2025-04-21 01:10:17 +03:00
9 changed files with 41509 additions and 35458 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,5 +1,4 @@
 name: CI
-
 on:
  pull_request:
  push:
@ -12,16 +11,10 @@ jobs:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
-      - name: Check Nixpkgs
-        uses: DeterminateSystems/flake-checker-action@main
-        with:
-          fail-mode: true
-      - name: Install Determinate Nix
+      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
-      - name: Enable FlakeHub Cache
-        uses: DeterminateSystems/flakehub-cache-action@main
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
      - name: Install pnpm dependencies
        run: nix develop --command pnpm install
      - name: Check formatting
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@ -1,5 +1,4 @@
 name: update-flake-lock
-
 on:
  workflow_dispatch:
  schedule:
@ -11,12 +10,12 @@ jobs:
    steps:
      - name: Checkout
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
+      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
-      - name: Enable FlakeHub Cache
-        uses: DeterminateSystems/flakehub-cache-action@main
+      - name: Enable magic Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+      - name: Check flake
+        uses: DeterminateSystems/flake-checker-action@main
      - name: Update flake.lock
        uses: ./.
        with:
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@ -1,5 +1,4 @@
 name: CI
-
 on:
  pull_request:
  push:
--- a/README.md
+++ b/README.md
@ -1,18 +1,15 @@
 # update-flake-lock

-This is a GitHub Action that updates the [`flake.lock`][lockfile] file for your [Nix flake][flakes] whenever it is run.
+This is a GitHub Action that will update your flake.lock file whenever it is run.

-> [!NOTE]
-> As of v3, this action no longer automatically installs [Determinate Nix][det-nix] to the action runner.
-> You **must** set up Nix with flakes support enabled prior to running this action or your workflow will not function as expected.
+> **NOTE:** As of v3, this action will no longer automatically install Nix to the action runner. You **MUST** set up a Nix with flakes support enabled prior to running this action, or your workflow will not function as expected.

 ## Example

-Here's an example GitHub Action workflow using this Action:
+An example GitHub Action workflow using this action would look like the following:

 ```yaml
 name: update-flake-lock
-
 on:
  workflow_dispatch: # allows manual triggering
  schedule:
@ -24,10 +21,8 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
+      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
      - name: Update flake.lock
        uses: DeterminateSystems/update-flake-lock@main
        with:
@ -39,14 +34,12 @@ jobs:

 ## Example updating specific input(s)

-> [!NOTE]
-> If any inputs have a stale reference (e.g. the lockfile thinks a git input wants its "ref" to be "nixos-unstable", but the flake.nix specifies "nixos-unstable-small"), they are also updated. At this time, there is no known workaround.
+> **NOTE**: If any inputs have a stale reference (e.g. the lockfile thinks a git input wants its "ref" to be "nixos-unstable", but the flake.nix specifies "nixos-unstable-small"), they will also be updated. At this time, there is no known workaround.

-It's also possible to update specific [flake inputs][inputs] by specifying them in a space-separated list:
+It is also possible to update specific inputs by specifying them in a space-separated list:

 ```yaml
 name: update-flake-lock
-
 on:
  workflow_dispatch: # allows manual triggering
  schedule:
@ -58,19 +51,17 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          inputs: input1 input2 input3
 ```

 ## Example adding options to nix command

-It's also possible to use specific options to the `nix` command in a space-separated list:
+It is also possible to use specific options to the nix command in a space separated list:

 ```yaml
 name: update-flake-lock
@ -85,12 +76,10 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          nix-options: --debug --log-format raw
 ```
@ -110,13 +99,11 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
        id: update
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          inputs: input1 input2 input3
      - name: Print PR number
@ -141,13 +128,11 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
        if: ${{ github.event_name != 'pull_request' }}
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          inputs: input1 input2 input3
          path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
@ -170,31 +155,36 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
-          git-author-name: Jane Author
-          git-author-email: github-actions[bot]@users.noreply.github.com
-          git-committer-name: John Committer
-          git-committer-email: github-actions[bot]@users.noreply.github.com
+          git-author-name: 'Jane Author'
+          git-author-email: 'github-actions[bot]@users.noreply.github.com'
+          git-committer-name: 'John Committer'
+          git-committer-email: 'github-actions[bot]@users.noreply.github.com'
 ```

 ## Running GitHub Actions CI

-GitHub Actions doesn't run workflows when a branch is pushed by or a PR is opened by a GitHub Action.
-There are two ways to have GitHub Actions CI run on a PR submitted by this action.
+GitHub Actions will not run workflows when a branch is pushed by or a PR is opened by a GitHub Action. There are two ways to have GitHub Actions CI run on a PR submitted by this action.

 ### Without a Personal Authentication Token

-Without using a Personal Authentication Token, close and reopen the pull request manually to kick off CI.
+Without using a Personal Authentication Token, you can manually run the following to kick off a CI run:
+
+```
+git branch -D update_flake_lock_action
+git fetch origin
+git checkout update_flake_lock_action
+git commit --amend --no-edit
+git push origin update_flake_lock_action --force
+```

 ### With a Personal Authentication Token

-By providing a Personal Authentication Token, the PR is submitted in a way that bypasses this limitation (GitHub essentially thinks it's the owner of the PAT submitting the PR, and not an Action).
+By providing a Personal Authentication Token, the PR will be submitted in a way that bypasses this limitation (GitHub will essentially think it is the owner of the PAT submitting the PR, and not an Action).
 You can create a token by visiting https://github.com/settings/tokens and select at least the `repo` scope. For the new fine-grained tokens, you need to enable read and write access for "Contents" and "Pull Requests" permissions. Then, store this token in your repository secrets (i.e. `https://github.com/<USER>/<REPO>/settings/secrets/actions`) as `GH_TOKEN_FOR_UPDATES` and set up your workflow file like the following:

 ```yaml
@ -210,36 +200,30 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
 ```

 ## With GPG commit signing

-It's possible for the bot to produce GPG-signed commits.
-Associating a GPG public key to a GitHub user account isn't required but it *is* necessary if you want the signed commits to appear as verified in Github.
-This can be a compliance requirement in some cases.
+It's possible for the bot to produce GPG signed commits. Associating a GPG public key to a github user account is not required but it is necessary if you want the signed commits to appear as verified in Github. This can be a compliance requirement in some cases.

-You can follow [GitHub's guide to creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account).
-Using a specific GitHub user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal GitHub account.
+You can follow [Github's guide on creating and/or adding a new GPG key to an user account](https://docs.github.com/en/authentication/managing-commit-signature-verification/adding-a-new-gpg-key-to-your-github-account). Using a specific github user account for the bot can be a good security measure to dissociate this bot's actions and commits from your personal github account.

-For the bot to produce signed commits, you need to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).
+For the bot to produce signed commits, you will have to provide the GPG private keys to this action's input parameters. You can safely do that with [Github secrets as explained here](https://github.com/crazy-max/ghaction-import-gpg#prerequisites).

 When using commit signing, the commit author name and email for the commits produced by this bot would correspond to the ones associated to the GPG Public Key.

 If you want to sign using a subkey, you must specify the subkey fingerprint using the `gpg-fingerprint` input parameter.

-Here's an example of how to using this action with commit signing:
+You can find an example of how to using this action with commit signing below:

 ```yaml
 name: update-flake-lock
-
 on:
  workflow_dispatch: # allows manual triggering
  schedule:
@ -251,12 +235,10 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          sign-commits: true
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
@ -266,19 +248,18 @@ jobs:

 ## Custom PR Body

-By default, the generated PR body uses this template:
+By default the generated PR body is set to be the following template:

 ````handlebars
 Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.

-````
+```
 {{ env.GIT_COMMIT_MESSAGE }}
-````
 ```

 ### Running GitHub Actions on this PR

-GitHub Actions doesn't run workflows on pull requests that are opened by a GitHub Action.
+GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.

 To run GitHub Actions workflows on this PR, run:

@ -291,14 +272,12 @@ git push origin update_flake_lock_action --force
 ```
 ````

-You can customize it, however, using variable interpolation performed with [Handlebars].
-This enables you to customize the template with these variables:
-
- `env.GIT_AUTHOR_NAME`
- `env.GIT_AUTHOR_EMAIL`
- `env.GIT_COMMITTER_NAME`
- `env.GIT_COMMITTER_EMAIL`
- `env.GIT_COMMIT_MESSAGE`
+However you can customize it, with variable interpolation performed with [Handlebars](https://handlebarsjs.com/). This allows you to customize the template with the following variables:
+- env.GIT_AUTHOR_NAME
+- env.GIT_AUTHOR_EMAIL
+- env.GIT_COMMITTER_NAME
+- env.GIT_COMMITTER_EMAIL
+- env.GIT_COMMIT_MESSAGE

 ## Add assignees or reviewers

@ -318,12 +297,10 @@ jobs:
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-      - name: Install Determinate Nix
-        uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v1
      - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
        with:
          pr-assignees: SomeGitHubUsername
          pr-reviewers: SomeOtherGitHubUsername,SomeThirdGitHubUsername
@ -331,16 +308,8 @@ jobs:

 ## Contributing

-Feel free to send a PR or open an issue if you find that something functions unexpectedly!
-Please make sure to test your changes and update any related documentation before submitting your PR.
+Feel free to send a PR or open an issue if you find something functions unexpectedly! Please make sure to test your changes and update any related documentation before submitting your PR.

 ### How to test changes

-In order to more easily test your changes to this action, we have created a template repository that should point you in the right direction: https://github.com/DeterminateSystems/update-flake-lock-test-template.
-Please see the README in that repository for instructions on testing your changes.
-
-[det-nix]: https://docs.determinate.systems/determinate-nix
-[flakes]: https://zero-to-nix.com/concepts/flakes
-[handlebars]: https://handlebarsjs.com
-[inputs]: https://zero-to-nix.com/concepts/flakes/#inputs
-[lockfile]: https://zero-to-nix.com/concepts/flakes/#lockfile
+In order to more easily test your changes to this action, we have created a template repository that should point you in the right direction: https://github.com/DeterminateSystems/update-flake-lock-test-template. Please see the README in that repository for instructions on testing your changes.
--- a/action.yml
+++ b/action.yml
@ -41,7 +41,15 @@ inputs:

      GitHub Actions will not run workflows on pull requests which are opened by a GitHub Action.

-      **To run GitHub Actions workflows on this PR, close and re-open this pull request.**
+      To run GitHub Actions workflows on this PR, run:
+
+      ```sh
+      git branch -D update_flake_lock_action
+      git fetch origin
+      git checkout update_flake_lock_action
+      git commit --amend --no-edit
+      git push origin update_flake_lock_action --force
+      ```

  pr-labels:
    description: "A comma or newline separated list of labels to set on the Pull Request to be created"
@ -98,9 +106,6 @@ outputs:
  pull-request-number:
    description: "The number of the opened pull request"
    value: ${{ steps.create-pr.outputs.pull-request-number }}
-  pull-request-url:
-    description: "The The URL of the opened pull request."
-    value: ${{ steps.create-pr.outputs.pull-request-url }}
  pull-request-operation:
    description: "The pull request operation performed by the action, `created`, `updated` or `closed`."
    value: ${{ steps.create-pr.outputs.pull-request-operation }}
@ -110,7 +115,7 @@ runs:
    - name: Import bot's GPG key for signing commits
      if: ${{ inputs.sign-commits == 'true' }}
      id: import-gpg
-      uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0
+      uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
      with:
        gpg_private_key: ${{ inputs.gpg-private-key }}
        fingerprint: ${{ inputs.gpg-fingerprint }}
--- a/dist/index.js
+++ b/dist/index.js
--- a/flake.lock
+++ b/flake.lock
@ -2,12 +2,12 @@
  "nodes": {
    "nixpkgs": {
      "locked": {
-        "lastModified": 1744232761,
-        "narHash": "sha256-gbl9hE39nQRpZaLjhWKmEu5ejtQsgI5TWYrIVVJn30U=",
-        "rev": "f675531bc7e6657c10a18b565cfebd8aa9e24c14",
-        "revCount": 781462,
+        "lastModified": 1713537308,
+        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
+        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
+        "revCount": 614481,
        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.781462%2Brev-f675531bc7e6657c10a18b565cfebd8aa9e24c14/019624ad-56cd-7f8b-93ed-52e57165b6b6/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.614481%2Brev-5c24cf2f0a12ad855f444c30b2421d044120c66f/018efa00-a443-7f41-b371-ce568b5c7e9f/source.tar.gz"
      },
      "original": {
        "type": "tarball",
--- a/package.json
+++ b/package.json
@ -26,22 +26,22 @@
  },
  "homepage": "https://github.com/DeterminateSystems/update-flake-lock#readme",
  "dependencies": {
-    "@actions/core": "^1.11.1",
+    "@actions/core": "^1.10.1",
    "@actions/exec": "^1.1.1",
    "detsys-ts": "github:DeterminateSystems/detsys-ts"
  },
  "devDependencies": {
    "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-    "@typescript-eslint/eslint-plugin": "^7.18.0",
-    "@vercel/ncc": "^0.38.3",
-    "eslint": "^8.57.1",
-    "eslint-import-resolver-typescript": "^3.10.0",
+    "@typescript-eslint/eslint-plugin": "^7.11.0",
+    "@vercel/ncc": "^0.38.1",
+    "eslint": "^8.57.0",
+    "eslint-import-resolver-typescript": "^3.6.1",
    "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-import": "^2.31.0",
-    "eslint-plugin-prettier": "^5.2.6",
-    "prettier": "^3.5.3",
-    "tsup": "^8.4.0",
-    "typescript": "^5.8.3",
-    "vitest": "^3.1.1"
+    "eslint-plugin-import": "^2.29.1",
+    "eslint-plugin-prettier": "^5.1.3",
+    "prettier": "^3.2.5",
+    "tsup": "^8.0.2",
+    "typescript": "^5.4.5",
+    "vitest": "^1.6.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml