maint: Add update manifest for CI.

* etc/manifests/rosenthal-auto-update.scm: New file.

etc/manifests/rosenthal-auto-update.scm

@@ -0,0 +1,52 @@
+;;; SPDX-FileCopyrightText: 2024-2025 Ludovic Courtès <ludo@gnu.org>
+;;; SPDX-FileCopyrightText: 2025 Hilton Chain <hako@ultrarare.space>
+;;;
+;;; SPDX-License-Identifier: GPL-3.0-or-later
+
+(use-modules (guix memoization)
+             (guix packages)
+             (guix profiles)
+             (guix store)
+             (guix transformations)
+             (rosenthal utils packages)
+             ((guix import github) #:select (%github-api))
+             ((guix scripts build) #:select (dependents)))
+
+;; Bypass the GitHub updater: we'd need an API token or we would hit the rate
+;; limit.
+(%github-api "http://example.org")
+
+(define latest-version
+  (mlambdaq (package)
+    (package-with-upstream-version package
+                                   ;; Preserve patches and snippets to get
+                                   ;; exactly the same as what we'd have with
+                                   ;; 'guix refresh -u PACKAGE'.
+                                   #:preserve-patches? #t
+
+                                   ;; XXX: Disable source code authentication:
+                                   ;; this requires a local keyring, populated
+                                   ;; from key servers, but key servers may be
+                                   ;; unreliable or may lack the upstream
+                                   ;; keys.  Leave it up to packagers to
+                                   ;; actually authenticate code and make sure
+                                   ;; it matches what this manifest computed.
+                                   #:authenticate? #f)))
+
+(define updatable-packages
+  (filter (negate rosenthal-disable-updater?)
+          (all-rosenthal-packages)))
+
+(manifest
+ (with-store store
+   (let ((update-all (package-input-rewriting
+                      (map (lambda (package)
+                             `(,package . ,(latest-version package)))
+                           updatable-packages)
+                      #:recursive? #t)))
+     (map (lambda (package)
+            (manifest-entry
+              (inherit (package->manifest-entry
+                        (update-all package)))
+              (name (string-append (package-name package) "-full-upgrade"))))
+          (dependents store updatable-packages 2)))))

modules/rosenthal/packages/admin.scm

@@ -62,7 +62,8 @@ the user to manage services with dependencies and parallel startup.")
          ((#:configure-flags configure-flags)
           #~(append #$configure-flags
                     (list "-Dlibseat-logind=disabled")))))
-      (propagated-inputs '()))))
+      (propagated-inputs '())
+      (properties '((disable-updater? . #t))))))
 
 (define-public pam-dumb-runtime-dir
   (package
@@ -111,4 +112,5 @@ exists and is only writable by root.")
          ((#:configure-flags configure-flags)
           #~(append #$configure-flags
                     (list "-Dlibseat-logind=disabled")))))
-      (propagated-inputs '()))))
+      (propagated-inputs '())
+      (properties '((disable-updater? . #t))))))

modules/rosenthal/packages/binaries.scm

@@ -153,7 +153,8 @@ exec ~a -jar ~a $@~%"
     "Komga is a media server for your comics, mangas, BDs, magazines and
 eBooks.")
    (license license:expat)
-   (properties '((upstream-name . "komga")))))
+   (properties '((upstream-name . "komga")
+                 (disable-updater? . #t)))))
 
 (define-public navidrome-bin
   (package
@@ -179,7 +180,8 @@ eBooks.")
 manage their music collections.  It provides a web interface and is compatible
 with the Subsonic API.")
     (license license:expat)
-    (properties '((upstream-name . "navidrome")))))
+    (properties '((upstream-name . "navidrome")
+                  (disable-updater? . #t)))))
 
 (define-public shadow-tls-bin
   (package
@@ -209,7 +211,8 @@ with the Subsonic API.")
      "Shadow TLS is a proxy to expose real tls handshake to the @acronym{MITM,
 monster-in-the-middle}.")
     (license license:expat)
-    (properties '((upstream-name . "shadow-tls")))))
+    (properties '((upstream-name . "shadow-tls")
+                  (disable-updater? . #t)))))
 
 (define-public sing-box-bin
   (deprecated-package "sing-box-bin" sing-box))
@@ -239,7 +242,8 @@ monster-in-the-middle}.")
      "This package provides @code{wakapi}, a WakaTime-compatible backend for
 coding statistics.")
     (license license:expat)
-    (properties '((upstream-name . "wakapi")))))
+    (properties '((upstream-name . "wakapi")
+                  (disable-updater? . #t)))))
 
 (define-public wakatime-cli-bin
   (package
@@ -265,4 +269,5 @@ coding statistics.")
      "This package provides @command{wakatime-cli}, the command line interface
 to WakaTime, which is used by all WakaTime text editor plugins.")
     (license license:bsd-3)
-    (properties '((upstream-name . "wakatime-cli")))))
+    (properties '((upstream-name . "wakatime-cli")
+                  (disable-updater? . #t)))))

modules/rosenthal/packages/web.scm

@@ -97,7 +97,8 @@ website owners block unwanted AI crawlers from accessing their sites.")
      "Anubis checks incoming HTTP requests using one or more challenges in
 order to protect upstream resources from web crawlers.")
     (license license:expat)
-    (properties '((upstream-name . "anubis")))))
+    (properties '((upstream-name . "anubis")
+                  (disable-updater? . #t)))))
 
 (define-public caddy
   (package

modules/rosenthal/packages/xorg.scm

@@ -51,4 +51,6 @@
 Wayland compositor implementing @code{xdg_wm_base} interface.  This is
 particularly useful for compositors that (understandably) do not want to go
 through implementing support for rootless Xwayland themselves.")
-    (license license:mpl2.0)))
+    (license license:mpl2.0)
+    (properties
+    '((disable-updater? . #t)))))