needs.release-checks.outputs.VERSION }} | tar -xC "$tmpdir"
+          sha256sum=$(nix hash path "$tmpdir")
+
+          sed -i -E 's/(.*version\s*=\s*")[0-9.]*(".*)/\1'${{ needs.release-checks.outputs.VERSION }}'\2/' assets/pkg/nix/module.nix
+          sed -i -E 's/(.*sha256\s*=\s*")[^"]*(".*)/\1'"$sha256sum"'\2/' assets/pkg/nix/module.nix
+        # would be cool to be able to check the new module.nix builds
+
+      - run: |
+          BRANCH=actions/update-nix-${{ needs.release-checks.outputs.VERSION }}
+          git config --global --add safe.directory $GITHUB_WORKSPACE
+          git config user.name "GitHub Actions"
+          git config user.email "actions@github.com"
+          git checkout -b $BRANCH
+          git commit -am "Update NixOS module to v${{ needs.release-checks.outputs.VERSION }}"
+          git push -u origin $BRANCH
+          gh pr create --head $BRANCH \
+            --title "[Nix update]: Bump to ${{ needs.release-checks.outputs.VERSION }}" \
+            --body "*This PR was created automatically*"
+        env:
+          GH_TOKEN: ${{ github.token }}