chore(nix): modernize pnpm packaging and hash automation (#21259)

* chore(nix): modernize pnpm packaging and hash automation * fix(ci): address PR review for nix hash workflow * Update .github/workflows/update-nix-hash.yml --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
2026-03-13 10:30:18 +08:00 · 2026-03-02 14:34:18 -08:00
parent fc5d346451
commit 01d8436c25
2 changed files with 71 additions and 2 deletions
--- a/.github/workflows/update-nix-hash.yml
+++ b/.github/workflows/update-nix-hash.yml
@@ -0,0 +1,68 @@
+name: Update Nix Hash
+
+on:
+    push:
+        branches:
+            - master
+        paths:
+            - 'pnpm-lock.yaml'
+
+permissions:
+    contents: write
+
+jobs:
+    update-hash:
+        # Only run on the upstream repo, not forks
+        if: github.repository_owner == 'DIYgod'
+        runs-on: ubuntu-latest
+        timeout-minutes: 10
+        steps:
+            - name: Checkout
+              uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+            - name: Install Nix
+              uses: cachix/install-nix-action@v27
+              with:
+                  nix_path: nixpkgs=channel:nixos-unstable
+
+            - name: Update Nix flake hash
+              id: update-hash
+              run: |
+                  set -e
+
+                  # Extract current hash
+                  CURRENT_HASH=$(grep -oP 'hash = "sha256-\K[^"]+' flake.nix || echo "")
+                  echo "Current hash: sha256-$CURRENT_HASH"
+
+                  # Set temporary invalid hash to trigger error
+                  sed -i 's/hash = "sha256-[^"]*";/hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";/' flake.nix
+
+                  # Build and capture the correct hash from error message
+                  NEW_HASH=$(nix build .# 2>&1 | grep "got:" | awk '{print $2}' | sed 's/sha256-//' || echo "")
+
+                  if [ -z "$NEW_HASH" ]; then
+                      echo "Failed to get new hash, hash may already be correct"
+                      git checkout flake.nix
+                      echo "hash_changed=false" >> $GITHUB_OUTPUT
+                      exit 0
+                  fi
+
+                  # Update with correct hash
+                  sed -i "s/hash = \"sha256-[^\"]*\";/hash = \"sha256-$NEW_HASH\";/" flake.nix
+
+                  if [ "$CURRENT_HASH" = "$NEW_HASH" ]; then
+                      echo "Hash unchanged"
+                      echo "hash_changed=false" >> $GITHUB_OUTPUT
+                  else
+                      echo "Hash updated from sha256-$CURRENT_HASH to sha256-$NEW_HASH"
+                      echo "hash_changed=true" >> $GITHUB_OUTPUT
+                      echo "new_hash=sha256-$NEW_HASH" >> $GITHUB_OUTPUT
+                  fi
+
+            - name: Commit and push if changed
+              if: steps.update-hash.outputs.hash_changed == 'true'
+              run: |
+                  git config user.name "github-actions[bot]"
+                  git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+                  git add flake.nix
+                  git commit -m "chore(nix): update dependencies hash to ${{ steps.update-hash.outputs.new_hash }}"
+                  git push
--- a/flake.nix
+++ b/flake.nix
@@ -13,7 +13,7 @@
      makeRSSHub = pkgs:
        let
          pnpm = pkgs.pnpm_10;
-          deps = pnpm.fetchDeps {
+          deps = pkgs.fetchPnpmDeps {
            pname = "rsshub";
            src = ./.;
            hash = "sha256-QG1cIkZh+qBA5Dipt0iDLuQpEOI45wdFhuG/CTcRVU8=";
@@ -28,7 +28,8 @@

          nativeBuildInputs = with pkgs; [
            nodejs_22
-            pnpm.configHook
+            pnpm
+            pnpmConfigHook
            git
          ];