Introduce a GitHub Action workflow to create pull requests to update dependencies (#9135)

Atry · facebook-github-bot · commit db8046584afd · 2022-07-22T12:39:45.000-07:00
Summary: We want to update dependencies to include latest security update. This PR introduce a GitHub Action workflow to create pull requests to update Nix dependencies. This PR fixes #9134 Pull Request resolved: #9135 Test Plan: #9133 is an example PR created by this Github Action. Note that this PR is pushed to a branch on facebook/hhvm instead of my forked repository, in order to test the pull request creation. Reviewed By: alexeyt Differential Revision: D38060266 Pulled By: Atry fbshipit-source-id: 31bf167f36bc1886d46d3a41cedafadf7a58d885
diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml
@@ -0,0 +1,22 @@
+on:
+  schedule:
+    - cron: "42 15 * * *"
+jobs:
+  nix-flake-update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.4.0
+      - uses: cachix/install-nix-action@v15
+        with:
+          extra_nix_config: |
+            extra-access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+            extra-experimental-features = nix-command flakes
+            extra-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
+            extra-trusted-substituters = s3://hhvm-nix-cache?region=us-west-2&endpoint=hhvm-nix-cache.s3-accelerate.amazonaws.com
+            extra-trusted-public-keys = hhvm-nix-cache-1:MvKxscw16fAq6835oG8sbRgTGITb+1xGfYNhs+ee4yo=
+      - run: nix flake update
+      - uses: peter-evans/create-pull-request@v4
+        with:
+          branch: nix-flake-update/${{github.ref_name}}
+          title: Update flake lock file
+          commit-message: Update flake lock file
