Automated dependency updates

Niols commented

2024-12-21 16:19:52 +01:00

Owner

As a Fediversity maintainer,
I want for our packages to stay up to date with nixpkgs in an automated fashion,
so that we can offer security and feature updates without manually having to create merge requests for updates.

implementation notes

options seem:

**As** a Fediversity maintainer, **I want** for our packages to stay up to date with nixpkgs in an automated fashion, **so that** we can offer security and feature updates without manually having to create merge requests for updates. ### implementation notes options seem: - [renovate](https://github.com/renovatebot/renovate) - [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) - [update-npins](https://github.com/getchoo/update-npins)

~~kiara referenced this issue 2025-04-07 18:39:27 +02:00~~

Keeping applications' nix packages up-to-date #127

kiara referenced this issue

2025-04-07 21:39:49 +02:00

decouple mono-repo #303

kiara added this to the Fediversity project

2025-04-18 10:07:15 +02:00

kiara added a new dependency

2025-04-18 10:07:28 +02:00

#311 unify versioning (minus around nixops, for now)

kiara added a new dependency

2025-04-18 10:07:42 +02:00

#277 integration test panel

kiara added a new dependency

2025-04-18 10:34:00 +02:00

#276 NixOS test of a deployment

kiara removed a dependency

2025-04-18 10:34:07 +02:00

#277 integration test panel

kiara changed title from ~~Automated flake inputs update with eg. RenovateBot?~~ to Automated dependency updates with eg. RenovateBot?

2025-04-30 09:08:42 +02:00

kiara added the

type: task

label

2025-05-01 11:51:31 +02:00

kiara self-assigned this

2025-05-28 11:00:32 +02:00

kiara referenced this issue from a pull request that will close it,

2025-05-28 11:23:19 +02:00

automate dependency updates using update-npins #343

kiara referenced this issue from a commit

2025-06-01 16:00:11 +02:00

automate dependency updates using update-npins (#343)

kiara closed this issue

2025-06-01 16:00:11 +02:00

kiara commented

2025-06-10 18:46:02 +02:00

Owner

while a week has passed, i've yet to see a PR come out of this

kiara reopened this issue

2025-06-10 18:46:02 +02:00

kiara added a new dependency

2025-06-10 18:46:51 +02:00

#224 automated dev-ops workflows

kiara removed this from the Fediversity project

2025-06-10 18:47:21 +02:00

kiara referenced this issue

2025-06-10 20:19:14 +02:00

automated dev-ops workflows #224

kiara changed title from ~~Automated dependency updates with eg. RenovateBot?~~ to Automated dependency updates

2025-06-10 20:21:54 +02:00

Niols commented

2025-06-11 09:18:01 +02:00

Author

Owner

Your workflow seems to be running on the first day of the month, so we'll have to wait for beginning July to confirm.

Niols commented

2025-06-11 09:19:47 +02:00

Author

Owner

Also, your workflow expects ubuntu:latest for which we don't have any runner, so nothing will happen ever (and knowing Forgejo you will not get notifications of this on a cron type of workflow).

Also, your workflow expects `ubuntu:latest` for which we don't have any runner, so nothing will happen ever (and knowing Forgejo you will not get notifications of this on a `cron` type of workflow).

kiara commented

2025-06-12 14:57:11 +02:00

Owner

okay, i guess this needs configuring the runner (c.f. #356)?

okay, i guess this needs [configuring the runner](https://wiki.nixos.org/wiki/Forgejo#Runner) (c.f. #356)?

kiara referenced this issue from a pull request that will close it,

2025-06-18 19:57:03 +02:00

run updater natively #394

kiara closed this issue

2025-06-20 09:41:40 +02:00

kiara referenced this issue from a commit

2025-06-20 09:41:41 +02:00

run updater natively (#394)

kiara reopened this issue

2025-06-21 09:31:13 +02:00

kiara commented

2025-06-21 09:56:22 +02:00

Owner

as per a new run this fails on nix-shell relying on the nix path to have made a <nixpkgs> available.

while an alternative could be to directly include the npins package on the runner, that may imply a level of tight coupling of the runner with specific jobs (or dependency management libraries) that would seem not necessarily preferable.

as per a new [run](https://git.fediversity.eu/Fediversity/Fediversity/actions/runs/782) this fails on `nix-shell` relying on the nix path to have made a `<nixpkgs>` available. while an alternative could be to directly include the `npins` package on the runner, that may imply a level of tight coupling of the runner with specific jobs (or dependency management libraries) that would seem not necessarily preferable.

kiara referenced this issue from a pull request that will close it,

2025-06-21 09:56:31 +02:00

set nix.nixPath to allow imperatively installing packages #399

fricklerhandwerk referenced this issue

2025-06-23 17:00:40 +02:00

expose npins in shell for CI #403

kiara commented

2025-06-23 18:56:08 +02:00

Owner

this seems to now get stuck on Create PR step's git remote prune origin command, which would run indefinitely (initially left to run over an hour, a second time i gave up in a minute). an upstream search seems to reveal no similar issues, somehow.
in this case it also seems less trivial to just 'unwrap' this action as we did for the previous one: they seem to run some huge js script.

this seems to now get [stuck](https://git.fediversity.eu/Fediversity/Fediversity/actions/runs/796) on `Create PR` step's `git remote prune origin` command, which would run indefinitely (initially left to run over an hour, a second time i gave up in a minute). an [upstream](https://github.com/peter-evans/create-pull-request) search seems to reveal no similar issues, somehow. in this case it also seems less trivial to just 'unwrap' this action as we did for the previous one: they seem to run [some huge js script](https://github.com/peter-evans/create-pull-request/blob/main/dist/index.js).

😕 1

kiara referenced this issue

2025-06-26 17:03:25 +02:00

disable updater schedule while it hangs #407

kiara referenced this issue

2025-07-06 16:07:07 +02:00

in update workflow use PR action actually meant for gitea #438

kiara referenced this issue from a commit

2025-07-06 21:39:30 +02:00

in `update` workflow use PR action actually meant for gitea (#438)

kiara referenced this issue

2025-07-07 12:41:18 +02:00

un-qualify github.com domain in updater uses, which resolved to data.forgejo.org/github.com #442

kiara referenced this issue from a commit

2025-07-07 12:47:09 +02:00

un-qualify github.com domain in updater `uses`, which resolved to data.forgejo.org/github.com (#442)

kiara referenced this issue

2025-07-07 12:50:47 +02:00

updater: fully qualify github domain in uses #443

kiara referenced this issue from a commit

2025-07-07 12:50:58 +02:00

updater: fully qualify github domain in `uses` (#443)

kiara commented

2025-07-07 13:13:44 +02:00

Owner

unfortunately, the gitea fork of create-pull-request seems to similarly hang.

that said, the command in question may matter only for --force-with-lease (which afaik we don't use).

that said, the invocation in question may also be the first invocation of git.exec() in our execution path, so maybe something is up with that? definitely not the first git command in the CI run tho...

unfortunately, the [gitea fork](https://github.com/quentinlegot/gitea-create-pull-request) of `create-pull-request` seems to [similarly hang](https://git.fediversity.eu/Fediversity/Fediversity/actions/runs/939). that said, the command in question may matter [only for `--force-with-lease`](https://github.com/peter-evans/create-pull-request/blob/56cdd05eb2cd4cbc18954377c5774f8438239ae8/src/create-pull-request.ts#L126-L127) (which afaik we don't use). that said, the invocation in question may also be the first invocation of `git.exec()` in our execution path, so maybe something is up with that? definitely not the first git command in the CI run tho...

kiara referenced this issue

2025-07-07 13:23:19 +02:00

updater: try the first upstream commit without git remote prune #444

kiara referenced this issue

2025-07-07 13:37:52 +02:00

gitea PR unpruned #445

kiara referenced this issue from a commit

2025-07-07 13:38:12 +02:00

gitea PR unpruned (#445)

kiara commented

2025-07-07 14:37:51 +02:00

Owner

using a fork stripping that out, the PR step now yields this log.

Prepare git configuration
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --global --name-only --get-regexp safe.directory /var/lib/gitea-runner/default/.cache/act/694a392c30733999/hostexecutor
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --global --add safe.directory /var/lib/gitea-runner/default/.cache/act/694a392c30733999/hostexecutor
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --get remote.origin.url
https://git.fediversity.eu/Fediversity/Fediversity
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --name-only --get-regexp http.https://git.fediversity.eu/.extraheader ^AUTHORIZATION:
http.https://git.fediversity.eu/.extraheader
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --get-regexp http.https://git.fediversity.eu/.extraheader ^AUTHORIZATION:
http.https://git.fediversity.eu/.extraheader AUTHORIZATION: basic ***
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --unset http.https://git.fediversity.eu/.extraheader ^AUTHORIZATION:
Unset config key 'http.https://git.fediversity.eu/.extraheader'
Determining the base and head repositories
Remote is https://git.fediversity.eu/api/v1
Remote is https://git.fediversity.eu/api/v1
Pull request branch target repository set to Fediversity/Fediversity
Configuring credential for HTTPS authentication
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local http.https://git.fediversity.eu/.extraheader AUTHORIZATION: basic ***
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git rev-parse --git-dir
.git
Checking the base repository state
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git symbolic-ref HEAD --short
main
Working base is branch 'main'
Pull request branch to create or update set to 'npins-update'
Configuring the committer and author
Configured git committer as 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>'
Configured git author as 'kiara +kiara@users.noreply.github.com'
Create or update the pull request branch
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git symbolic-ref HEAD --short
main
Working base is branch 'main'
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git checkout --progress -B 79332a4c-23cb-4d2d-82bb-232cd0c17560 HEAD --
Switched to a new branch '79332a4c-23cb-4d2d-82bb-232cd0c17560'
M npins/sources.json
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git status --porcelain -unormal --
M npins/sources.json
Uncommitted changes found. Adding a commit.
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git add -A
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git -c author.name=kiara -c author.email=+kiara@users.noreply.github.com -c committer.name=github-actions[bot] -c committer.email=41898282+github-actions[bot]@users.noreply.github.com commit -m npins: update sources
deadnix..............................................(no files to check)Skipped
nixfmt-rfc-style.....................................(no files to check)Skipped
shellcheck...........................................(no files to check)Skipped
trim-trailing-whitespace.............................(no files to check)Skipped
[79332a4c-23cb-4d2d-82bb-232cd0c17560 9a4937a] npins: update sources
Author: kiara +kiara@users.noreply.github.com
1 file changed, 26 insertions(+), 26 deletions(-)
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git stash push --include-untracked
No local changes to save
Resetting working base branch 'main'
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git checkout --progress main --
Switched to branch 'main'
Your branch is up to date with 'origin/main'.
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git reset --hard origin/main
HEAD is now at 5520fa7 gitea PR unpruned (#445)
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git rev-list --right-only --count main...79332a4c-23cb-4d2d-82bb-232cd0c17560
1
[command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git -c protocol.version=2 fetch --no-tags --progress --no-recurse-submodules --force --depth=11 origin npins-update:refs/remotes/origin/npins-update

this seems to at least progress further than before, altho it still just seems to hang somehow.

<details> <summary> using a [fork](https://git.fediversity.eu/Fediversity/Fediversity/commit/5520fa721b3f8a80cd0e9e9d07f174e47d62ea74) stripping that out, the PR step now yields this log. </summary> > Prepare git configuration [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --global --name-only --get-regexp safe.directory /var/lib/gitea-runner/default/.cache/act/694a392c30733999/hostexecutor [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --global --add safe.directory /var/lib/gitea-runner/default/.cache/act/694a392c30733999/hostexecutor [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --get remote.origin.url https://git.fediversity.eu/Fediversity/Fediversity [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --name-only --get-regexp http.https://git.fediversity.eu/.extraheader ^AUTHORIZATION: http.https://git.fediversity.eu/.extraheader [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --get-regexp http.https://git.fediversity.eu/.extraheader ^AUTHORIZATION: http.https://git.fediversity.eu/.extraheader AUTHORIZATION: basic *** [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local --unset http.https://git.fediversity.eu/.extraheader ^AUTHORIZATION: Unset config key 'http.https://git.fediversity.eu/.extraheader' Determining the base and head repositories Remote is https://git.fediversity.eu/api/v1 Remote is https://git.fediversity.eu/api/v1 Pull request branch target repository set to Fediversity/Fediversity Configuring credential for HTTPS authentication [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git config --local http.https://git.fediversity.eu/.extraheader AUTHORIZATION: basic *** [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git rev-parse --git-dir .git Checking the base repository state [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git symbolic-ref HEAD --short main Working base is branch 'main' Pull request branch to create or update set to 'npins-update' Configuring the committer and author Configured git committer as 'github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>' Configured git author as 'kiara <+kiara@users.noreply.github.com>' Create or update the pull request branch [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git symbolic-ref HEAD --short main Working base is branch 'main' [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git checkout --progress -B 79332a4c-23cb-4d2d-82bb-232cd0c17560 HEAD -- Switched to a new branch '79332a4c-23cb-4d2d-82bb-232cd0c17560' M npins/sources.json [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git status --porcelain -unormal -- M npins/sources.json Uncommitted changes found. Adding a commit. [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git add -A [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git -c author.name=kiara -c author.email=+kiara@users.noreply.github.com -c committer.name=github-actions[bot] -c committer.email=41898282+github-actions[bot]@users.noreply.github.com commit -m npins: update sources deadnix..............................................(no files to check)Skipped nixfmt-rfc-style.....................................(no files to check)Skipped shellcheck...........................................(no files to check)Skipped trim-trailing-whitespace.............................(no files to check)Skipped [79332a4c-23cb-4d2d-82bb-232cd0c17560 9a4937a] npins: update sources Author: kiara <+kiara@users.noreply.github.com> 1 file changed, 26 insertions(+), 26 deletions(-) [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git stash push --include-untracked No local changes to save Resetting working base branch 'main' [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git checkout --progress main -- Switched to branch 'main' Your branch is up to date with 'origin/main'. [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git reset --hard origin/main HEAD is now at 5520fa7 gitea PR unpruned (#445) [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git rev-list --right-only --count main...79332a4c-23cb-4d2d-82bb-232cd0c17560 1 [command]/nix/store/lqx2rv26sdndpa2vyy2vxsahj03km69z-git-2.48.1/bin/git -c protocol.version=2 fetch --no-tags --progress --no-recurse-submodules --force --depth=11 origin npins-update:refs/remotes/origin/npins-update </details> this seems to at least [progress further](https://github.com/KiaraGrouwstra/gitea-create-pull-request/blob/d1fd3e1f0c98ee7a009c035f9b7ad3f3bdc0f281/src/create-pull-request.ts#L216-L217) than before, altho it still just seems to hang somehow.

😕 1 👀 1

kiara commented

2025-07-21 16:28:11 +02:00

Owner

there's technically a commit decreasing verbosity on the action that could be reversed in a fork

there's technically a [commit decreasing verbosity](https://github.com/peter-evans/create-pull-request/pull/3776/files) on the action that could be reversed in a fork

kiara commented

2025-07-22 10:24:03 +02:00

Owner

if #463 converges on gerrit, that might overhaul this as well

kiara referenced this issue

2025-08-04 16:51:31 +02:00

WIP: add woodpecker CI #479

kiara commented

2025-08-12 12:25:12 +02:00

Owner

lon advertises built-in PR creation including for forgejo.

(c.f. #302 - i'm not sure lon handles it for gerrit.)

edit: i may wanna find out if its PR creation (if it works) could be split off, for separation of concerns.

[lon](https://github.com/nikstur/lon) advertises built-in PR creation including for forgejo. (c.f. #302 - i'm not sure lon handles it for gerrit.) edit: i may wanna find out if its PR creation (if it works) could be split off, for separation of concerns.

kiara referenced this issue

2025-10-28 13:03:49 +01:00

rm broken update.yaml #556

kiara referenced this issue from a commit

2025-10-28 13:04:20 +01:00

rm broken update.yaml (#556)

kiara commented

2025-11-26 13:04:17 +01:00

Owner

another approach i hadn't tried is the PR implementation of https://github.com/Mic92/update-flake-inputs-gitea

kiara referenced this issue

2025-12-02 16:57:00 +01:00