From 635f71d4a7cb318955b4f609c763673b02760ca9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Charlotte=20=F0=9F=A6=9D=20Delenk?= <lotte@chir.rs>
Date: Tue, 15 Nov 2022 17:33:25 +0100
Subject: [PATCH] Create github workflow

---
 .github/workflows/update.yml | 47 ++++++++++++++++++++++++++++++++++++
 scripts/post-build-hook      |  9 +++++++
 2 files changed, 56 insertions(+)
 create mode 100644 .github/workflows/update.yml
 create mode 100755 scripts/post-build-hook

diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
new file mode 100644
index 0000000..f827ffd
--- /dev/null
+++ b/.github/workflows/update.yml
@@ -0,0 +1,47 @@
+name: update
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: "49 4 * * *"
+jobs:
+  flake-lock:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Nix
+        uses: cachix/install-nix-action@v18
+        with:
+          extra_nix_config: |
+            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+            trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg= hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=
+            experimental-features = nix-command flakes ca-derivations
+      - name: Set up secrets
+        run: |
+          echo "$NIX_CACHE_KEY" > ~/cache.key
+          mkdir ~/.aws
+          echo "$AWS_CREDENTIALS" > ~/.aws/credentials
+          echo "post-build-hook = $PWD/script/post-build-hook" >> /etc/nix/nix.conf
+        env:
+          NIX_CACHE_KEY: ${{secrets.NIX_CACHE_KEY}}
+          AWS_CREDENTIALS: ${{secrets.AWS_CREDENTIALS}}
+      - name: Update flake.lock
+        run: nix flake update
+      - name: Run update script
+        run: yes | nix-shell ./scripts/update.nix
+      - name: Format
+        run: nix fmt
+      - name: Delete secrets
+        run: |
+          rm -rf ~/.aws
+          rm ~/cache.key
+      - name: Create PR
+        uses: peter-evans/create-pull-request@v4.2.0
+        with:
+          token: ${{secrets.GH_TOKEN}}
+          commit-message: Update nix-packages
+          committer: Github Actions <github-actions@users.noreply.github.com>
+          title: Automated updates for nix-packages
+          body: Automated updates
+          assignees: darkkirb
+          reviewers: darkkirb
\ No newline at end of file
diff --git a/scripts/post-build-hook b/scripts/post-build-hook
new file mode 100755
index 0000000..d976eaa
--- /dev/null
+++ b/scripts/post-build-hook
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -euf
+export IFS=' '
+nix-store -r $DRV_PATH
+for f in $DRV_PATH $OUT_PATHS; do
+  nix store sign --key-file $HOME/cache.key $f
+  nix copy --to "s3://cache-chir-rs?scheme=https&endpoint=s3.us-west-000.backblazeb2.com&secret-key=$HOME/cache.key&multipart-upload=true&compression=zstd&compression-level=15" $f
+done
+