Initial commit

tools/README.md

@@ -0,0 +1,14 @@
+Regenerate the readme:
+
+```
+./tools/update-state.sh <determinate-nixd version, like v3.5.2>
+./tools/generate.sh
+```
+
+Before committing, lint your code:
+
+```
+ruff format
+ruff check
+shellcheck ./tools/*.sh
+```

tools/README.template.md

@@ -0,0 +1,75 @@
+# Determinate Nix Action
+
+Determinate is the best way to use Nix on macOS, WSL, and Linux.
+It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment.
+
+Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily.
+
+## Supports
+
+- ✅ **Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info.
+- ✅ Linux, x86_64, aarch64, and i686
+- ✅ macOS, x86_64 and aarch64
+- ✅ WSL2, x86_64 and aarch64
+- ✅ Containers, ARC, and Act
+- ✅ GitHub Enterprise Server
+- ✅ GitHub Hosted, self-hosted, and long running Actions Runners
+
+## Usage
+
+```yaml
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+jobs:
+  lints:
+    name: Build
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: "write"
+      contents: "read"
+    steps:
+      - uses: actions/checkout@<!-- checkout_action_tag -->
+      - uses: DeterminateSystems/determinate-nix-action@main # or <!-- version --> to pin to a release
+      - run: nix build .
+```
+
+## Pinning
+
+This action is tagged automatically for every Determinate Nix release.
+Pinning to `DeterminateSystems/determinate-nix-action@<!-- version -->` will always resolve to the same `DeterminateSystems/nix-installer-action` revision and will always install Determinate Nix <!-- version -->.
+
+This is different from `DeterminateSystems/nix-installer-action`, which does not support explicit pinning.
+
+If your action does not pin to a specific tag and uses `DeterminateSystems/determinate-nix-action@main` your workflows will follow the latest Determinate Nix release, and occasionally participate in phased Determinate Nix releases.
+
+> [!IMPORTANT]  
+> Make sure to setup Dependabot to stay up to date with Determinate Nix releases.
+
+### Setting up Dependabot
+
+Automatically keep your GitHub actions up to date with Dependabot.
+Create a file in your repository at `.github/dependabot.yml` with the following contents:
+
+```yaml
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+```
+
+## Configuration
+
+<!-- table -->
+
+## Need help?
+
+- Open an issue,
+- Join our Discord: https://determinate.systems/discord,
+- Contact us over email: [support@determinate.systems](mailto:support@determinate.systems),
+
+Support contracts and shared slack rooms are available.

tools/generate.py

@@ -0,0 +1,239 @@
+#!/usr/bin/env python3
+
+import json
+from pprint import pprint
+import sys
+
+
+def eprintln(line):
+    print(line, file=sys.stderr)
+
+
+def make_inputs_table(inputs):
+    headers = ["Parameter", "Description", "Required", "Default"]
+    rows = []
+    for input_name, input_options in inputs.items():
+        required = input_options.get("required", False)
+        default = input_options.get("default")
+
+        rows.append(
+            [
+                f"`{input_name}`",
+                input_options["description"],
+                "📍" if required else "",
+                f"`{default}`" if default is not None else "",
+            ]
+        )
+
+    # The following is just tedious markdown formatting junk so we didn't need a dep,
+    # if it seems wack just rewrite it lol
+    all_rows = [headers] + rows
+    col_widths = [max(len(str(cell)) for cell in col) for col in zip(*all_rows)]
+
+    def format_row(row):
+        return (
+            "| "
+            + " | ".join(str(cell).ljust(width) for cell, width in zip(row, col_widths))
+            + " |"
+        )
+
+    lines = [
+        format_row(headers),
+        "|" + "|".join("-" * (w + 2) for w in col_widths) + "|",
+    ]
+    for row in rows:
+        lines.append(format_row(row))
+
+    return "\n".join(lines)
+
+
+keep_inputs = [
+    "extra-conf",
+    "github-server-url",
+    "github-token",
+    "trust-runner-user",
+    # Advanced run-time environment options
+    "force-no-systemd",
+    "init",
+    "kvm",
+    "planner",
+    "proxy",
+    "reinstall",
+    # Determinate Nix Installer testing, swap-out options
+    "source-binary",
+    "source-branch",
+    "source-pr",
+    "source-revision",
+    "source-tag",
+    "source-url",
+    # debugging
+    "backtrace",
+    "diagnostic-endpoint",
+    "log-directives",
+    "logger",
+    "_internal-strict-mode",
+]
+
+discard_inputs = [
+    "determinate",
+    "extra-args",
+    "flakehub",
+    "job-status",
+    "local-root",
+    "mac-case-sensitive",
+    "mac-encrypt",
+    "mac-root-disk",
+    "mac-volume-label",
+    "modify-profile",
+    "nix-build-group-id",
+    "nix-build-group-name",
+    "nix-build-user-base",
+    "nix-build-user-count",
+    "nix-build-user-prefix",
+    "nix-installer-branch",
+    "nix-installer-pr",
+    "nix-installer-revision",
+    "nix-installer-tag",
+    "nix-installer-url",
+    "nix-package-url",
+    "ssl-cert-file",
+    "start-daemon",
+]
+
+result = {
+    "name": "Install Determinate Nix",
+    "description": "Install Determinate Nix. See: https://docs.determinate.systems",
+    "branding": {
+        "icon": "box",
+        "color": "rainbow",
+    },
+    "inputs": {},
+    "runs": {
+        "using": "composite",
+        "steps": [],
+    },
+}
+
+readme_table_marker = "<!-- table -->"
+readme_checkout_action_tag_marker = "<!-- checkout_action_tag -->"
+readme_version_marker = "<!-- version -->"
+
+faults = []
+
+# these are in reverse order lol
+output_readme = sys.argv.pop()
+readme_template = sys.argv.pop()
+output_action = sys.argv.pop()
+source_file = sys.argv.pop()
+checkout_action_tag = sys.argv.pop()
+nix_installer_revision = sys.argv.pop()
+nix_installer_tag = sys.argv.pop()
+
+# these are printed in argument order
+eprintln(f"Determinate Nix Installer binary tag: {nix_installer_tag}")
+eprintln(f"Nix Installer Action revision: {nix_installer_revision}")
+eprintln(f"Checkout Action tag: {checkout_action_tag}")
+eprintln(f"Source action json doc: {source_file}")
+eprintln(f"Target action.yml: {output_action}")
+eprintln(f"Readme template file: {readme_template}")
+eprintln(f"Target readme: {output_readme}")
+
+
+with open(source_file) as fp:
+    source = json.load(fp)
+
+del source["name"]
+del source["description"]
+del source["branding"]
+del source["runs"]
+
+nix_install_step = {
+    "uses": f"DeterminateSystems/nix-installer-action@{nix_installer_revision}",
+    "with": {},
+}
+
+# Move kept inputs into the resulting action document
+for input_name in keep_inputs:
+    try:
+        input = source["inputs"][input_name]
+        del source["inputs"][input_name]
+
+        result["inputs"][input_name] = input
+        nix_install_step["with"][input_name] = f"${{{{ inputs.{input_name} }}}}"
+    except KeyError:
+        faults.append(f"Input action is missing this 'keep_inputs' input: {input_name}")
+
+result["runs"]["steps"].append(nix_install_step)
+
+# Delete inputs we specifically do not want to support without a specific and known use case
+for input_name in discard_inputs:
+    try:
+        del source["inputs"][input_name]
+    except KeyError as e:
+        pprint(e)
+        faults.append(
+            f"Input action is missing this 'discarded_inputs' input: {input_name}"
+        )
+
+# Kvetch if there are remaining inputs we're not aware of
+if source["inputs"] != {}:
+    faults.append(
+        f"Input action has inputs that were not accounted for in either keep_inputs, discarded_inputs: {', '.join(source['inputs'].keys())}"
+    )
+else:
+    del source["inputs"]
+
+# Kvetch if the source document has ANY remaining properties (like outputs!) that we don't already handle
+if source != {}:
+    faults.append(
+        f"The source action was not completely obliterated by the translation, so this script needs updating. Remains: {json.dumps(source)}"
+    )
+
+# Set the default source-tag to the currently released tag
+result["inputs"]["source-tag"]["default"] = nix_installer_tag
+
+# Generate a README from the inputs
+table = make_inputs_table(result["inputs"])
+
+print("Resulting action:")
+print(json.dumps(result, indent=4))
+print("")
+print("Readme table:")
+print(table)
+
+eprintln(f"Reading the README template from {readme_template}")
+with open(readme_template) as fp:
+    template = fp.read()
+
+    if readme_table_marker not in template:
+        faults.append(
+            f"Replacement template marker `{readme_table_marker}` is not present in {readme_template}."
+        )
+    if readme_version_marker not in template:
+        faults.append(
+            f"Replacement template marker `{readme_version_marker}` is not present in {readme_template}."
+        )
+
+    if readme_checkout_action_tag_marker not in template:
+        faults.append(
+            f"Replacement template marker `{readme_checkout_action_tag_marker}` is not present in {readme_template}."
+        )
+        readme_checkout_action_tag_marker
+
+if len(faults) > 0:
+    eprintln("Faults preventing saves:")
+    for fault in faults:
+        eprintln(f"* {fault}")
+    raise SystemExit
+
+eprintln(f"Writing out the action.yml to {output_action}")
+with open(output_action, "w") as fp:
+    json.dump(result, indent=4, fp=fp)
+
+eprintln(f"Writing out the README.md to {output_readme}")
+with open(output_readme, "w") as fp:
+    fp.write(
+        template.replace(readme_table_marker, table)
+        .replace(readme_version_marker, nix_installer_tag)
+        .replace(readme_checkout_action_tag_marker, checkout_action_tag)
+    )

tools/generate.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+
+# Allow "useless" cat
+# shellcheck disable=SC2002
+
+set -eux
+
+REPO="DeterminateSystems/nix-installer-action"
+FILEPATH="action.yml"
+
+get_action_as_json() (
+    rev=$1
+
+    curl -s -L "https://raw.githubusercontent.com/$REPO/$rev/$FILEPATH" \
+        | yq
+)
+
+main() {
+
+    echo "::group::{./tools/state.json}"
+    cat ./tools/state.json
+    echo "::endgroup::"
+
+
+    nix_installer_action_revision=$(cat ./tools/state.json | jq -r .nix_installer_action_revision)
+    determinate_nix_tag=$(cat ./tools/state.json | jq -r .determinate_nix_tag)
+    checkout_action_tag=$(cat ./tools/state.json | jq -r .checkout_action_tag)
+
+    get_action_as_json "$nix_installer_action_revision" > upstream.json
+
+    echo "::group::{./upstream.json}"
+    cat ./upstream.json
+    echo "::endgroup::"
+
+    python3 -- ./tools/generate.py \
+        "$determinate_nix_tag" \
+        "$nix_installer_action_revision" \
+        "$checkout_action_tag" \
+        ./upstream.json \
+        ./action.yml \
+        ./tools/README.template.md \
+        ./README.md
+
+    rm ./upstream.json
+}
+
+main

tools/state.json

@@ -0,0 +1,5 @@
+{
+  "nix_installer_action_revision": "main",
+  "determinate_nix_tag": "v3.5.1",
+  "checkout_action_tag": "v4.2.1"
+}

tools/update-state.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -eux
+
+DETERMINATE_NIX_TAG=$1
+REPO="DeterminateSystems/nix-installer-action"
+
+default_branch() {
+    gh api "repos/$REPO" \
+        | jq -r '.default_branch'
+}
+
+get_latest_revision() {
+    gh api "repos/$REPO/commits/$(default_branch)" \
+        | jq -r '.sha'
+}
+
+checkout_tag() {
+    gh release list \
+        --repo actions/checkout \
+        --exclude-drafts \
+        --exclude-pre-releases \
+        --jq 'map(select(.isLatest)) | first | .tagName' \
+        --json isLatest,tagName
+}
+
+main() {
+    revision=$(get_latest_revision)
+    checkout_tag=$(checkout_tag)
+
+    jq -n '$ARGS.named' \
+        --arg nix_installer_action_revision "$revision" \
+        --arg "determinate_nix_tag" "$DETERMINATE_NIX_TAG" \
+        --arg "checkout_action_tag" "$checkout_tag" \
+        | cat > tools/state.json
+}
+
+main