Stream: nix

Topic: `flake.lock` auto-merge on GitHub

Srid (May 26 2024 at 15:26):

@Shivaraj B H https://github.com/DeterminateSystems/update-flake-lock/issues/89#issuecomment-1994167887

Shivaraj B H (May 27 2024 at 18:47):

I tried it out here: https://github.com/shivaraj-bh/services-flake/pull/14

This is the action configuration: https://github.com/shivaraj-bh/services-flake/blob/main/.github/workflows/update-flake-lock-ex-simple.yaml

If we use a github app, we wouldn’t have to manually trigger the CI workflow. How about creating a nixos.asia github app for automated tasks?

Srid (May 27 2024 at 18:49):

Shivaraj B H said:

How about creating a nixos.asia github app for automated tasks?

Sure. As you are an owner, you should have rights to create it.

By the way, take notes - so we can publish a tutorial on #website

Srid (May 27 2024 at 18:49):

(Or pass those notes to me here, so I can test it -- say for haskell-flake -- and create a formal tutorial)

Shivaraj B H (May 28 2024 at 07:40):

Created the Github App: https://github.com/apps/nixos-asia

Shivaraj B H (May 28 2024 at 08:15):

Notes

Create the Github App

• Under Developer Settings -> New Github App
• Only two mandatory fields: Name and Homepage URL. Webhook URL is not needed if active checkbox above it is unchecked.
• Read and Write access to Pull Request and Contents under Repository Permissions
• Before clicking on create the app, select Any Account (if that’s your req.) under Where can this Github App be installed?
• And voila, you have the Github App.
• You should be redirected to the app’s settings page, where you can scroll down to Generate a Private Key, this key will be downloaded to your device.

Install the App and configure secrets

• On the same settings page, you will find Install App, go ahead and install it on your repository.
• Under the repository settings, go over to the Secrets and Variables -> Actions.
• Create a new secret, I call it NIXOS_ASIA_PRIVATE_KEY
• Create a new variable, I call it NIXOS_ASIA_APP_ID

Use the App in your CI workflow
See example: https://github.com/juspay/services-flake/commit/d6ed5ef580698b9f207e32813b476fc59942aaf8

Shivaraj B H (May 28 2024 at 08:54):

And I manually triggered a workflow to see if it works and it did with no manual intervention: https://github.com/juspay/services-flake/pull/201

Shivaraj B H (May 28 2024 at 09:37):

Another additional feature: Auto delete the branch after merge

Shivaraj B H (May 28 2024 at 11:42):

Shivaraj B H said:

Another additional feature: Auto delete the branch after merge

Strange, that didn’t work here: https://github.com/juspay/services-flake/pull/202

But the Github documentation says that it should work:
Screenshot-2024-05-28-at-5.12.17PM.png
source: https://cli.github.com/manual/gh_pr_merge

Shivaraj B H (May 28 2024 at 11:49):

Ah, the default GITHUB_TOKEN doesn’t have permission to delete a branch: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token

Shivaraj B H (May 28 2024 at 11:55):

Looks like the permission can be modified for a given job: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

Last updated: Nov 15 2024 at 12:33 UTC