Updating flake.lock using Github Actions #
Using Determinate Systems nix-installer github action we can create a scheduled task to update the flake and merge the changes into our main branch:
name: update-flake-lock
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
jobs:
lockfile:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- id: update
name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@main
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
- name: Merge
run: gh pr merge --auto "${{ steps.update.outputs.pull-request-number }}" --rebase
env:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
if: ${{ steps.update.outputs.pull-request-number != '' }}Updating system from remote repo #
We can use the system.autoUpgrade configuration option to keep the system installation up to date with the main branch:
{
inputs,
...
}:
{
flake.modules.nixos.auto-upgrade =
{
config,
lib,
pkgs,
...
}:
{
options = {
auto-upgrade.enable = lib.mkEnableOption "automatic update of nix flake from github";
};
config = lib.mkIf config.auto-upgrade.enable {
system.autoUpgrade = {
enable = true;
flake = lib.mkDefault "github:robbiejennings/nix-config";
flags = lib.mkDefault [
"-L" # print build logs
];
dates = lib.mkDefault "02:00";
randomizedDelaySec = lib.mkDefault "45min";
};
};
};
}