Upgrade dependencies #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Performs simple dependency upgrades automatically. | |
| # Creates (or updates) a PR, and enables automerging. | |
| # For larger upgrades, we use Dependabot. | |
| name: Upgrade dependencies | |
| on: | |
| workflow_dispatch: | |
| # NOTE: Dependabot runs after this workflow, at 05:00 UTC. By ensuring this | |
| # workflow runs first, we can perform simple upgrades ahead of Dependabot. | |
| schedule: | |
| - cron: '0 3 * * 1' | |
| jobs: | |
| upgrade-deps: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@1.77 | |
| - name: Cache Rust | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cargo/registry | |
| key: upgrade-deps-cargo | |
| - name: Upgrade Rust deps | |
| run: cargo update | |
| - name: Install Nix | |
| uses: cachix/install-nix-action@v29 | |
| - name: Upgrade Nix flake | |
| run: nix flake update | |
| - name: Create PR | |
| id: cpr | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| # Use a bot token, so checks run on the PR. | |
| token: ${{ secrets.BOT_GITHUB_TOKEN }} | |
| author: 'r-stephank <ghbot@stephank.nl>' | |
| committer: 'r-stephank <ghbot@stephank.nl>' | |
| commit-message: "Update dependencies" | |
| title: "Update dependencies" | |
| branch: "auto/update-deps" | |
| - name: Enable automerge | |
| if: steps.cpr.outputs.pull-request-operation == 'created' | |
| run: gh pr merge --merge --auto '${{ steps.cpr.outputs.pull-request-number }}' | |
| env: | |
| GH_TOKEN: ${{ secrets.BOT_GITHUB_TOKEN }} |