From f0ef834eaa112c6d22f42fe35c0ec4ff096fd140 Mon Sep 17 00:00:00 2001
From: javalsai <jvssxxi@gmail.com>
Date: Mon, 7 Jul 2025 03:48:38 +0200
Subject: [PATCH] ci(release): add nix module version&sha256 bump

---
 .github/workflows/make-release.yml | 48 +++++++++++++++++++++---------
 1 file changed, 34 insertions(+), 14 deletions(-)

diff --git a/.github/workflows/make-release.yml b/.github/workflows/make-release.yml
index 6549a17..2c542ca 100644
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@@ -23,26 +23,13 @@ jobs:
         id: check-ver-changed
         run: |
           GIT_TAG=$(git describe --no-long --abbrev=0 --tags --always)
-
           MAKE_TAG=$(make print-version)
-          NIX_VER=$(sed -nE \
-            's/.*version\s*=\s*"([0-9.]*)".*/\1/p' \
-            assets/pkg/nix/module.nix
-          )
 
           if [[ "$GIT_TAG" == "v$MAKE_TAG" ]]; then
             echo "ERR: Git tag matches makefile, did you bump Makefile up?" >&2
             exit 1
           fi
-          if [[ "$GIT_TAG" == "v$NIX_VER" ]]; then
-            echo "ERR: Nix module version matches git, did you bump Nix up?" >&2
-            exit 1
-          fi
 
-          if ! [[ "$NIX_VER" == "$MAKE_TAG" ]]; then
-            echo "ERR: Nix module version and make tag don't match" >&2
-            exit 1
-          fi
           echo "VERSION=$MAKE_TAG" >> "$GITHUB_OUTPUT"
 
 
@@ -86,7 +73,6 @@ jobs:
     needs: [ release-checks, release ]
     steps:
       - run: pacman -Sy --noconfirm git github-cli base-devel pacman-contrib
-
       - uses: actions/checkout@v4
 
       - run: |
@@ -112,3 +98,37 @@ jobs:
             --body "*This PR was created automatically*"
         env:
           GH_TOKEN: ${{ github.token }}
+
+  nix-update:
+    name: Update NixOS module
+    runs-on: ubuntu-24.04
+    permissions: write-all
+    needs: [ release-checks, release ]
+    steps:
+      - uses: cachix/install-nix-action@v31
+      - uses: actions/checkout@v4
+        with:
+          fetch-tags: true
+
+      - run: |
+          tmpdir=$(mktemp -d)
+          git archive v${{ needs.release-checks.outputs.VERSION }} | tar -xC "$tmpdir"
+          sha256sum=$(nix hash path "$tmpdir")
+
+          sed -i -E 's/(.*version\s*=\s*")[0-9.]*(".*)/\1'${{ needs.release-checks.outputs.VERSION }}'\2/' assets/pkg/nix/module.nix
+          sed -i -E 's/(.*sha256\s*=\s*")[^"]*(".*)/\1'"$sha256sum"'\2/' assets/pkg/nix/module.nix
+        # would be cool to be able to check the new module.nix builds
+
+      - run: |
+          BRANCH=actions/update-nix-${{ needs.release-checks.outputs.VERSION }}
+          git config --global --add safe.directory $GITHUB_WORKSPACE
+          git config user.name "GitHub Actions"
+          git config user.email "actions@github.com"
+          git checkout -b $BRANCH
+          git commit -am "Update NixOS module to v${{ needs.release-checks.outputs.VERSION }}"
+          git push -u origin $BRANCH
+          gh pr create --head $BRANCH \
+            --title "[Nix update]: Bump to ${{ needs.release-checks.outputs.VERSION }}" \
+            --body "*This PR was created automatically*"
+        env:
+          GH_TOKEN: ${{ github.token }}