From 01d8436c25593e65eaaf4259e808441d8786c8b0 Mon Sep 17 00:00:00 2001 From: Dzming Li Date: Mon, 2 Mar 2026 14:34:18 -0800 Subject: [PATCH] chore(nix): modernize pnpm packaging and hash automation (#21259) * chore(nix): modernize pnpm packaging and hash automation * fix(ci): address PR review for nix hash workflow * Update .github/workflows/update-nix-hash.yml --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> --- .github/workflows/update-nix-hash.yml | 68 +++++++++++++++++++++++++++ flake.nix | 5 +- 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/update-nix-hash.yml diff --git a/.github/workflows/update-nix-hash.yml b/.github/workflows/update-nix-hash.yml new file mode 100644 index 0000000000..1b66f26cea --- /dev/null +++ b/.github/workflows/update-nix-hash.yml @@ -0,0 +1,68 @@ +name: Update Nix Hash + +on: + push: + branches: + - master + paths: + - 'pnpm-lock.yaml' + +permissions: + contents: write + +jobs: + update-hash: + # Only run on the upstream repo, not forks + if: github.repository_owner == 'DIYgod' + runs-on: ubuntu-latest + timeout-minutes: 10 + steps: + - name: Checkout + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + - name: Install Nix + uses: cachix/install-nix-action@v27 + with: + nix_path: nixpkgs=channel:nixos-unstable + + - name: Update Nix flake hash + id: update-hash + run: | + set -e + + # Extract current hash + CURRENT_HASH=$(grep -oP 'hash = "sha256-\K[^"]+' flake.nix || echo "") + echo "Current hash: sha256-$CURRENT_HASH" + + # Set temporary invalid hash to trigger error + sed -i 's/hash = "sha256-[^"]*";/hash = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";/' flake.nix + + # Build and capture the correct hash from error message + NEW_HASH=$(nix build .# 2>&1 | grep "got:" | awk '{print $2}' | sed 's/sha256-//' || echo "") + + if [ -z "$NEW_HASH" ]; then + echo "Failed to get new hash, hash may already be correct" + git checkout flake.nix + echo "hash_changed=false" >> $GITHUB_OUTPUT + exit 0 + fi + + # Update with correct hash + sed -i "s/hash = \"sha256-[^\"]*\";/hash = \"sha256-$NEW_HASH\";/" flake.nix + + if [ "$CURRENT_HASH" = "$NEW_HASH" ]; then + echo "Hash unchanged" + echo "hash_changed=false" >> $GITHUB_OUTPUT + else + echo "Hash updated from sha256-$CURRENT_HASH to sha256-$NEW_HASH" + echo "hash_changed=true" >> $GITHUB_OUTPUT + echo "new_hash=sha256-$NEW_HASH" >> $GITHUB_OUTPUT + fi + + - name: Commit and push if changed + if: steps.update-hash.outputs.hash_changed == 'true' + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + git add flake.nix + git commit -m "chore(nix): update dependencies hash to ${{ steps.update-hash.outputs.new_hash }}" + git push diff --git a/flake.nix b/flake.nix index 8faea967cf..563a42c913 100644 --- a/flake.nix +++ b/flake.nix @@ -13,7 +13,7 @@ makeRSSHub = pkgs: let pnpm = pkgs.pnpm_10; - deps = pnpm.fetchDeps { + deps = pkgs.fetchPnpmDeps { pname = "rsshub"; src = ./.; hash = "sha256-QG1cIkZh+qBA5Dipt0iDLuQpEOI45wdFhuG/CTcRVU8="; @@ -28,7 +28,8 @@ nativeBuildInputs = with pkgs; [ nodejs_22 - pnpm.configHook + pnpm + pnpmConfigHook git ];