@Shivaraj B H https://github.com/DeterminateSystems/update-flake-lock/issues/89#issuecomment-1994167887
I tried it out here: https://github.com/shivaraj-bh/services-flake/pull/14
This is the action configuration: https://github.com/shivaraj-bh/services-flake/blob/main/.github/workflows/update-flake-lock-ex-simple.yaml
If we use a github app, we wouldn’t have to manually trigger the CI workflow. How about creating a nixos.asia github app for automated tasks?
Shivaraj B H said:
How about creating a nixos.asia github app for automated tasks?
Sure. As you are an owner, you should have rights to create it.
By the way, take notes - so we can publish a tutorial on #website
(Or pass those notes to me here, so I can test it -- say for haskell-flake -- and create a formal tutorial)
Created the Github App: https://github.com/apps/nixos-asia
Notes
Create the Github App
Developer Settings
-> New Github App
Name
and Homepage URL
. Webhook URL
is not needed if active
checkbox above it is unchecked.Read and Write
access to Pull Request
and Contents
under Repository Permissions
Any Account
(if that’s your req.) under Where can this Github App be installed?
Github App
. Generate a Private Key
, this key will be downloaded to your device.Install the App and configure secrets
Install App
, go ahead and install it on your repository.Secrets and Variables -> Actions
.NIXOS_ASIA_PRIVATE_KEY
NIXOS_ASIA_APP_ID
Use the App in your CI workflow
See example: https://github.com/juspay/services-flake/commit/d6ed5ef580698b9f207e32813b476fc59942aaf8
And I manually triggered a workflow to see if it works and it did with no manual intervention: https://github.com/juspay/services-flake/pull/201
Another additional feature: Auto delete the branch after merge
Shivaraj B H said:
Another additional feature: Auto delete the branch after merge
Strange, that didn’t work here: https://github.com/juspay/services-flake/pull/202
But the Github documentation says that it should work:
Screenshot-2024-05-28-at-5.12.17PM.png
source: https://cli.github.com/manual/gh_pr_merge
Ah, the default GITHUB_TOKEN
doesn’t have permission to delete a branch: https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
Looks like the permission can be modified for a given job: https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
Last updated: Nov 13 2024 at 12:32 UTC