update handy to 0.7.9

.gitea/workflows/handy-update.yml

@@ -14,6 +14,11 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: install nix
+        uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
       - name: check latest handy release and update file
         id: update
         shell: bash
@@ -30,15 +35,10 @@ jobs:
           PY
           )
 
-          latest_version=$(python - <<'PY'
+          latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \
-          import json, urllib.request
+            'https://github.com/cjpais/Handy/releases/latest' \
-          url='https://api.github.com/repos/cjpais/Handy/releases/latest'
+            | sed -E 's#.*/##' \
-          with urllib.request.urlopen(url) as r:
+            | sed 's/^v//')
-              data=json.load(r)
-          tag=data.get('tag_name','').lstrip('v')
-          print(tag)
-          PY
-          )
 
           echo "current=$current_version"
           echo "latest=$latest_version"
@@ -51,12 +51,16 @@ jobs:
           url="https://github.com/cjpais/Handy/releases/download/v${latest_version}/Handy_${latest_version}_amd64.AppImage"
           new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
 
+          export LATEST_VERSION="$latest_version"
+          export NEW_HASH="$new_hash"
+
           python - <<PY
           import re
+          import os
           p='modules/pkgs/handy.nix'
           s=open(p).read()
-          s=re.sub(r'(version\s*=\s*")[^"]+(";)', r'\1${latest_version}\2', s, count=1)
+          s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
-          s=re.sub(r'(hash\s*=\s*")[^"]+(";)', r'\1${new_hash}\2', s, count=1)
+          s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
           open(p,'w').write(s)
           PY
 
@@ -81,34 +85,55 @@ jobs:
       - name: open pull request
         if: steps.update.outputs.updated == 'true'
         env:
-          GITEA_TOKEN: ${{ gitea.token }}
+          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
         shell: bash
         run: |
           set -euo pipefail
 
-          api="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
+          api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config"
           branch="bot/handy-${{ steps.update.outputs.version }}"
 
+          if [ -z "${GITEA_TOKEN:-}" ]; then
+            echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)"
+            exit 1
+          fi
+
+          echo "Checking for existing PRs..."
           existing=$(curl -fsS \
             -H "Authorization: token ${GITEA_TOKEN}" \
             "${api}/pulls?state=open" \
-            | python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if pr.get("head",{}).get("ref")==b), ""))')
+            | python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if isinstance(pr,dict) and pr.get("head",{}).get("ref")==b), ""))')
 
           if [ -n "$existing" ]; then
             echo "PR already exists: #$existing"
             exit 0
           fi
 
-          curl -fsS -X POST \
+          echo "Creating PR..."
-            -H "Authorization: token ${GITEA_TOKEN}" \
+          created="false"
-            -H "Content-Type: application/json" \
+          for head in "${branch}" "thomas:${branch}"; do
-            "${api}/pulls" \
+            echo "Trying head=${head}"
-            -d "$(cat <<JSON
+            payload=$(printf '{"title":"update handy to %s","head":"%s","base":"main","body":"automated update of handy appimage version and hash"}' \
-          {
+              "${{ steps.update.outputs.version }}" "$head")
-            \"title\": \"update handy to ${{ steps.update.outputs.version }}\",
+            response=$(curl -sS -w '\n%{http_code}' -X POST \
-            \"head\": \"${branch}\",
+              -H "Authorization: token ${GITEA_TOKEN}" \
-            \"base\": \"${GITHUB_REF_NAME}\",
+              -H "Content-Type: application/json" \
-            \"body\": \"automated update of handy appimage version and hash\"
+              "${api}/pulls" \
-          }
+              -d "$payload")
-          JSON
+
-          )"
+            body=$(printf '%s\n' "$response" | sed '$d')
+            code=$(printf '%s\n' "$response" | tail -n1)
+
+            echo "Create PR status: $code"
+            echo "$body"
+
+            if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
+              created="true"
+              break
+            fi
+          done
+
+          if [ "$created" != "true" ]; then
+            echo "PR creation failed"
+            exit 1
+          fi

.gitea/workflows/helium-update.yml

@@ -14,6 +14,11 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: install nix
+        uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
       - name: check latest helium release and update file
         id: update
         shell: bash
@@ -31,15 +36,10 @@ jobs:
           PY
           )
 
-          latest_version=$(python - <<'PY'
+          latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \
-          import json, urllib.request
+            'https://github.com/imputnet/helium-linux/releases/latest' \
-          url='https://api.github.com/repos/imputnet/helium-linux/releases/latest'
+            | sed -E 's#.*/##' \
-          with urllib.request.urlopen(url) as r:
+            | sed 's/^v//')
-              data=json.load(r)
-          tag=data.get('tag_name','').lstrip('v')
-          print(tag)
-          PY
-          )
 
           echo "current=$current_version"
           echo "latest=$latest_version"
@@ -52,12 +52,16 @@ jobs:
           url="https://github.com/imputnet/helium-linux/releases/download/${latest_version}/helium-${latest_version}-x86_64.AppImage"
           new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
 
+          export LATEST_VERSION="$latest_version"
+          export NEW_HASH="$new_hash"
+
           python - <<PY
           import re
+          import os
           p='modules/pkgs/helium.nix'
           s=open(p).read()
-          s=re.sub(r'(version\s*=\s*")[^"]+(";)', r'\1${latest_version}\2', s, count=1)
+          s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
-          s=re.sub(r'(hash\s*=\s*")[^"]+(";)', r'\1${new_hash}\2', s, count=1)
+          s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
           open(p,'w').write(s)
           PY
 
@@ -82,14 +86,19 @@ jobs:
       - name: open pull request
         if: steps.update.outputs.updated == 'true'
         env:
-          GITEA_TOKEN: ${{ gitea.token }}
+          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
         shell: bash
         run: |
           set -euo pipefail
 
-          api="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
+          api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config"
           branch="bot/helium-${{ steps.update.outputs.version }}"
 
+          if [ -z "${GITEA_TOKEN:-}" ]; then
+            echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)"
+            exit 1
+          fi
+
           # Skip if PR for this branch already exists
           existing=$(curl -fsS \
             -H "Authorization: token ${GITEA_TOKEN}" \
@@ -101,16 +110,31 @@ jobs:
             exit 0
           fi
 
-          curl -fsS -X POST \
+          echo "Creating PR..."
-            -H "Authorization: token ${GITEA_TOKEN}" \
+          created="false"
-            -H "Content-Type: application/json" \
+          for head in "${branch}" "thomas:${branch}"; do
-            "${api}/pulls" \
+            echo "Trying head=${head}"
-            -d "$(cat <<JSON
+            payload=$(printf '{"title":"update helium to %s","head":"%s","base":"main","body":"automated update of helium appimage version and hash"}' \
-          {
+              "${{ steps.update.outputs.version }}" "$head")
-            \"title\": \"update helium to ${{ steps.update.outputs.version }}\",
+            response=$(curl -sS -w '\n%{http_code}' -X POST \
-            \"head\": \"${branch}\",
+              -H "Authorization: token ${GITEA_TOKEN}" \
-            \"base\": \"${GITHUB_REF_NAME}\",
+              -H "Content-Type: application/json" \
-            \"body\": \"automated update of helium appimage version and hash\"
+              "${api}/pulls" \
-          }
+              -d "$payload")
-          JSON
+
-          )"
+            body=$(printf '%s\n' "$response" | sed '$d')
+            code=$(printf '%s\n' "$response" | tail -n1)
+
+            echo "Create PR status: $code"
+            echo "$body"
+
+            if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
+              created="true"
+              break
+            fi
+          done
+
+          if [ "$created" != "true" ]; then
+            echo "PR creation failed"
+            exit 1
+          fi

.gitea/workflows/zen-browser-update.yml

@@ -14,6 +14,11 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: install nix
+        uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
       - name: check latest zen browser release and update file
         id: update
         shell: bash
@@ -30,14 +35,10 @@ jobs:
           PY
           )
 
-          latest_version=$(python - <<'PY'
+          latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \
-          import json, urllib.request
+            'https://github.com/zen-browser/desktop/releases/latest' \
-          url='https://api.github.com/repos/zen-browser/desktop/releases/latest'
+            | sed -E 's#.*/##' \
-          with urllib.request.urlopen(url) as r:
+            | sed 's/^v//')
-              data=json.load(r)
-          print(data.get('tag_name','').lstrip('v'))
-          PY
-          )
 
           echo "current=$current_version"
           echo "latest=$latest_version"
@@ -50,12 +51,16 @@ jobs:
           url="https://github.com/zen-browser/desktop/releases/download/${latest_version}/zen-x86_64.AppImage"
           new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])')
 
+          export LATEST_VERSION="$latest_version"
+          export NEW_HASH="$new_hash"
+
           python - <<PY
           import re
+          import os
           p='modules/pkgs/zen-browser.nix'
           s=open(p).read()
-          s=re.sub(r'(version\s*=\s*")[^"]+(";)', r'\1${latest_version}\2', s, count=1)
+          s=re.sub(r'version\s*=\s*"[^"]+"', f'version = "{os.environ["LATEST_VERSION"]}"', s, count=1)
-          s=re.sub(r'(hash\s*=\s*")[^"]+(";)', r'\1${new_hash}\2', s, count=1)
+          s=re.sub(r'hash\s*=\s*"[^"]+"', f'hash = "{os.environ["NEW_HASH"]}"', s, count=1)
           open(p,'w').write(s)
           PY
 
@@ -80,34 +85,54 @@ jobs:
       - name: open pull request
         if: steps.update.outputs.updated == 'true'
         env:
-          GITEA_TOKEN: ${{ gitea.token }}
+          GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }}
         shell: bash
         run: |
           set -euo pipefail
 
-          api="${GITHUB_SERVER_URL}/api/v1/repos/${GITHUB_REPOSITORY}"
+          api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config"
           branch="bot/zen-browser-${{ steps.update.outputs.version }}"
 
+          if [ -z "${GITEA_TOKEN:-}" ]; then
+            echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)"
+            exit 1
+          fi
+
           existing=$(curl -fsS \
             -H "Authorization: token ${GITEA_TOKEN}" \
             "${api}/pulls?state=open" \
-            | python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if pr.get("head",{}).get("ref")==b), ""))')
+            | python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if isinstance(pr,dict) and pr.get("head",{}).get("ref")==b), ""))')
 
           if [ -n "$existing" ]; then
             echo "PR already exists: #$existing"
             exit 0
           fi
 
-          curl -fsS -X POST \
+          echo "Creating PR..."
-            -H "Authorization: token ${GITEA_TOKEN}" \
+          created="false"
-            -H "Content-Type: application/json" \
+          for head in "${branch}" "thomas:${branch}"; do
-            "${api}/pulls" \
+            echo "Trying head=${head}"
-            -d "$(cat <<JSON
+            payload=$(printf '{"title":"update zen browser to %s","head":"%s","base":"main","body":"automated update of zen browser appimage version and hash"}' \
-          {
+              "${{ steps.update.outputs.version }}" "$head")
-            \"title\": \"update zen browser to ${{ steps.update.outputs.version }}\",
+            response=$(curl -sS -w '\n%{http_code}' -X POST \
-            \"head\": \"${branch}\",
+              -H "Authorization: token ${GITEA_TOKEN}" \
-            \"base\": \"${GITHUB_REF_NAME}\",
+              -H "Content-Type: application/json" \
-            \"body\": \"automated update of zen browser appimage version and hash\"
+              "${api}/pulls" \
-          }
+              -d "$payload")
-          JSON
+
-          )"
+            body=$(printf '%s\n' "$response" | sed '$d')
+            code=$(printf '%s\n' "$response" | tail -n1)
+
+            echo "Create PR status: $code"
+            echo "$body"
+
+            if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then
+              created="true"
+              break
+            fi
+          done
+
+          if [ "$created" != "true" ]; then
+            echo "PR creation failed"
+            exit 1
+          fi

modules/pkgs/handy.nix

@@ -1,5 +1,5 @@
-{ ... }: {
+{...}: {
-  perSystem = { pkgs, ... }: {
+  perSystem = {pkgs, ...}: {
     packages.handy = pkgs.appimageTools.wrapType2 rec {
       pname = "handy";
       version = "0.7.9";
@@ -10,7 +10,7 @@
       };
 
       extraInstallCommands = let
-        contents = pkgs.appimageTools.extract { inherit pname version src; };
+        contents = pkgs.appimageTools.extract {inherit pname version src;};
       in ''
         desktop_file=$(find ${contents} -name "*.desktop" | head -n1)
         if [ -n "$desktop_file" ]; then