diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b0aa906..11192d3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,7 +1,7 @@ on: release: types: - - published + - released jobs: PushLooseTag: diff --git a/README.md b/README.md index 8cfe0e2..5c3cc40 100644 --- a/README.md +++ b/README.md @@ -11,18 +11,16 @@ # ️❄️ Determinate Nix Action -[Determinate] is the best way to use Nix on macOS, WSL, and Linux. +Determinate is the best way to use Nix on macOS, WSL, and Linux. It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment. -Based on the [Determinate Nix Installer][nix-installer] and its corresponding [Nix Installer Action][nix-installer-action], responsible for over tens of thousands of Nix installs daily. +Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily. -> [!NOTE] +> [!NOTE] > **Why a different action?** > -> **Why a different Action?** -> -> We created a new Action to synchronize version tags to [Determinate Nix][det-nix] releases. +> We created a new action to synchronize version tags to Determinate Nix releases. > GitHub Actions are tagged with the specific version, like `v3.5.2`, with a moving `v3` tag for the major version. -> We needed a fresh tag namespace since `nix-installer-action` already has a `v3` tag. +> We needed a fresh tag namespace since nix-installer-action already has a `v3` tag. ## 🫶 Platform support @@ -36,8 +34,6 @@ Based on the [Determinate Nix Installer][nix-installer] and its corresponding [N ## ️🔧 Usage -Here's an example Actions workflow configuration that uses `determinate-nix-action`: - ```yaml on: pull_request: @@ -45,32 +41,29 @@ on: branches: [main] jobs: - build-pkg: - name: Build Nix package + lints: + name: Build runs-on: ubuntu-latest permissions: - id-token: write - contents: read + id-token: "write" + contents: "read" steps: - - uses: actions/checkout@v6.0.2 - - uses: DeterminateSystems/determinate-nix-action@main # or v3.16.3 to pin to a release + - uses: actions/checkout@v4.2.2 + - uses: DeterminateSystems/determinate-nix-action@main # or v3.5.2 to pin to a release - run: nix build . ``` -> [!IMPORTANT] -> If you use [FlakeHub], you need to add a `permissions` block like the one in the example above or else Determinate Nix can't authenticate with FlakeHub or [FlakeHub Cache][cache]. +## 📌 Version Pinning: Lock It Down! -## 📌 Version pinning: lock it down! - -### Why pin your Action? +### Why Pin Your Action? Unlike `DeterminateSystems/nix-installer-action`, we fully support explicit version pinning for maximum consistency. -This Action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment: +This action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment: -📍 Pinning to `DeterminateSystems/determinate-nix-action@v3.16.3` guarantees: +📍 Pinning to `DeterminateSystems/determinate-nix-action@v3.5.2` guarantees: - Same `nix-installer-action` revision every time -- Consistent Determinate Nix v3.16.3 installation +- Consistent Determinate Nix v3.5.2 installation - Reproducible CI workflows, even years later ✨ Using `@main` instead? You'll: @@ -79,19 +72,19 @@ This Action is **automatically tagged** for every Determinate Nix release, givin - Occasionally participate in phased rollouts (helping us test new releases!) > [!IMPORTANT] -> Set up [Dependabot] to stay current with Determinate Nix releases without sacrificing stability. +> Set up Dependabot to stay current with Determinate Nix releases without sacrificing stability. -### 🤖 Automate updates with Dependabot +### 🤖 Automate Updates with Dependabot -Keep your GitHub Actions fresh without manual work! Create `.github/dependabot.yml` with: +Keep your GitHub actions fresh without manual work! Create `.github/dependabot.yml` with: ```yaml version: 2 updates: - - package-ecosystem: github-actions - directory: / + - package-ecosystem: "github-actions" + directory: "/" schedule: - interval: weekly + interval: "weekly" ``` ## ️⚙️ Configuration @@ -101,27 +94,26 @@ updates: | `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | | | | `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | | `${{ github.server_url }}` | | `github-token` | A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | | `${{ github.token }}` | -| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | | `true` | -| `summarize` | Whether to add a build summary and timeline chart to the GitHub job summary | | `true` | -| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | | `false` | +| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | | `True` | +| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | | `False` | | `init` | The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`) | | | -| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it. | | `true` | +| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it. | | `True` | | `planner` | A planner to use | | | | `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | | | -| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | | `false` | +| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | | `False` | | `source-binary` | Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action. | | | | `source-branch` | The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`) | | | | `source-pr` | The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`) | | | | `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`) | | | -| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | | `v3.16.3` | +| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | | `v3.5.2` | | `source-url` | A URL pointing to a `nix-installer` executable | | | | `backtrace` | The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables) | | | | `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string. | | `-` | | `log-directives` | A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives) | | | | `logger` | The logger to use for install (eg. `pretty`, `json`, `full`, `compact`) | | | -| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows. | | `false` | +| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows. | | `False` | -## 🛟 Need help? We're here for you! +## 🛟 Need Help? We're Here For You! We're committed to making your experience with Determinate Nix as smooth as possible. If you encounter any issues or have questions, here's how to reach us: @@ -130,11 +122,3 @@ We're committed to making your experience with Determinate Nix as smooth as poss - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems) 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more. - -[cache]: https://flakehub.com/cache -[dependabot]: https://github.com/dependabot -[det-nix]: https://docs.determinate.systems/determinate-nix -[determinate]: https://docs.determinate.systems -[flakehub]: https//flakehub.com -[nix-installer]: https://github.com/DeterminateSystems/nix-installer -[nix-installer-action]: https://github.com/DeterminateSystems/nix-installer-action diff --git a/action.yml b/action.yml index 4670ae4..4e042ed 100644 --- a/action.yml +++ b/action.yml @@ -22,10 +22,6 @@ "description": "Whether to make the runner user trusted by the Nix daemon", "default": true }, - "summarize": { - "description": "Whether to add a build summary and timeline chart to the GitHub job summary", - "default": true - }, "force-no-systemd": { "description": "Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.", "required": false, @@ -72,7 +68,7 @@ "source-tag": { "description": "The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)", "required": false, - "default": "v3.16.3" + "default": "v3.5.2" }, "source-url": { "description": "A URL pointing to a `nix-installer` executable", @@ -105,13 +101,12 @@ "using": "composite", "steps": [ { - "uses": "DeterminateSystems/nix-installer-action@95f009f8cba987d36d7e3396d29de81b2883654a", + "uses": "DeterminateSystems/nix-installer-action@780ad73c034fe05a894ab1de77fa8691ad69228d", "with": { "extra-conf": "${{ inputs.extra-conf }}", "github-server-url": "${{ inputs.github-server-url }}", "github-token": "${{ inputs.github-token }}", "trust-runner-user": "${{ inputs.trust-runner-user }}", - "summarize": "${{ inputs.summarize }}", "force-no-systemd": "${{ inputs.force-no-systemd }}", "init": "${{ inputs.init }}", "kvm": "${{ inputs.kvm }}", diff --git a/flake.lock b/flake.lock index d37a53a..2f8ebec 100644 --- a/flake.lock +++ b/flake.lock @@ -2,12 +2,12 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1771848320, - "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=", - "rev": "2fc6539b481e1d2569f25f8799236694180c0993", - "revCount": 953160, + "lastModified": 1747179050, + "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=", + "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e", + "revCount": 799423, "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.953160%2Brev-2fc6539b481e1d2569f25f8799236694180c0993/019c8e05-d2f6-7c7e-9ead-612154b18bfb/source.tar.gz" + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.799423%2Brev-adaa24fbf46737f3f1b5497bf64bae750f82942e/0196d1c3-1974-7bf1-bcf6-06620ac40c8c/source.tar.gz" }, "original": { "type": "tarball", diff --git a/tools/README.template.md b/tools/README.template.md index 159118a..2b92d92 100644 --- a/tools/README.template.md +++ b/tools/README.template.md @@ -11,18 +11,16 @@ # ️❄️ Determinate Nix Action -[Determinate] is the best way to use Nix on macOS, WSL, and Linux. +Determinate is the best way to use Nix on macOS, WSL, and Linux. It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment. -Based on the [Determinate Nix Installer][nix-installer] and its corresponding [Nix Installer Action][nix-installer-action], responsible for over tens of thousands of Nix installs daily. +Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily. -> [!NOTE] +> [!NOTE] > **Why a different action?** > -> **Why a different Action?** -> -> We created a new Action to synchronize version tags to [Determinate Nix][det-nix] releases. +> We created a new action to synchronize version tags to Determinate Nix releases. > GitHub Actions are tagged with the specific version, like `v3.5.2`, with a moving `v3` tag for the major version. -> We needed a fresh tag namespace since `nix-installer-action` already has a `v3` tag. +> We needed a fresh tag namespace since nix-installer-action already has a `v3` tag. ## 🫶 Platform support @@ -36,8 +34,6 @@ Based on the [Determinate Nix Installer][nix-installer] and its corresponding [N ## ️🔧 Usage -Here's an example Actions workflow configuration that uses `determinate-nix-action`: - ```yaml on: pull_request: @@ -45,27 +41,24 @@ on: branches: [main] jobs: - build-pkg: - name: Build Nix package + lints: + name: Build runs-on: ubuntu-latest permissions: - id-token: write - contents: read + id-token: "write" + contents: "read" steps: - uses: actions/checkout@ - uses: DeterminateSystems/determinate-nix-action@main # or to pin to a release - run: nix build . ``` -> [!IMPORTANT] -> If you use [FlakeHub], you need to add a `permissions` block like the one in the example above or else Determinate Nix can't authenticate with FlakeHub or [FlakeHub Cache][cache]. +## 📌 Version Pinning: Lock It Down! -## 📌 Version pinning: lock it down! - -### Why pin your Action? +### Why Pin Your Action? Unlike `DeterminateSystems/nix-installer-action`, we fully support explicit version pinning for maximum consistency. -This Action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment: +This action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment: 📍 Pinning to `DeterminateSystems/determinate-nix-action@` guarantees: @@ -79,26 +72,26 @@ This Action is **automatically tagged** for every Determinate Nix release, givin - Occasionally participate in phased rollouts (helping us test new releases!) > [!IMPORTANT] -> Set up [Dependabot] to stay current with Determinate Nix releases without sacrificing stability. +> Set up Dependabot to stay current with Determinate Nix releases without sacrificing stability. -### 🤖 Automate updates with Dependabot +### 🤖 Automate Updates with Dependabot -Keep your GitHub Actions fresh without manual work! Create `.github/dependabot.yml` with: +Keep your GitHub actions fresh without manual work! Create `.github/dependabot.yml` with: ```yaml version: 2 updates: - - package-ecosystem: github-actions - directory: / + - package-ecosystem: "github-actions" + directory: "/" schedule: - interval: weekly + interval: "weekly" ``` ## ️⚙️ Configuration -## 🛟 Need help? We're here for you! +## 🛟 Need Help? We're Here For You! We're committed to making your experience with Determinate Nix as smooth as possible. If you encounter any issues or have questions, here's how to reach us: @@ -107,11 +100,3 @@ We're committed to making your experience with Determinate Nix as smooth as poss - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems) 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more. - -[cache]: https://flakehub.com/cache -[dependabot]: https://github.com/dependabot -[det-nix]: https://docs.determinate.systems/determinate-nix -[determinate]: https://docs.determinate.systems -[flakehub]: https//flakehub.com -[nix-installer]: https://github.com/DeterminateSystems/nix-installer -[nix-installer-action]: https://github.com/DeterminateSystems/nix-installer-action diff --git a/tools/generate.py b/tools/generate.py index e9e41b2..884f587 100644 --- a/tools/generate.py +++ b/tools/generate.py @@ -16,19 +16,12 @@ def make_inputs_table(inputs): required = input_options.get("required", False) default = input_options.get("default") - if isinstance(default, bool): - default_str = f"`{str(default).lower()}`" - elif default is not None: - default_str = f"`{default}`" - else: - default_str = "" - rows.append( [ f"`{input_name}`", input_options["description"], "📍" if required else "", - default_str, + f"`{default}`" if default is not None else "", ] ) @@ -59,7 +52,6 @@ keep_inputs = [ "github-server-url", "github-token", "trust-runner-user", - "summarize", # Advanced run-time environment options "force-no-systemd", "init", diff --git a/tools/state.json b/tools/state.json index 1af7049..4604247 100644 --- a/tools/state.json +++ b/tools/state.json @@ -1,5 +1,5 @@ { - "nix_installer_action_revision": "95f009f8cba987d36d7e3396d29de81b2883654a", - "determinate_nix_tag": "v3.16.3", - "checkout_action_tag": "v6.0.2" + "nix_installer_action_revision": "780ad73c034fe05a894ab1de77fa8691ad69228d", + "determinate_nix_tag": "v3.5.2", + "checkout_action_tag": "v4.2.2" }