name: Update VSCode Insiders on: schedule: - cron: '0 0 * * *' workflow_dispatch: jobs: update: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Check for new vscode-insiders release id: check shell: bash run: | source /etc/bashrc || true CURRENT_VERSION=$(grep 'version = ' pkgs/vscode-insiders/default.nix | head -1 | grep -oP '"[^"]+"' | tr -d '"') echo "Current version: $CURRENT_VERSION" LATEST_VERSION=$(curl -fsSL https://update.code.visualstudio.com/api/releases/insider | nix run nixpkgs#jq -- -r '.[0]') echo "Latest version: $LATEST_VERSION" if [ "$CURRENT_VERSION" = "$LATEST_VERSION" ]; then echo "Already up to date." echo "updated=false" >> "$GITHUB_OUTPUT" exit 0 fi echo "New version found: $LATEST_VERSION" echo "latest_version=$LATEST_VERSION" >> "$GITHUB_OUTPUT" echo "updated=true" >> "$GITHUB_OUTPUT" - name: Update version and sha256 if: steps.check.outputs.updated == 'true' id: update shell: bash run: | source /etc/bashrc || true LATEST="${{ steps.check.outputs.latest_version }}" fetch_sri() { local url="$1" HASH=$(nix-prefetch-url --type sha256 "$url" 2>/dev/null | tail -1) nix hash convert --hash-algo sha256 --to sri "$HASH" } echo "Fetching hashes..." LINUX_SHA=$(fetch_sri "https://code.visualstudio.com/sha/download?build=insider&os=linux-x64") DARWIN_ARM_SHA=$(fetch_sri "https://code.visualstudio.com/sha/download?build=insider&os=darwin-arm64") DARWIN_X64_SHA=$(fetch_sri "https://code.visualstudio.com/sha/download?build=insider&os=darwin") echo "Linux SHA: $LINUX_SHA" echo "Darwin ARM SHA: $DARWIN_ARM_SHA" echo "Darwin x64 SHA: $DARWIN_X64_SHA" export LATEST export LINUX_SHA export DARWIN_ARM_SHA export DARWIN_X64_SHA python <<'PY' import os import re from pathlib import Path path = Path("pkgs/vscode-insiders/default.nix") text = path.read_text() text = re.sub( r'version = ".*?";', f'version = "{os.environ["LATEST"]}";', text, count=1 ) text = re.sub( r'(os=darwin-arm64";\s+sha256 = ").*?(";\s+)', rf'\g<1>{os.environ["DARWIN_ARM_SHA"]}\2', text, count=1, flags=re.S ) text = re.sub( r'(os=darwin";\s+sha256 = ").*?(";\s+)', rf'\g<1>{os.environ["DARWIN_X64_SHA"]}\2', text, count=1, flags=re.S ) text = re.sub( r'(os=linux-x64";\s+sha256 = ").*?(";\s+)', rf'\g<1>{os.environ["LINUX_SHA"]}\2', text, count=1, flags=re.S ) path.write_text(text) PY echo "linux_sha=$LINUX_SHA" >> "$GITHUB_OUTPUT" echo "darwin_arm_sha=$DARWIN_ARM_SHA" >> "$GITHUB_OUTPUT" echo "darwin_x64_sha=$DARWIN_X64_SHA" >> "$GITHUB_OUTPUT" - name: Verify build if: steps.check.outputs.updated == 'true' shell: bash run: | source /etc/bashrc || true export NIXPKGS_ALLOW_UNFREE=1 nix build .#vscode-insiders - name: Create Pull Request if: steps.check.outputs.updated == 'true' env: API_FORGEJO_TOKEN: ${{ secrets.API_FORGEJO_TOKEN }} shell: bash run: | source /etc/bashrc || true LATEST="${{ steps.check.outputs.latest_version }}" BRANCH="update/vscode-insiders-${LATEST}" git config user.name "mizuki" git config user.email "akiyama@mizuki.guru" git checkout -b "$BRANCH" git add pkgs/vscode-insiders/default.nix git commit -m "pkgs/vscode-insiders: update to ${LATEST}" REPO_URL=$(git remote get-url origin | sed 's|https://||') git push "https://oauth2:${API_FORGEJO_TOKEN}@${REPO_URL}" "$BRANCH" FORGEJO_HOST=$(echo "$REPO_URL" | cut -d'/' -f1) REPO_PATH=$(echo "$REPO_URL" | cut -d'/' -f2-) curl -fsSL \ -X POST \ -H "Authorization: token ${API_FORGEJO_TOKEN}" \ -H "Content-Type: application/json" \ "https://${FORGEJO_HOST}/api/v1/repos/${REPO_PATH}/pulls" \ -d "{ \"title\": \"pkgs/vscode-insiders: update to ${LATEST}\", \"head\": \"${BRANCH}\", \"base\": \"main\", \"body\": \"Automated update of VSCode Insiders to version \`${LATEST}\`.\n\nLinux SHA:\n\`${{ steps.update.outputs.linux_sha }}\`\n\nDarwin ARM SHA:\n\`${{ steps.update.outputs.darwin_arm_sha }}\`\n\nDarwin x64 SHA:\n\`${{ steps.update.outputs.darwin_x64_sha }}\`\"}"