name: handy update on: schedule: - cron: "40 6 * * *" workflow_dispatch: jobs: update-handy: runs-on: ubuntu-latest steps: - name: checkout uses: actions/checkout@v4 with: fetch-depth: 0 - name: install nix uses: cachix/install-nix-action@v27 with: nix_path: nixpkgs=channel:nixos-unstable - name: check latest handy release and update file id: update shell: bash run: | set -euo pipefail FILE="modules/pkgs/handy.nix" current_version=$(python - <<'PY' import re s=open('modules/pkgs/handy.nix').read() m=re.search(r'version\s*=\s*"([^"]+)";', s) print(m.group(1) if m else "") PY ) latest_version=$(curl -fsSLI -o /dev/null -w '%{url_effective}' \ 'https://github.com/cjpais/Handy/releases/latest' \ | sed -E 's#.*/##' \ | sed 's/^v//') echo "current=$current_version" echo "latest=$latest_version" if [ -z "$latest_version" ] || [ "$latest_version" = "$current_version" ]; then echo "updated=false" >> "$GITHUB_OUTPUT" exit 0 fi url="https://github.com/cjpais/Handy/releases/download/v${latest_version}/Handy_${latest_version}_amd64.AppImage" new_hash=$(nix store prefetch-file --json "$url" | python -c 'import json,sys; print(json.load(sys.stdin)["hash"])') export LATEST_VERSION="$latest_version" export NEW_HASH="$new_hash" python - <> "$GITHUB_OUTPUT" echo "version=$latest_version" >> "$GITHUB_OUTPUT" - name: create branch and commit if: steps.update.outputs.updated == 'true' shell: bash run: | set -euo pipefail branch="bot/handy-${{ steps.update.outputs.version }}" git config user.name "gitea actions" git config user.email "actions@localhost" git checkout -B "$branch" git add modules/pkgs/handy.nix git commit -m "update handy to ${{ steps.update.outputs.version }}" git push --force origin "$branch" - name: open pull request if: steps.update.outputs.updated == 'true' env: GITEA_TOKEN: ${{ secrets.tea_token || secrets.TEA_TOKEN }} shell: bash run: | set -euo pipefail api="https://gitea.unrail.xyz/api/v1/repos/thomas/nixos-config" branch="bot/handy-${{ steps.update.outputs.version }}" if [ -z "${GITEA_TOKEN:-}" ]; then echo "GITEA_TOKEN is empty (check repo secret tea_token/TEA_TOKEN)" exit 1 fi echo "Checking for existing PRs..." existing=$(curl -fsS \ -H "Authorization: token ${GITEA_TOKEN}" \ "${api}/pulls?state=open" \ | python -c 'import json,sys; d=json.load(sys.stdin); b="'"$branch"'"; print(next((str(pr["number"]) for pr in d if isinstance(pr,dict) and pr.get("head",{}).get("ref")==b), ""))') if [ -n "$existing" ]; then echo "PR already exists: #$existing" exit 0 fi echo "Creating PR..." created="false" for head in "${branch}" "thomas:${branch}"; do echo "Trying head=${head}" payload=$(printf '{"title":"update handy to %s","head":"%s","base":"main","body":"automated update of handy appimage version and hash"}' \ "${{ steps.update.outputs.version }}" "$head") response=$(curl -sS -w '\n%{http_code}' -X POST \ -H "Authorization: token ${GITEA_TOKEN}" \ -H "Content-Type: application/json" \ "${api}/pulls" \ -d "$payload") body=$(printf '%s\n' "$response" | sed '$d') code=$(printf '%s\n' "$response" | tail -n1) echo "Create PR status: $code" echo "$body" if [ "$code" -ge 200 ] && [ "$code" -lt 300 ]; then created="true" break fi done if [ "$created" != "true" ]; then echo "PR creation failed" exit 1 fi