diff --git a/.github/.gitignore b/.github/.gitignore new file mode 100644 index 0000000..234b15e --- /dev/null +++ b/.github/.gitignore @@ -0,0 +1 @@ +/flake.lock diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..83efe97 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,18 @@ +version: 2 +updates: + - package-ecosystem: npm + directory: / + schedule: + interval: weekly + groups: + npm-dependencies: + patterns: + - "*" + - package-ecosystem: cargo + directory: / + schedule: + interval: weekly + groups: + cargo-dependencies: + patterns: + - "*" diff --git a/.github/flake.nix b/.github/flake.nix new file mode 100644 index 0000000..59189eb --- /dev/null +++ b/.github/flake.nix @@ -0,0 +1,50 @@ +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + }; + + outputs = { nixpkgs, ... }: + let + inherit (nixpkgs) lib; + + makePackages = (system: dev: + let + pkgs = import nixpkgs { + inherit system; + }; + in + { + update-nix-hashes = pkgs.writeShellApplication { + name = "update-nix-hashes"; + runtimeInputs = with pkgs; [ + coreutils + gnugrep + nix + prefetch-npm-deps + sd + ]; + text = '' + NPM_FLAKE_PATH="$1" + PACKAGE_LOCK_PATH="$2" + + OLD_HASH="$(nix eval --raw ".#$NPM_FLAKE_PATH.npmDepsHash")" + NEW_HASH="$(prefetch-npm-deps "$PACKAGE_LOCK_PATH" 2>/dev/null)" + + echo "$OLD_HASH" "$NEW_HASH" + test "$OLD_HASH" = "$NEW_HASH" && exit 0 + + grep -q "$OLD_HASH" flake.nix || { echo "couldn't find old hash in flake.nix"; exit 1; } + sd --fixed-strings "$OLD_HASH" "$NEW_HASH" flake.nix + grep -q "$NEW_HASH" flake.nix || { echo "couldn't find new hash in flake.nix"; exit 1; } + ''; + }; + } + ); + in + builtins.foldl' lib.recursiveUpdate { } (builtins.map + (system: { + devShells.${system} = makePackages system true; + packages.${system} = makePackages system false; + }) + lib.systems.flakeExposed); +} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..81434e1 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,19 @@ +name: Build + +on: + push: + branches: [master, main] + workflow_dispatch: + +concurrency: + group: build-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - run: nix build --print-build-logs . diff --git a/.github/workflows/update-lock-files.yml b/.github/workflows/update-lock-files.yml new file mode 100644 index 0000000..3bb0707 --- /dev/null +++ b/.github/workflows/update-lock-files.yml @@ -0,0 +1,37 @@ +name: Update lock files + +on: + schedule: + - cron: "0 0 1 * *" # monthly + workflow_dispatch: + +concurrency: + group: update-lock-files-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + pull-requests: write + +jobs: + update_lock_files: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - run: nix flake update + - run: git diff && git add -v . + - run: nix develop --print-build-logs . -c cargo update + - run: git diff && git add -v . + - run: nix develop --print-build-logs . -c npm update + - run: git diff && git add -v . + - run: nix run --no-write-lock-file --print-build-logs ./.github#update-nix-hashes -- default package-lock.json + - run: git diff && git add -v . + - run: nix build --print-build-logs . + - uses: peter-evans/create-pull-request@v6 + with: + branch: update-lock-files + title: Update lock files + body: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + commit-message: "Update lock files" diff --git a/.github/workflows/update-nix-hashes.yml b/.github/workflows/update-nix-hashes.yml new file mode 100644 index 0000000..d3f4b98 --- /dev/null +++ b/.github/workflows/update-nix-hashes.yml @@ -0,0 +1,33 @@ +name: Update nix hashes + +on: + pull_request: + branches: [master, main] + +concurrency: + group: update-nix-hashes-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: write + +env: + GIT_AUTHOR_NAME: github-actions[bot] + GIT_AUTHOR_EMAIL: 41898282+github-actions[bot]@users.noreply.github.com + GIT_COMMITTER_NAME: github-actions[bot] + GIT_COMMITTER_EMAIL: 41898282+github-actions[bot]@users.noreply.github.com + +jobs: + update_nix_hashes: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main + - run: nix run --no-write-lock-file --print-build-logs ./.github#update-nix-hashes -- default package-lock.json + - run: git diff && git add -v . + - run: nix build --print-build-logs . + - run: "git commit -m 'nix: update hashes' || true" + - run: git push origin