Automatic GitHub action updates #40
Conversation
Now using `nix-build -A <tab>` is much smaller
infinisil
force-pushed
the
github-action-updates
branch
4 times, most recently
from
03c24b2
to
08e9629
Compare
|
I renamed the |
|
Pretty cool! I'm learning a lot by review this code. I've never used |
|
Awesome! Not sure if this needs to be documented anywhere since nobody will actually need to run this locally, but to make it work locally you need a Docker daemon running, which on NixOS means something like this: {
virtualisation.docker.enable = true;
# The default firewall settings block inter-container networking,
# which is needed by dependabot, so don't run the firewall on docker connections
networking.firewall.trustedInterfaces = [ "docker0" ];
# So that your user can access docker without being `root`
users.users.me.extraGroups = [ "docker" ];
} |
|
We're you using https://github.com/nektos/act ? (it depends on docker) |
|
Nah I'm running it locally by doing what the action does: https://github.com/NixOS/nixpkgs-check-by-name/blob/44d5e2e905037c4614095228d2b9b91eaa119cf2/.github/workflows/update.yml#L19-L20 Or within the current directory: E.g. try downgrading a GitHub Actions dependency and then running that |
Makes the diff smaller for a future non-trivial update script
Using the dependabot CLI
infinisil
force-pushed
the
github-action-updates
branch
from
08e9629
to
815a4ec
Compare
|
Lazy derivation didn't work as expected? |
|
Ohh it did work as expected, this is actually great because it shows that we relied on |
|
Just opened dependabot/cli#301 to hopefully have a better solution eventually :) |
|
Nice: #42 |
This is an alternative to #39. It runs the dependabot CLI locally in the existing weekly update CI action (along with some jq magic).
Yet untested in CI, butIt also works locally, which is really nice!Best reviewed commit-by-commit, there's some Nix changes in the first 2 commits.
This work is sponsored by Antithesis ✨