ediblerope
b2b68603f7
The catthehacker runner image runs jobs as root and Nix's install script refuses to do a clean root install without the nixbld group + build users already in place — even with --no-daemon. Adding them inline keeps the workflow self-contained without swapping to a Nix-prebuilt container image. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
48 lines
1.6 KiB
YAML
48 lines
1.6 KiB
YAML
name: Update flake inputs
|
|
|
|
on:
|
|
schedule:
|
|
- cron: '0 4 * * *' # Daily at 4am UTC
|
|
workflow_dispatch: # Allow manual trigger from the Actions tab
|
|
|
|
jobs:
|
|
update:
|
|
runs-on: fred-nix
|
|
permissions:
|
|
contents: write
|
|
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v6
|
|
|
|
- name: Install Nix
|
|
run: |
|
|
set -euxo pipefail
|
|
# The Nix install script refuses to run cleanly as root unless the
|
|
# nixbld group + users exist, even with --no-daemon. The runner's
|
|
# catthehacker image runs jobs as root, so create them first.
|
|
groupadd -r nixbld || true
|
|
for i in $(seq 1 10); do
|
|
useradd -r -g nixbld -G nixbld -d /var/empty -s /sbin/nologin \
|
|
-c "Nix build user $i" "nixbld$i" || true
|
|
done
|
|
curl --proto '=https' --tlsv1.2 -sSfL https://nixos.org/nix/install | sh -s -- --no-daemon
|
|
echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
|
|
mkdir -p ~/.config/nix
|
|
echo 'experimental-features = nix-command flakes' >> ~/.config/nix/nix.conf
|
|
|
|
- name: Update flake inputs
|
|
run: nix flake update
|
|
|
|
- name: Commit and push
|
|
run: |
|
|
set -euxo pipefail
|
|
if git diff --quiet flake.lock; then
|
|
echo "No changes to flake.lock — skipping commit."
|
|
exit 0
|
|
fi
|
|
git config user.name 'forgejo-actions[bot]'
|
|
git config user.email 'actions@forg.gregersen.it'
|
|
git add flake.lock
|
|
git commit -m 'flake: update inputs'
|
|
git push
|