automate dependency updates using update-npins (#343)

use [update-npins](https://github.com/getchoo/update-npins) to automate dependency updates. alternative renovatebot seemed to mostly support flakes so far, while it mostly seemed better at showing what packages got updated to which version. i figured that seemed not worth fixing for now, so settled for update-npins. not sure how to test before merge, but i added the deploy token (with write rights) and exposed it as the referenced secret. closes #65. Reviewed-on: Fediversity/Fediversity#343 Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
2025-06-01 16:00:10 +02:00 · 2025-06-01 16:00:10 +02:00 · ac66b9d3c6
commit ac66b9d3c6
parent ee5c2b90b7
1 changed files with 21 additions and 0 deletions
--- a/.forgejo/workflows/update.yaml
+++ b/.forgejo/workflows/update.yaml
@ -0,0 +1,21 @@
+name: update-dependencies
+
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 1 * *' # monthly
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+      - name: Install npins
+        run: nix profile install 'nixpkgs#npins'
+      - name: Update npins sources
+        uses: getchoo/update-npins@v0
+        with:
+          token: "${{ secrets.DEPLOY_KEY }}"