diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..544491d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,29 @@ +on: + pull_request: + push: + branches: [main] + +jobs: + lints: + name: Build + runs-on: ubuntu-latest + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v4 + - uses: ./. + - run: nix develop -c typos + if: success() || failure() + - run: nix develop -c ruff check + if: success() || failure() + - run: nix develop -c ruff format --diff + if: success() || failure() + - run: nix develop -c shellcheck ./tools/*.sh + if: success() || failure() + - name: Regenerate the README to make sure it is unchanged + run: nix develop -c ./tools/generate.sh + if: success() || failure() + - name: Assert no changes were made + run: git diff --exit-code + if: success() || failure() diff --git a/.github/workflows/propose-release.yml b/.github/workflows/propose-release.yml new file mode 100644 index 0000000..723fa78 --- /dev/null +++ b/.github/workflows/propose-release.yml @@ -0,0 +1,34 @@ +on: + workflow_dispatch: + inputs: + reference-id: + type: string + required: true + version: + type: string + required: true + +concurrency: + group: ${{ github.workflow }} + cancel-in-progress: true + +jobs: + propose-release: + uses: DeterminateSystems/propose-release/.github/workflows/workflow.yml@main + permissions: + id-token: "write" + contents: "write" + pull-requests: write + with: + reference-id: ${{ inputs.reference-id }} + version: ${{ inputs.version }} + extra-commands-early: | + nix develop -c ./tools/update-state.sh "v$VERSION" + git diff || true + git add tools/state.json + git commit -m "Update the state.json for v$VERSION" + nix develop -c ./tools/generate.sh + git add README.md action.yml + git commit -m "Update README.md and action.yml for v$VERSION" + echo "Checking there is no remaining diff..." + git diff --exit-code diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..11192d3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,34 @@ +on: + release: + types: + - released + +jobs: + PushLooseTag: + environment: production + permissions: + id-token: write + contents: write + runs-on: ubuntu-latest + steps: + - name: Optionally tag a vMAJOR tag + id: check_tag + env: + VERSION: ${{ github.ref_name }} + run: | + if ! echo "$VERSION" | grep -q "^v[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+$"; then + echo "version needs to be a version, in x.y.z format." + echo "Therefore, not pushing a v" + exit 0 + fi + + shorttag=$(echo "$VERSION" | cut -d'.' -f1) + echo "shorttag=$shorttag" >> "$GITHUB_OUTPUT" + + - uses: actions/checkout@v4 + - name: Create the short tag + env: + SHORTTAG: ${{ steps.check_tag.outputs.shorttag }} + run: | + git tag --force "$SHORTTAG" + git push --force origin "$SHORTTAG" diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..78eecde --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +upstream.json diff --git a/README.md b/README.md new file mode 100644 index 0000000..c3ee852 --- /dev/null +++ b/README.md @@ -0,0 +1,97 @@ +# Determinate Nix Action + +Determinate is the best way to use Nix on macOS, WSL, and Linux. +It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment. + +Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily. + +## Supports + +- ✅ **Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info. +- ✅ Linux, x86_64, aarch64, and i686 +- ✅ macOS, x86_64 and aarch64 +- ✅ WSL2, x86_64 and aarch64 +- ✅ Containers, ARC, and Act +- ✅ GitHub Enterprise Server +- ✅ GitHub Hosted, self-hosted, and long running Actions Runners + +## Usage + +```yaml +on: + pull_request: + push: + branches: [main] + +jobs: + lints: + name: Build + runs-on: ubuntu-latest + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@v4.2.1 + - uses: DeterminateSystems/determinate-nix-action@main # or v3.5.1 to pin to a release + - run: nix build . +``` + +## Pinning + +This action is tagged automatically for every Determinate Nix release. +Pinning to `DeterminateSystems/determinate-nix-action@v3.5.1` will always resolve to the same `DeterminateSystems/nix-installer-action` revision and will always install Determinate Nix v3.5.1. + +This is different from `DeterminateSystems/nix-installer-action`, which does not support explicit pinning. + +If your action does not pin to a specific tag and uses `DeterminateSystems/determinate-nix-action@main` your workflows will follow the latest Determinate Nix release, and occasionally participate in phased Determinate Nix releases. + +> [!IMPORTANT] +> Make sure to setup Dependabot to stay up to date with Determinate Nix releases. + +### Setting up Dependabot + +Automatically keep your GitHub actions up to date with Dependabot. +Create a file in your repository at `.github/dependabot.yml` with the following contents: + +```yaml +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" +``` + +## Configuration + +| Parameter | Description | Required | Default | +|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|----------------------------| +| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | | | +| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | | `${{ github.server_url }}` | +| `github-token` | A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | | `${{ github.token }}` | +| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | | `True` | +| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | | `False` | +| `init` | The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`) | | | +| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it. | | `True` | +| `planner` | A planner to use | | | +| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | | | +| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | | `False` | +| `source-binary` | Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action. | | | +| `source-branch` | The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`) | | | +| `source-pr` | The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`) | | | +| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`) | | | +| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | | `v3.5.1` | +| `source-url` | A URL pointing to a `nix-installer` executable | | | +| `backtrace` | The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables) | | | +| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string. | | `-` | +| `log-directives` | A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives) | | | +| `logger` | The logger to use for install (eg. `pretty`, `json`, `full`, `compact`) | | | +| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows. | | `False` | + +## Need help? + +- Open an issue, +- Join our Discord: https://determinate.systems/discord, +- Contact us over email: [support@determinate.systems](mailto:support@determinate.systems), + +Support contracts and shared slack rooms are available. diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..18797fb --- /dev/null +++ b/action.yml @@ -0,0 +1,131 @@ +{ + "name": "Install Determinate Nix", + "description": "Install Determinate Nix. See: https://docs.determinate.systems", + "branding": { + "icon": "box", + "color": "rainbow" + }, + "inputs": { + "extra-conf": { + "description": "Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)", + "required": false + }, + "github-server-url": { + "description": "The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server.", + "default": "${{ github.server_url }}" + }, + "github-token": { + "description": "A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)", + "default": "${{ github.token }}" + }, + "trust-runner-user": { + "description": "Whether to make the runner user trusted by the Nix daemon", + "default": true + }, + "force-no-systemd": { + "description": "Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.", + "required": false, + "default": false + }, + "init": { + "description": "The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)", + "required": false + }, + "kvm": { + "description": "Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it.", + "required": false, + "default": true + }, + "planner": { + "description": "A planner to use", + "required": false + }, + "proxy": { + "description": "The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL`", + "required": false + }, + "reinstall": { + "description": "Force a reinstall if an existing installation is detected (consider backing up `/nix/store`)", + "required": false, + "default": false + }, + "source-binary": { + "description": "Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action.", + "required": false + }, + "source-branch": { + "description": "The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`)", + "required": false + }, + "source-pr": { + "description": "The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`)", + "required": false + }, + "source-revision": { + "description": "The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`)", + "required": false + }, + "source-tag": { + "description": "The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)", + "required": false, + "default": "v3.5.1" + }, + "source-url": { + "description": "A URL pointing to a `nix-installer` executable", + "required": false + }, + "backtrace": { + "description": "The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)", + "required": false + }, + "diagnostic-endpoint": { + "description": "Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string.", + "required": false, + "default": "-" + }, + "log-directives": { + "description": "A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives)", + "required": false + }, + "logger": { + "description": "The logger to use for install (eg. `pretty`, `json`, `full`, `compact`)", + "required": false + }, + "_internal-strict-mode": { + "description": "Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.", + "required": false, + "default": false + } + }, + "runs": { + "using": "composite", + "steps": [ + { + "uses": "DeterminateSystems/nix-installer-action@main", + "with": { + "extra-conf": "${{ inputs.extra-conf }}", + "github-server-url": "${{ inputs.github-server-url }}", + "github-token": "${{ inputs.github-token }}", + "trust-runner-user": "${{ inputs.trust-runner-user }}", + "force-no-systemd": "${{ inputs.force-no-systemd }}", + "init": "${{ inputs.init }}", + "kvm": "${{ inputs.kvm }}", + "planner": "${{ inputs.planner }}", + "proxy": "${{ inputs.proxy }}", + "reinstall": "${{ inputs.reinstall }}", + "source-binary": "${{ inputs.source-binary }}", + "source-branch": "${{ inputs.source-branch }}", + "source-pr": "${{ inputs.source-pr }}", + "source-revision": "${{ inputs.source-revision }}", + "source-tag": "${{ inputs.source-tag }}", + "source-url": "${{ inputs.source-url }}", + "backtrace": "${{ inputs.backtrace }}", + "diagnostic-endpoint": "${{ inputs.diagnostic-endpoint }}", + "log-directives": "${{ inputs.log-directives }}", + "logger": "${{ inputs.logger }}", + "_internal-strict-mode": "${{ inputs._internal-strict-mode }}" + } + } + ] + } +} \ No newline at end of file diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..9464e76 --- /dev/null +++ b/flake.lock @@ -0,0 +1,25 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1746904237, + "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=", + "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956", + "revCount": 797896, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.797896%2Brev-d89fc19e405cb2d55ce7cc114356846a0ee5e956/0196c1a7-7ad3-74a9-9d50-1b854aca6d6c/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..f55fa4f --- /dev/null +++ b/flake.nix @@ -0,0 +1,30 @@ +{ + description = "Development environment for determinate-nix-action"; + + inputs = { + nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1"; + }; + + outputs = { self, nixpkgs }: + let + supportedSystems = [ "x86_64-linux" "aarch64-darwin" ]; + forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f { + pkgs = nixpkgs.legacyPackages.${system}; + }); + in + { + devShells = forEachSupportedSystem ({ pkgs }: { + default = pkgs.mkShell { + packages = with pkgs; [ + gh + jq + python3 + python3.pkgs.ruff + shellcheck + typos + yq + ]; + }; + }); + }; +} diff --git a/tools/README.md b/tools/README.md new file mode 100644 index 0000000..8a219ab --- /dev/null +++ b/tools/README.md @@ -0,0 +1,14 @@ +Regenerate the readme: + +``` +./tools/update-state.sh +./tools/generate.sh +``` + +Before committing, lint your code: + +``` +ruff format +ruff check +shellcheck ./tools/*.sh +``` diff --git a/tools/README.template.md b/tools/README.template.md new file mode 100644 index 0000000..10e94d6 --- /dev/null +++ b/tools/README.template.md @@ -0,0 +1,75 @@ +# Determinate Nix Action + +Determinate is the best way to use Nix on macOS, WSL, and Linux. +It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment. + +Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily. + +## Supports + +- ✅ **Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info. +- ✅ Linux, x86_64, aarch64, and i686 +- ✅ macOS, x86_64 and aarch64 +- ✅ WSL2, x86_64 and aarch64 +- ✅ Containers, ARC, and Act +- ✅ GitHub Enterprise Server +- ✅ GitHub Hosted, self-hosted, and long running Actions Runners + +## Usage + +```yaml +on: + pull_request: + push: + branches: [main] + +jobs: + lints: + name: Build + runs-on: ubuntu-latest + permissions: + id-token: "write" + contents: "read" + steps: + - uses: actions/checkout@ + - uses: DeterminateSystems/determinate-nix-action@main # or to pin to a release + - run: nix build . +``` + +## Pinning + +This action is tagged automatically for every Determinate Nix release. +Pinning to `DeterminateSystems/determinate-nix-action@` will always resolve to the same `DeterminateSystems/nix-installer-action` revision and will always install Determinate Nix . + +This is different from `DeterminateSystems/nix-installer-action`, which does not support explicit pinning. + +If your action does not pin to a specific tag and uses `DeterminateSystems/determinate-nix-action@main` your workflows will follow the latest Determinate Nix release, and occasionally participate in phased Determinate Nix releases. + +> [!IMPORTANT] +> Make sure to setup Dependabot to stay up to date with Determinate Nix releases. + +### Setting up Dependabot + +Automatically keep your GitHub actions up to date with Dependabot. +Create a file in your repository at `.github/dependabot.yml` with the following contents: + +```yaml +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" +``` + +## Configuration + + + +## Need help? + +- Open an issue, +- Join our Discord: https://determinate.systems/discord, +- Contact us over email: [support@determinate.systems](mailto:support@determinate.systems), + +Support contracts and shared slack rooms are available. diff --git a/tools/generate.py b/tools/generate.py new file mode 100644 index 0000000..311d25e --- /dev/null +++ b/tools/generate.py @@ -0,0 +1,239 @@ +#!/usr/bin/env python3 + +import json +from pprint import pprint +import sys + + +def eprintln(line): + print(line, file=sys.stderr) + + +def make_inputs_table(inputs): + headers = ["Parameter", "Description", "Required", "Default"] + rows = [] + for input_name, input_options in inputs.items(): + required = input_options.get("required", False) + default = input_options.get("default") + + rows.append( + [ + f"`{input_name}`", + input_options["description"], + "📍" if required else "", + f"`{default}`" if default is not None else "", + ] + ) + + # The following is just tedious markdown formatting junk so we didn't need a dep, + # if it seems wack just rewrite it lol + all_rows = [headers] + rows + col_widths = [max(len(str(cell)) for cell in col) for col in zip(*all_rows)] + + def format_row(row): + return ( + "| " + + " | ".join(str(cell).ljust(width) for cell, width in zip(row, col_widths)) + + " |" + ) + + lines = [ + format_row(headers), + "|" + "|".join("-" * (w + 2) for w in col_widths) + "|", + ] + for row in rows: + lines.append(format_row(row)) + + return "\n".join(lines) + + +keep_inputs = [ + "extra-conf", + "github-server-url", + "github-token", + "trust-runner-user", + # Advanced run-time environment options + "force-no-systemd", + "init", + "kvm", + "planner", + "proxy", + "reinstall", + # Determinate Nix Installer testing, swap-out options + "source-binary", + "source-branch", + "source-pr", + "source-revision", + "source-tag", + "source-url", + # debugging + "backtrace", + "diagnostic-endpoint", + "log-directives", + "logger", + "_internal-strict-mode", +] + +discard_inputs = [ + "determinate", + "extra-args", + "flakehub", + "job-status", + "local-root", + "mac-case-sensitive", + "mac-encrypt", + "mac-root-disk", + "mac-volume-label", + "modify-profile", + "nix-build-group-id", + "nix-build-group-name", + "nix-build-user-base", + "nix-build-user-count", + "nix-build-user-prefix", + "nix-installer-branch", + "nix-installer-pr", + "nix-installer-revision", + "nix-installer-tag", + "nix-installer-url", + "nix-package-url", + "ssl-cert-file", + "start-daemon", +] + +result = { + "name": "Install Determinate Nix", + "description": "Install Determinate Nix. See: https://docs.determinate.systems", + "branding": { + "icon": "box", + "color": "rainbow", + }, + "inputs": {}, + "runs": { + "using": "composite", + "steps": [], + }, +} + +readme_table_marker = "" +readme_checkout_action_tag_marker = "" +readme_version_marker = "" + +faults = [] + +# these are in reverse order lol +output_readme = sys.argv.pop() +readme_template = sys.argv.pop() +output_action = sys.argv.pop() +source_file = sys.argv.pop() +checkout_action_tag = sys.argv.pop() +nix_installer_revision = sys.argv.pop() +nix_installer_tag = sys.argv.pop() + +# these are printed in argument order +eprintln(f"Determinate Nix Installer binary tag: {nix_installer_tag}") +eprintln(f"Nix Installer Action revision: {nix_installer_revision}") +eprintln(f"Checkout Action tag: {checkout_action_tag}") +eprintln(f"Source action json doc: {source_file}") +eprintln(f"Target action.yml: {output_action}") +eprintln(f"Readme template file: {readme_template}") +eprintln(f"Target readme: {output_readme}") + + +with open(source_file) as fp: + source = json.load(fp) + +del source["name"] +del source["description"] +del source["branding"] +del source["runs"] + +nix_install_step = { + "uses": f"DeterminateSystems/nix-installer-action@{nix_installer_revision}", + "with": {}, +} + +# Move kept inputs into the resulting action document +for input_name in keep_inputs: + try: + input = source["inputs"][input_name] + del source["inputs"][input_name] + + result["inputs"][input_name] = input + nix_install_step["with"][input_name] = f"${{{{ inputs.{input_name} }}}}" + except KeyError: + faults.append(f"Input action is missing this 'keep_inputs' input: {input_name}") + +result["runs"]["steps"].append(nix_install_step) + +# Delete inputs we specifically do not want to support without a specific and known use case +for input_name in discard_inputs: + try: + del source["inputs"][input_name] + except KeyError as e: + pprint(e) + faults.append( + f"Input action is missing this 'discarded_inputs' input: {input_name}" + ) + +# Kvetch if there are remaining inputs we're not aware of +if source["inputs"] != {}: + faults.append( + f"Input action has inputs that were not accounted for in either keep_inputs, discarded_inputs: {', '.join(source['inputs'].keys())}" + ) +else: + del source["inputs"] + +# Kvetch if the source document has ANY remaining properties (like outputs!) that we don't already handle +if source != {}: + faults.append( + f"The source action was not completely obliterated by the translation, so this script needs updating. Remains: {json.dumps(source)}" + ) + +# Set the default source-tag to the currently released tag +result["inputs"]["source-tag"]["default"] = nix_installer_tag + +# Generate a README from the inputs +table = make_inputs_table(result["inputs"]) + +print("Resulting action:") +print(json.dumps(result, indent=4)) +print("") +print("Readme table:") +print(table) + +eprintln(f"Reading the README template from {readme_template}") +with open(readme_template) as fp: + template = fp.read() + + if readme_table_marker not in template: + faults.append( + f"Replacement template marker `{readme_table_marker}` is not present in {readme_template}." + ) + if readme_version_marker not in template: + faults.append( + f"Replacement template marker `{readme_version_marker}` is not present in {readme_template}." + ) + + if readme_checkout_action_tag_marker not in template: + faults.append( + f"Replacement template marker `{readme_checkout_action_tag_marker}` is not present in {readme_template}." + ) + readme_checkout_action_tag_marker + +if len(faults) > 0: + eprintln("Faults preventing saves:") + for fault in faults: + eprintln(f"* {fault}") + raise SystemExit + +eprintln(f"Writing out the action.yml to {output_action}") +with open(output_action, "w") as fp: + json.dump(result, indent=4, fp=fp) + +eprintln(f"Writing out the README.md to {output_readme}") +with open(output_readme, "w") as fp: + fp.write( + template.replace(readme_table_marker, table) + .replace(readme_version_marker, nix_installer_tag) + .replace(readme_checkout_action_tag_marker, checkout_action_tag) + ) diff --git a/tools/generate.sh b/tools/generate.sh new file mode 100755 index 0000000..48ab644 --- /dev/null +++ b/tools/generate.sh @@ -0,0 +1,47 @@ +#!/bin/sh + +# Allow "useless" cat +# shellcheck disable=SC2002 + +set -eux + +REPO="DeterminateSystems/nix-installer-action" +FILEPATH="action.yml" + +get_action_as_json() ( + rev=$1 + + curl -s -L "https://raw.githubusercontent.com/$REPO/$rev/$FILEPATH" \ + | yq +) + +main() { + + echo "::group::{./tools/state.json}" + cat ./tools/state.json + echo "::endgroup::" + + + nix_installer_action_revision=$(cat ./tools/state.json | jq -r .nix_installer_action_revision) + determinate_nix_tag=$(cat ./tools/state.json | jq -r .determinate_nix_tag) + checkout_action_tag=$(cat ./tools/state.json | jq -r .checkout_action_tag) + + get_action_as_json "$nix_installer_action_revision" > upstream.json + + echo "::group::{./upstream.json}" + cat ./upstream.json + echo "::endgroup::" + + python3 -- ./tools/generate.py \ + "$determinate_nix_tag" \ + "$nix_installer_action_revision" \ + "$checkout_action_tag" \ + ./upstream.json \ + ./action.yml \ + ./tools/README.template.md \ + ./README.md + + rm ./upstream.json +} + +main diff --git a/tools/state.json b/tools/state.json new file mode 100644 index 0000000..d05c099 --- /dev/null +++ b/tools/state.json @@ -0,0 +1,5 @@ +{ + "nix_installer_action_revision": "main", + "determinate_nix_tag": "v3.5.1", + "checkout_action_tag": "v4.2.1" +} \ No newline at end of file diff --git a/tools/update-state.sh b/tools/update-state.sh new file mode 100755 index 0000000..ce8f92b --- /dev/null +++ b/tools/update-state.sh @@ -0,0 +1,38 @@ +#!/bin/sh + +set -eux + +DETERMINATE_NIX_TAG=$1 +REPO="DeterminateSystems/nix-installer-action" + +default_branch() { + gh api "repos/$REPO" \ + | jq -r '.default_branch' +} + +get_latest_revision() { + gh api "repos/$REPO/commits/$(default_branch)" \ + | jq -r '.sha' +} + +checkout_tag() { + gh release list \ + --repo actions/checkout \ + --exclude-drafts \ + --exclude-pre-releases \ + --jq 'map(select(.isLatest)) | first | .tagName' \ + --json isLatest,tagName +} + +main() { + revision=$(get_latest_revision) + checkout_tag=$(checkout_tag) + + jq -n '$ARGS.named' \ + --arg nix_installer_action_revision "$revision" \ + --arg "determinate_nix_tag" "$DETERMINATE_NIX_TAG" \ + --arg "checkout_action_tag" "$checkout_tag" \ + | cat > tools/state.json +} + +main