CI: Add a new workflow that tries to automatically update nix hashes (#…

…2871) Usually, when we upgrade some dependencies, we have to manually update the hashes. This involves * changing the hash to something else (e.g. changing one character) * running the build locally * observing the error message with the actual hash * pasting that * commit and push. The `nix-update` tool can automate that. This PR makes Github do that on all pushes (even to feature branches), and if needed, push a fix to that branch. With #2761 adding even more fixed output derivations, this may be more relevant.
dfinity · Dec 8, 2021 · 067f8fc · ggreif · Dec 10, 2021 · ggreif
1 parent 0fbdd43
commit 067f8fc
Show file tree

Hide file tree

Showing 3 changed files with 39 additions and 4 deletions.
diff --git a/.github/workflows/update-hash.yml b/.github/workflows/update-hash.yml
@@ -0,0 +1,33 @@
+name: Update nix hashes
+
+on:
+  push:
+
+jobs:
+  update-hash:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        # This is needed to be able to push and trigger CI with that push
+        token: ${{ secrets.NIV_UPDATER_TOKEN }}
+    - uses: cachix/install-nix-action@v16
+      with:
+        nix_path: nixpkgs=channel:nixos-21.11
+    - uses: cachix/cachix-action@v10
+      with:
+        name: ic-hs-test
+        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+    - name: Update drun cargo hash
+      run: |
+        cd nix
+        nix --extra-experimental-features nix-command shell -f . nix-update -c nix-update --version=skip drun
+    - name: Commit changes
+      uses: EndBug/[email protected]
+      with:
+        author_name: Nix hash updater
+        author_email: "<[email protected]>"
+        message: "Updating nix hashes"
+        # do not pull: if this branch is behind, then we might as well let
+        # the pushing fail
+        pull: "NO-PULL"
diff --git a/default.nix b/default.nix
@@ -709,6 +709,7 @@ rec {
           nixpkgs.ocamlPackages.utop
           nixpkgs.fswatch
           nixpkgs.niv
+          nixpkgs.nix-update
           nixpkgs.rlwrap # for `rlwrap moc`
         ]
       ));

diff --git a/nix/drun.nix b/nix/drun.nix
@@ -10,11 +10,12 @@ pkgs:
       # 2. run nix-build -A drun nix/
       # 3. copy the “expected” hash from the output into this file
       # 4. commit and push
+      #
+      # To automate this, .github/workflows/update-hash.yml has been
+      # installed. You will normally not be bothered to perform
+      # the command therein manually.
 
-      # To automate this, try running the following in the nix/ directory
-      # nix run -f https://github.com/Mic92/nix-update/archive/master.tar.gz -c nix-update --version=skip drun
-
-      cargoSha256 = "sha256:1m2a12ds4bpg3v0wfn4svcplr68118vcdzs5mvll6s71j9bpgqli";
+      cargoSha256 = "sha256-keJ3V5LhaEPprkX/xjYKAZlML9uaWMfBHu8uopsIStQ=";
 
       nativeBuildInputs = with pkgs; [
         pkg-config