From 337526f5093786c0f8b087eb1fb9188c484846de Mon Sep 17 00:00:00 2001 From: JacobPEvans <20714140+JacobPEvans-personal@users.noreply.github.com> Date: Mon, 1 Jun 2026 21:00:21 -0400 Subject: [PATCH 1/2] feat(ci): dispatch lock-update event to nix-ai on release After a nix-claude-code release is published, notify dryvist/nix-ai via repository_dispatch so it bumps its nix-claude-code flake input without waiting for the next Renovate lockFileMaintenance window (~Mon/Thu). The dispatch uses the GitHub App token scoped to nix-ai. nix-ai's own update-flake-input receiver and dispatch-to-nix-darwin workflows complete the two-hop propagation chain. Assisted-by: Claude:claude-opus-4-8 --- .github/workflows/dispatch-lock-updates.yml | 41 +++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/dispatch-lock-updates.yml diff --git a/.github/workflows/dispatch-lock-updates.yml b/.github/workflows/dispatch-lock-updates.yml new file mode 100644 index 0000000..c60e329 --- /dev/null +++ b/.github/workflows/dispatch-lock-updates.yml @@ -0,0 +1,41 @@ +# Dispatch: notify consumers after a nix-claude-code release +# +# Target repos are read from the DISPATCH_CONSUMERS repository variable +# (JSON array, e.g. '["nix-ai"]'). Add a new consumer there without +# touching this file. +name: Dispatch lock updates on release + +on: + release: + types: [published] + +permissions: {} + +jobs: + dispatch: + name: Notify ${{ matrix.repo }} + strategy: + matrix: + repo: ${{ fromJSON(vars.DISPATCH_CONSUMERS) }} + runs-on: ubuntu-latest + timeout-minutes: 5 + permissions: + contents: read + steps: + - name: Generate GitHub App Token + id: app-token + uses: actions/create-github-app-token@v3 + with: + client-id: ${{ vars.GH_APP_CLIENT_ID }} + private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} + repositories: ${{ matrix.repo }} + permission-contents: write + + - name: Dispatch update-flake-input + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + TARGET_REPO: ${{ matrix.repo }} + run: | + gh api "repos/dryvist/${TARGET_REPO}/dispatches" \ + -f event_type=update-flake-input \ + -f 'client_payload[input]=nix-claude-code' From 9b4ecbac3f34d4922ef726780349f4bb998bd5df Mon Sep 17 00:00:00 2001 From: JacobPEvans <20714140+JacobPEvans-personal@users.noreply.github.com> Date: Tue, 2 Jun 2026 15:23:20 -0400 Subject: [PATCH 2/2] refactor(ci): slim dispatch-lock-updates to thin workflow_call caller Replace the 41-line inline job with a 3-line call to the new reusable workflow in dryvist/.github. All logic (matrix fan-out, App-token mint, cross-repo dispatch) now lives in one place. Depends on: dryvist/.github adding _dispatch-flake-consumers.yml@main Refs: dryvist/.github#21 Assisted-by: Claude:claude-opus-4-8 --- .github/workflows/dispatch-lock-updates.yml | 29 +++------------------ 1 file changed, 3 insertions(+), 26 deletions(-) diff --git a/.github/workflows/dispatch-lock-updates.yml b/.github/workflows/dispatch-lock-updates.yml index c60e329..4cc2fe4 100644 --- a/.github/workflows/dispatch-lock-updates.yml +++ b/.github/workflows/dispatch-lock-updates.yml @@ -13,29 +13,6 @@ permissions: {} jobs: dispatch: - name: Notify ${{ matrix.repo }} - strategy: - matrix: - repo: ${{ fromJSON(vars.DISPATCH_CONSUMERS) }} - runs-on: ubuntu-latest - timeout-minutes: 5 - permissions: - contents: read - steps: - - name: Generate GitHub App Token - id: app-token - uses: actions/create-github-app-token@v3 - with: - client-id: ${{ vars.GH_APP_CLIENT_ID }} - private-key: ${{ secrets.GH_APP_PRIVATE_KEY }} - repositories: ${{ matrix.repo }} - permission-contents: write - - - name: Dispatch update-flake-input - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - TARGET_REPO: ${{ matrix.repo }} - run: | - gh api "repos/dryvist/${TARGET_REPO}/dispatches" \ - -f event_type=update-flake-input \ - -f 'client_payload[input]=nix-claude-code' + uses: dryvist/.github/.github/workflows/_dispatch-flake-consumers.yml@main + # source_input defaults to the calling repo name (nix-claude-code). + secrets: inherit