Update systems #351
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Update systems | |
| on: | |
| workflow_dispatch: # allows manual triggering | |
| schedule: | |
| - cron: '0 0 * * *' # every day at 00:00 | |
| jobs: | |
| lockfile: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - uses: DeterminateSystems/update-flake-lock@main | |
| with: | |
| inputs: nixpkgs nixpkgs-unstable home-manager cv zen-browser | |
| token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
| pr-title: "Update flake.lock" | |
| pr-labels: | | |
| dependencies | |
| automated | |
| services: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| service: | |
| - owner: immich-app | |
| repo: immich | |
| file: hosts/liskamm/immich.nix | |
| - owner: dani-garcia | |
| repo: vaultwarden | |
| file: hosts/liskamm/vaultwarden.nix | |
| - owner: home-assistant | |
| repo: core | |
| file: hosts/liskamm/home-assistant.nix | |
| - owner: docker-mailserver | |
| repo: docker-mailserver | |
| file: hosts/liskamm/mailserver.nix | |
| mod: "(version) => version.slice(1)" | |
| - owner: nextcloud | |
| repo: server | |
| file: hosts/liskamm/nextcloud.nix | |
| mod: "(version) => version.slice(1)" | |
| check: | | |
| async (version) => { | |
| const response = await fetch(`https://hub.docker.com/v2/repositories/library/nextcloud/tags?name=${version}`); | |
| const ret = await response.json(); | |
| if (ret.count <= 0) { | |
| console.warn("No docker image tag found for ${version}", ret); | |
| return false; | |
| } | |
| return true; | |
| } | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/github-script@v7 | |
| id: version-bump | |
| with: | |
| result-encoding: string | |
| script: | | |
| const latest = await github.rest.repos.getLatestRelease({ | |
| owner: "${{matrix.service.owner}}", | |
| repo: "${{matrix.service.repo}}", | |
| }); | |
| const latestTag = latest.data.tag_name; | |
| core.setOutput('latestTag', latestTag); | |
| console.log(`Latest release tag: ${latestTag}`); | |
| const mod = ${{ matrix.service.mod || '(x) => x' }}; | |
| const newVersion = mod(latestTag); | |
| core.setOutput('newVersion', newVersion); | |
| console.log(`New version: ${newVersion}`); | |
| const check = ${{ matrix.service.check || '(x) => true' }}; | |
| const newVersionOk = await check(newVersion); | |
| if (!newVersionOk) { | |
| console.warn(`Ignored new version ${newVersion} because of failed check.`) | |
| return; | |
| } | |
| await exec.exec("sed", ["-i", `s/version = ".*"/version = "${newVersion}"/`, "${{matrix.service.file}}"]) | |
| const {stdout} = await exec.getExecOutput("git", ["diff"]); | |
| console.log(stdout); | |
| return stdout; | |
| - uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} | |
| branch: update-services-${{matrix.service.owner}}-${{matrix.service.repo}} | |
| commit-message: "Update ${{matrix.service.owner}}/${{matrix.service.repo}}" | |
| title: "Update ${{matrix.service.owner}}/${{matrix.service.repo}}" | |
| labels: | | |
| dependencies | |
| automated | |
| body: | | |
| Automatically detected version bump of service `${{matrix.service.owner}}/${{matrix.service.repo}}`: | |
| ```diff | |
| ${{steps.version-bump.outputs.result}} | |
| ``` | |
| [All releases](https://github.com/${{matrix.service.owner}}/${{matrix.service.repo}}/releases) | |
| [Release notes for ${{steps.version-bump.outputs.newVersion}}](https://github.com/${{matrix.service.owner}}/${{matrix.service.repo}}/releases/tag/${{steps.version-bump.outputs.latestTag}}) |