ci: add renovate-post

2024-05-11 04:59:47 +02:00 · 2024-05-11 04:59:47 +02:00 · 9975ab9a01
commit 9975ab9a01
parent 6ae55b82b0
3 changed files with 81 additions and 0 deletions
--- a/.github/scripts/render-dhall-changes.sh
+++ b/.github/scripts/render-dhall-changes.sh
@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+for file in .github/workflows/*.dhall; do
+  nix shell nixpkgs#dhall-yaml -c dhall-to-yaml-ng --file "$file" >"${file%.dhall}.yml"
+done
--- a/.github/workflows/renovate-post.dhall
+++ b/.github/workflows/renovate-post.dhall
@ -0,0 +1,48 @@
+let GithubActions =
+      https://github.com/regadas/github-actions-dhall/raw/master/package.dhall
+        sha256:9c1ae46a1d56f1c22dbc9006cbb3e569806e75d02fded38fa102935b34980395
+
+let permissions =
+      Some
+        [ { mapKey = GithubActions.types.Permission.contents
+          , mapValue = GithubActions.types.PermissionAccess.write
+          }
+        ]
+
+let steps =
+      [ GithubActions.Step::{ uses = Some "actions/checkout@v4" }
+      , GithubActions.Step::{
+        , uses = Some "DeterminateSystems/nix-installer-action@v11"
+        }
+      , GithubActions.Step::{
+        , run = Some ../scripts/render-dhall-changes.sh as Text
+        }
+      , GithubActions.Step::{
+        , uses = Some "EndBug/add-and-commit@v9.1.4"
+        , `with` = Some
+            ( toMap
+                { message = "Render Dhall changes"
+                , author_name = "renovate[bot]"
+                , author_email =
+                    "<29139614+renovate[bot]@users.noreply.github.com>"
+                }
+            )
+        }
+      ]
+
+let render_dhall_changes =
+      GithubActions.Job::{
+      , name = Some "Render Dhall changes"
+      , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+      , `if` = Some "\${{github.actor == 'renovate[bot]'}}"
+      , permissions
+      , steps
+      }
+
+in  GithubActions.Workflow::{
+    , name = "renovate-post"
+    , on = GithubActions.On::{
+      , push = Some GithubActions.Push::{ branches = Some [ "renovate/*" ] }
+      }
+    , jobs = toMap { render_dhall_changes }
+    }
--- a/.github/workflows/renovate-post.yml
+++ b/.github/workflows/renovate-post.yml
@ -0,0 +1,27 @@
+jobs:
+  render_dhall_changes:
+    if: "${{github.actor == 'renovate[bot]'}}"
+    name: Render Dhall changes
+    permissions:
+      contents: write
+    "runs-on": "ubuntu-latest"
+    steps:
+    - uses: "actions/checkout@v4"
+    - uses: "DeterminateSystems/nix-installer-action@v11"
+    - run: |
+        #!/usr/bin/env bash
+        set -euo pipefail
+
+        for file in .github/workflows/*.dhall; do
+          nix shell nixpkgs#dhall-yaml -c dhall-to-yaml-ng --file "$file" >"${file%.dhall}.yml"
+        done
+    - uses: "EndBug/add-and-commit@v9.1.4"
+      with:
+        author_email: "<29139614+renovate[bot]@users.noreply.github.com>"
+        author_name: "renovate[bot]"
+        message: Render Dhall changes
+name: "renovate-post"
+'on':
+  push:
+    branches:
+    - "renovate/*"