diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 3b3a07f5d..0826e77da 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -7,12 +7,9 @@ permissions: read-all jobs: dependency-review: name: Dependency Review - runs-on: ubuntu-latest - steps: - name: Checkout tree uses: actions/checkout@v4 - - name: Dependency Review uses: actions/dependency-review-action@v4 diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 440cdcc05..12ac76e09 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -1,20 +1,10 @@ -name: "Nix" +name: Nix on: - pull_request: - push: - branches: - - master + - push + - pull_request -# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency -# Concurrent workflows are grouped by the PR or branch that triggered them -# (github.ref) and the name of the workflow (github.workflow). The -# 'cancel-in-progress' option then make sure that only one workflow is running -# at a time. This doesn't prevent new jobs from running, rather it cancels -# already running jobs before scheduling new jobs. -concurrency: - group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name == 'pull_request' || github.sha }} - cancel-in-progress: true +permissions: read-all jobs: tests: diff --git a/.github/workflows/update-flake-lock.yml b/.github/workflows/update-flake-lock.yml new file mode 100644 index 000000000..f75639a32 --- /dev/null +++ b/.github/workflows/update-flake-lock.yml @@ -0,0 +1,22 @@ +name: "Nix: update-flake-lock" + +on: + workflow_dispatch: + schedule: + - cron: 0 0 * * 0 + +jobs: + lockfile: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v30 + with: + nix_path: nixpkgs=channel:nixos-unstable + - uses: DeterminateSystems/update-flake-lock@v24 + with: + pr-title: Update flake.lock + pr-labels: | + dependencies + no changelog