knl / niv-updater-action

A GitHub Action that creates meaningful pull requests with updates to your niv-managed dependencies, so you don't have to do menial chores.
BSD 3-Clause "New" or "Revised" License
28 stars 11 forks source link
bash dependency-manager github-actions niv nix

= niv-updater: Automated dependency updates with niv

image:https://github.com/knl/niv-updater-action/actions/workflows/main.yml/badge.svg[CI] image:https://img.shields.io/github/v/release/knl/niv-updater-action[GitHub release (latest by date)]

This action will open a pull request to master branch (or otherwise specified branch) whenever https://github.com/nmattia/niv[niv] detects updates to nix/sources.json in your repository, for each dependency separately. Each PR will contain a beautiful Changelog of all the changes in the update, like this:

image:./assets/niv-update-action-changelog.png[title="Changelog generated by niv-updater-action]

The best way to use niv-updater-action is to set up a scheduled workflow. This way, whenever there are new updates, you will get a PR that you can just approve and avoid a lot of manual work.

== Example

Here is an minimal example of what to put in your +.github/workflows/niv-updates.yml+ file to trigger the action.

[source,yaml]

name: Automated niv-managed dependency updates on: schedule:

* is a special character in YAML so you have to quote this string

# run this every day at 4:00am
- cron:  '0 4 * * *'

jobs: niv-updater: name: 'Create PRs for niv-managed dependencies' runs-on: ubuntu-latest steps:

notice there is no checkout step

  - name: niv-updater-action
    uses: knl/niv-updater-action@v15
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

== Configuration

=== Inputs

niv-updater-action is configured using the following inputs:

As the above list suggests, niv-updater-action is highly configurable. The following example exposes some of the knobs, many with their default values:

[source,yaml]

name: Automated niv-managed dependency updates on: schedule:

* is a special character in YAML so you have to quote this string

# run this every day at 4:00am
- cron:  '0 4 * * *'

jobs: niv-updater: name: 'Create PRs for niv-managed dependencies' runs-on: ubuntu-latest steps:

notice there is no checkout step

  - name: niv-updater-action
    uses: knl/niv-updater-action@v15
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    with:
      # NOTE: All inputs are optional. This list them with their default values.
      # Use the default branch for the repository
      pull_request_base: ''
      # The path in the repo to the sources.json file
      sources_file: 'nix/sources.json'
      # The niv version to use. `master` will track the latest niv.
      niv_version: 'master'
      # Keep the PR updated with new changes
      keep_updating: true
      # The prefix to add to every created branch
      branch_prefix: 'update/'
      # Update all dependencies tracked by niv. Another example: 'common,jq,hub'
      whitelist: ''
      # Do not blacklist any of the dependencies. Another example: 'nixpkgs,niv'
      blacklist: ''
      # Note that | is really important for the labels
      labels: |
        documentation
        good first issue
      # Have some prefix and a suffix. Use '|' to keep newlines
      message_prefix: |
        ## Motivation

        Dependencies should be up to date.
      message_suffix:
        Notify @myorg/myteam.
      # Have a prefix to the commit title itself, for example, to support conventional commits.
      title_prefix: refactor:

== Secrets

Secrets are similar to inputs except that they are encrypted and only used by GitHub Actions. It's a convenient way to keep sensitive data out of the GitHub Actions workflow YAML file.

== Self hosted runner

Self-hosted runners are running with dynamic users so nix profile is not accessible, as well as nix-env. As this action relies on nix-env to install niv, the default configuration will not work. Thus, to use niv from available nixpkgs, set niv_version to pass:[*from-nixpkgs*]. It will install niv using nixpkgs with nix-shell instead of nix-env.

To avoid using sudo (also unavailable on self-hosted runners), the input pass:[skip_ssh_repos] should be set to true.

Example:

[source,yaml]

name: Automated niv-managed dependency updates on: schedule:

* is a special character in YAML so you have to quote this string

# run this every day at 4:00am
- cron:  '0 4 * * *'

jobs: niv-updater: name: 'Create PRs for niv-managed dependencies' runs-on: self-hosted steps:

notice there is no checkout step

  - name: niv-updater-action
    uses: knl/niv-updater-action@v15
    with:
      niv_version: '*from-nixpkgs*'
      skip_ssh_repos: true