actions/determinate-nix-action
2
0
Fork 0
mirror of https://github.com/DeterminateSystems/determinate-nix-action.git synced 2026-02-24 22:57:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial commit

Browse source
This commit is contained in:
Graham Christensen 2025-05-14 17:20:48 -04:00
parent 681714470d
commit fbd616d075
15 changed files with 800 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc Normal file
View file

@ -0,0 +1 @@
use flake

29
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,29 @@
on:
pull_request:
push:
branches: [main]
jobs:
lints:
name: Build
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v4
- uses: ./.
- run: nix develop -c typos
if: success() || failure()
- run: nix develop -c ruff check
if: success() || failure()
- run: nix develop -c ruff format --diff
if: success() || failure()
- run: nix develop -c shellcheck ./tools/*.sh
if: success() || failure()
- name: Regenerate the README to make sure it is unchanged
run: nix develop -c ./tools/generate.sh
if: success() || failure()
- name: Assert no changes were made
run: git diff --exit-code
if: success() || failure()

34
.github/workflows/propose-release.yml vendored Normal file
View file

@ -0,0 +1,34 @@
on:
workflow_dispatch:
inputs:
reference-id:
type: string
required: true
version:
type: string
required: true
concurrency:
group: ${{ github.workflow }}
cancel-in-progress: true
jobs:
propose-release:
uses: DeterminateSystems/propose-release/.github/workflows/workflow.yml@main
permissions:
id-token: "write"
contents: "write"
pull-requests: write
with:
reference-id: ${{ inputs.reference-id }}
version: ${{ inputs.version }}
extra-commands-early: |
nix develop -c ./tools/update-state.sh "v$VERSION"
git diff || true
git add tools/state.json
git commit -m "Update the state.json for v$VERSION"
nix develop -c ./tools/generate.sh
git add README.md action.yml
git commit -m "Update README.md and action.yml for v$VERSION"
echo "Checking there is no remaining diff..."
git diff --exit-code

34
.github/workflows/release.yml vendored Normal file
View file

@ -0,0 +1,34 @@
on:
release:
types:
- released
jobs:
PushLooseTag:
environment: production
permissions:
id-token: write
contents: write
runs-on: ubuntu-latest
steps:
- name: Optionally tag a vMAJOR tag
id: check_tag
env:
VERSION: ${{ github.ref_name }}
run: |
if ! echo "$VERSION" | grep -q "^v[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+$"; then
echo "version needs to be a version, in x.y.z format."
echo "Therefore, not pushing a v<short>"
exit 0
fi
shorttag=$(echo "$VERSION" | cut -d'.' -f1)
echo "shorttag=$shorttag" >> "$GITHUB_OUTPUT"
- uses: actions/checkout@v4
- name: Create the short tag
env:
SHORTTAG: ${{ steps.check_tag.outputs.shorttag }}
run: |
git tag --force "$SHORTTAG"
git push --force origin "$SHORTTAG"

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
upstream.json

97
README.md Normal file
View file

@ -0,0 +1,97 @@
# Determinate Nix Action
Determinate is the best way to use Nix on macOS, WSL, and Linux.
It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment.
Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily.
## Supports
- ✅ **Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info.
- ✅ Linux, x86_64, aarch64, and i686
- ✅ macOS, x86_64 and aarch64
- ✅ WSL2, x86_64 and aarch64
- ✅ Containers, ARC, and Act
- ✅ GitHub Enterprise Server
- ✅ GitHub Hosted, self-hosted, and long running Actions Runners
## Usage
```yaml
on:
pull_request:
push:
branches: [main]
jobs:
lints:
name: Build
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v4.2.1
- uses: DeterminateSystems/determinate-nix-action@main # or v3.5.1 to pin to a release
- run: nix build .
```
## Pinning
This action is tagged automatically for every Determinate Nix release.
Pinning to `DeterminateSystems/determinate-nix-action@v3.5.1` will always resolve to the same `DeterminateSystems/nix-installer-action` revision and will always install Determinate Nix v3.5.1.
This is different from `DeterminateSystems/nix-installer-action`, which does not support explicit pinning.
If your action does not pin to a specific tag and uses `DeterminateSystems/determinate-nix-action@main` your workflows will follow the latest Determinate Nix release, and occasionally participate in phased Determinate Nix releases.
> [!IMPORTANT]
> Make sure to setup Dependabot to stay up to date with Determinate Nix releases.
### Setting up Dependabot
Automatically keep your GitHub actions up to date with Dependabot.
Create a file in your repository at `.github/dependabot.yml` with the following contents:
```yaml
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
```
## Configuration
| Parameter | Description | Required | Default |
|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|----------------------------|
| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | | |
| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | | `${{ github.server_url }}` |
| `github-token` | A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | | `${{ github.token }}` |
| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | | `True` |
| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | | `False` |
| `init` | The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`) | | |
| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it. | | `True` |
| `planner` | A planner to use | | |
| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | | |
| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | | `False` |
| `source-binary` | Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action. | | |
| `source-branch` | The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`) | | |
| `source-pr` | The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`) | | |
| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`) | | |
| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | | `v3.5.1` |
| `source-url` | A URL pointing to a `nix-installer` executable | | |
| `backtrace` | The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables) | | |
| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string. | | `-` |
| `log-directives` | A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives) | | |
| `logger` | The logger to use for install (eg. `pretty`, `json`, `full`, `compact`) | | |
| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows. | | `False` |
## Need help?
- Open an issue,
- Join our Discord: https://determinate.systems/discord,
- Contact us over email: [support@determinate.systems](mailto:support@determinate.systems),
Support contracts and shared slack rooms are available.

131
action.yml Normal file
View file

@ -0,0 +1,131 @@
{
"name": "Install Determinate Nix",
"description": "Install Determinate Nix. See: https://docs.determinate.systems",
"branding": {
"icon": "box",
"color": "rainbow"
},
"inputs": {
"extra-conf": {
"description": "Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)",
"required": false
},
"github-server-url": {
"description": "The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server.",
"default": "${{ github.server_url }}"
},
"github-token": {
"description": "A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)",
"default": "${{ github.token }}"
},
"trust-runner-user": {
"description": "Whether to make the runner user trusted by the Nix daemon",
"default": true
},
"force-no-systemd": {
"description": "Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.",
"required": false,
"default": false
},
"init": {
"description": "The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)",
"required": false
},
"kvm": {
"description": "Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it.",
"required": false,
"default": true
},
"planner": {
"description": "A planner to use",
"required": false
},
"proxy": {
"description": "The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL`",
"required": false
},
"reinstall": {
"description": "Force a reinstall if an existing installation is detected (consider backing up `/nix/store`)",
"required": false,
"default": false
},
"source-binary": {
"description": "Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action.",
"required": false
},
"source-branch": {
"description": "The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`)",
"required": false
},
"source-pr": {
"description": "The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`)",
"required": false
},
"source-revision": {
"description": "The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`)",
"required": false
},
"source-tag": {
"description": "The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)",
"required": false,
"default": "v3.5.1"
},
"source-url": {
"description": "A URL pointing to a `nix-installer` executable",
"required": false
},
"backtrace": {
"description": "The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)",
"required": false
},
"diagnostic-endpoint": {
"description": "Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string.",
"required": false,
"default": "-"
},
"log-directives": {
"description": "A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives)",
"required": false
},
"logger": {
"description": "The logger to use for install (eg. `pretty`, `json`, `full`, `compact`)",
"required": false
},
"_internal-strict-mode": {
"description": "Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.",
"required": false,
"default": false
}
},
"runs": {
"using": "composite",
"steps": [
{
"uses": "DeterminateSystems/nix-installer-action@main",
"with": {
"extra-conf": "${{ inputs.extra-conf }}",
"github-server-url": "${{ inputs.github-server-url }}",
"github-token": "${{ inputs.github-token }}",
"trust-runner-user": "${{ inputs.trust-runner-user }}",
"force-no-systemd": "${{ inputs.force-no-systemd }}",
"init": "${{ inputs.init }}",
"kvm": "${{ inputs.kvm }}",
"planner": "${{ inputs.planner }}",
"proxy": "${{ inputs.proxy }}",
"reinstall": "${{ inputs.reinstall }}",
"source-binary": "${{ inputs.source-binary }}",
"source-branch": "${{ inputs.source-branch }}",
"source-pr": "${{ inputs.source-pr }}",
"source-revision": "${{ inputs.source-revision }}",
"source-tag": "${{ inputs.source-tag }}",
"source-url": "${{ inputs.source-url }}",
"backtrace": "${{ inputs.backtrace }}",
"diagnostic-endpoint": "${{ inputs.diagnostic-endpoint }}",
"log-directives": "${{ inputs.log-directives }}",
"logger": "${{ inputs.logger }}",
"_internal-strict-mode": "${{ inputs._internal-strict-mode }}"
}
}
]
}
}

25
flake.lock generated Normal file
View file

@ -0,0 +1,25 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1746904237,
"narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
"rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
"revCount": 797896,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.797896%2Brev-d89fc19e405cb2d55ce7cc114356846a0ee5e956/0196c1a7-7ad3-74a9-9d50-1b854aca6d6c/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

30
flake.nix Normal file
View file

@ -0,0 +1,30 @@
{
description = "Development environment for determinate-nix-action";
inputs = {
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
};
outputs = { self, nixpkgs }:
let
supportedSystems = [ "x86_64-linux" "aarch64-darwin" ];
forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
pkgs = nixpkgs.legacyPackages.${system};
});
in
{
devShells = forEachSupportedSystem ({ pkgs }: {
default = pkgs.mkShell {
packages = with pkgs; [
gh
jq
python3
python3.pkgs.ruff
shellcheck
typos
yq
];
};
});
};
}

14
tools/README.md Normal file
View file

@ -0,0 +1,14 @@
Regenerate the readme:
```
./tools/update-state.sh <determinate-nixd version, like v3.5.2>
./tools/generate.sh
```
Before committing, lint your code:
```
ruff format
ruff check
shellcheck ./tools/*.sh
```

75
tools/README.template.md Normal file
View file

@ -0,0 +1,75 @@
# Determinate Nix Action
Determinate is the best way to use Nix on macOS, WSL, and Linux.
It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment.
Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily.
## Supports
- ✅ **Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info.
- ✅ Linux, x86_64, aarch64, and i686
- ✅ macOS, x86_64 and aarch64
- ✅ WSL2, x86_64 and aarch64
- ✅ Containers, ARC, and Act
- ✅ GitHub Enterprise Server
- ✅ GitHub Hosted, self-hosted, and long running Actions Runners
## Usage
```yaml
on:
pull_request:
push:
branches: [main]
jobs:
lints:
name: Build
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@<!-- checkout_action_tag -->
- uses: DeterminateSystems/determinate-nix-action@main # or <!-- version --> to pin to a release
- run: nix build .
```
## Pinning
This action is tagged automatically for every Determinate Nix release.
Pinning to `DeterminateSystems/determinate-nix-action@<!-- version -->` will always resolve to the same `DeterminateSystems/nix-installer-action` revision and will always install Determinate Nix <!-- version -->.
This is different from `DeterminateSystems/nix-installer-action`, which does not support explicit pinning.
If your action does not pin to a specific tag and uses `DeterminateSystems/determinate-nix-action@main` your workflows will follow the latest Determinate Nix release, and occasionally participate in phased Determinate Nix releases.
> [!IMPORTANT]
> Make sure to setup Dependabot to stay up to date with Determinate Nix releases.
### Setting up Dependabot
Automatically keep your GitHub actions up to date with Dependabot.
Create a file in your repository at `.github/dependabot.yml` with the following contents:
```yaml
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
```
## Configuration
<!-- table -->
## Need help?
- Open an issue,
- Join our Discord: https://determinate.systems/discord,
- Contact us over email: [support@determinate.systems](mailto:support@determinate.systems),
Support contracts and shared slack rooms are available.

239
tools/generate.py Normal file
View file

@ -0,0 +1,239 @@
#!/usr/bin/env python3
import json
from pprint import pprint
import sys
def eprintln(line):
print(line, file=sys.stderr)
def make_inputs_table(inputs):
headers = ["Parameter", "Description", "Required", "Default"]
rows = []
for input_name, input_options in inputs.items():
required = input_options.get("required", False)
default = input_options.get("default")
rows.append(
[
f"`{input_name}`",
input_options["description"],
"📍" if required else "",
f"`{default}`" if default is not None else "",
]
)
# The following is just tedious markdown formatting junk so we didn't need a dep,
# if it seems wack just rewrite it lol
all_rows = [headers] + rows
col_widths = [max(len(str(cell)) for cell in col) for col in zip(*all_rows)]
def format_row(row):
return (
"| "
+ " | ".join(str(cell).ljust(width) for cell, width in zip(row, col_widths))
+ " |"
)
lines = [
format_row(headers),
"|" + "|".join("-" * (w + 2) for w in col_widths) + "|",
]
for row in rows:
lines.append(format_row(row))
return "\n".join(lines)
keep_inputs = [
"extra-conf",
"github-server-url",
"github-token",
"trust-runner-user",
# Advanced run-time environment options
"force-no-systemd",
"init",
"kvm",
"planner",
"proxy",
"reinstall",
# Determinate Nix Installer testing, swap-out options
"source-binary",
"source-branch",
"source-pr",
"source-revision",
"source-tag",
"source-url",
# debugging
"backtrace",
"diagnostic-endpoint",
"log-directives",
"logger",
"_internal-strict-mode",
]
discard_inputs = [
"determinate",
"extra-args",
"flakehub",
"job-status",
"local-root",
"mac-case-sensitive",
"mac-encrypt",
"mac-root-disk",
"mac-volume-label",
"modify-profile",
"nix-build-group-id",
"nix-build-group-name",
"nix-build-user-base",
"nix-build-user-count",
"nix-build-user-prefix",
"nix-installer-branch",
"nix-installer-pr",
"nix-installer-revision",
"nix-installer-tag",
"nix-installer-url",
"nix-package-url",
"ssl-cert-file",
"start-daemon",
]
result = {
"name": "Install Determinate Nix",
"description": "Install Determinate Nix. See: https://docs.determinate.systems",
"branding": {
"icon": "box",
"color": "rainbow",
},
"inputs": {},
"runs": {
"using": "composite",
"steps": [],
},
}
readme_table_marker = "<!-- table -->"
readme_checkout_action_tag_marker = "<!-- checkout_action_tag -->"
readme_version_marker = "<!-- version -->"
faults = []
# these are in reverse order lol
output_readme = sys.argv.pop()
readme_template = sys.argv.pop()
output_action = sys.argv.pop()
source_file = sys.argv.pop()
checkout_action_tag = sys.argv.pop()
nix_installer_revision = sys.argv.pop()
nix_installer_tag = sys.argv.pop()
# these are printed in argument order
eprintln(f"Determinate Nix Installer binary tag: {nix_installer_tag}")
eprintln(f"Nix Installer Action revision: {nix_installer_revision}")
eprintln(f"Checkout Action tag: {checkout_action_tag}")
eprintln(f"Source action json doc: {source_file}")
eprintln(f"Target action.yml: {output_action}")
eprintln(f"Readme template file: {readme_template}")
eprintln(f"Target readme: {output_readme}")
with open(source_file) as fp:
source = json.load(fp)
del source["name"]
del source["description"]
del source["branding"]
del source["runs"]
nix_install_step = {
"uses": f"DeterminateSystems/nix-installer-action@{nix_installer_revision}",
"with": {},
}
# Move kept inputs into the resulting action document
for input_name in keep_inputs:
try:
input = source["inputs"][input_name]
del source["inputs"][input_name]
result["inputs"][input_name] = input
nix_install_step["with"][input_name] = f"${{{{ inputs.{input_name} }}}}"
except KeyError:
faults.append(f"Input action is missing this 'keep_inputs' input: {input_name}")
result["runs"]["steps"].append(nix_install_step)
# Delete inputs we specifically do not want to support without a specific and known use case
for input_name in discard_inputs:
try:
del source["inputs"][input_name]
except KeyError as e:
pprint(e)
faults.append(
f"Input action is missing this 'discarded_inputs' input: {input_name}"
)
# Kvetch if there are remaining inputs we're not aware of
if source["inputs"] != {}:
faults.append(
f"Input action has inputs that were not accounted for in either keep_inputs, discarded_inputs: {', '.join(source['inputs'].keys())}"
)
else:
del source["inputs"]
# Kvetch if the source document has ANY remaining properties (like outputs!) that we don't already handle
if source != {}:
faults.append(
f"The source action was not completely obliterated by the translation, so this script needs updating. Remains: {json.dumps(source)}"
)
# Set the default source-tag to the currently released tag
result["inputs"]["source-tag"]["default"] = nix_installer_tag
# Generate a README from the inputs
table = make_inputs_table(result["inputs"])
print("Resulting action:")
print(json.dumps(result, indent=4))
print("")
print("Readme table:")
print(table)
eprintln(f"Reading the README template from {readme_template}")
with open(readme_template) as fp:
template = fp.read()
if readme_table_marker not in template:
faults.append(
f"Replacement template marker `{readme_table_marker}` is not present in {readme_template}."
)
if readme_version_marker not in template:
faults.append(
f"Replacement template marker `{readme_version_marker}` is not present in {readme_template}."
)
if readme_checkout_action_tag_marker not in template:
faults.append(
f"Replacement template marker `{readme_checkout_action_tag_marker}` is not present in {readme_template}."
)
readme_checkout_action_tag_marker
if len(faults) > 0:
eprintln("Faults preventing saves:")
for fault in faults:
eprintln(f"* {fault}")
raise SystemExit
eprintln(f"Writing out the action.yml to {output_action}")
with open(output_action, "w") as fp:
json.dump(result, indent=4, fp=fp)
eprintln(f"Writing out the README.md to {output_readme}")
with open(output_readme, "w") as fp:
fp.write(
template.replace(readme_table_marker, table)
.replace(readme_version_marker, nix_installer_tag)
.replace(readme_checkout_action_tag_marker, checkout_action_tag)
)

47
tools/generate.sh Executable file
View file

@ -0,0 +1,47 @@
#!/bin/sh
# Allow "useless" cat
# shellcheck disable=SC2002
set -eux
REPO="DeterminateSystems/nix-installer-action"
FILEPATH="action.yml"
get_action_as_json() (
rev=$1
curl -s -L "https://raw.githubusercontent.com/$REPO/$rev/$FILEPATH" \
| yq
)
main() {
echo "::group::{./tools/state.json}"
cat ./tools/state.json
echo "::endgroup::"
nix_installer_action_revision=$(cat ./tools/state.json | jq -r .nix_installer_action_revision)
determinate_nix_tag=$(cat ./tools/state.json | jq -r .determinate_nix_tag)
checkout_action_tag=$(cat ./tools/state.json | jq -r .checkout_action_tag)
get_action_as_json "$nix_installer_action_revision" > upstream.json
echo "::group::{./upstream.json}"
cat ./upstream.json
echo "::endgroup::"
python3 -- ./tools/generate.py \
"$determinate_nix_tag" \
"$nix_installer_action_revision" \
"$checkout_action_tag" \
./upstream.json \
./action.yml \
./tools/README.template.md \
./README.md
rm ./upstream.json
}
main

5
tools/state.json Normal file
View file

@ -0,0 +1,5 @@
{
"nix_installer_action_revision": "main",
"determinate_nix_tag": "v3.5.1",
"checkout_action_tag": "v4.2.1"
}

38
tools/update-state.sh Executable file
View file

@ -0,0 +1,38 @@
#!/bin/sh
set -eux
DETERMINATE_NIX_TAG=$1
REPO="DeterminateSystems/nix-installer-action"
default_branch() {
gh api "repos/$REPO" \
| jq -r '.default_branch'
}
get_latest_revision() {
gh api "repos/$REPO/commits/$(default_branch)" \
| jq -r '.sha'
}
checkout_tag() {
gh release list \
--repo actions/checkout \
--exclude-drafts \
--exclude-pre-releases \
--jq 'map(select(.isLatest)) | first | .tagName' \
--json isLatest,tagName
}
main() {
revision=$(get_latest_revision)
checkout_tag=$(checkout_tag)
jq -n '$ARGS.named' \
--arg nix_installer_action_revision "$revision" \
--arg "determinate_nix_tag" "$DETERMINATE_NIX_TAG" \
--arg "checkout_action_tag" "$checkout_tag" \
| cat > tools/state.json
}
main