diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml deleted file mode 100644 index 0a61e0f..0000000 --- a/.github/actions/setup/action.yml +++ /dev/null @@ -1,46 +0,0 @@ -name: Setup -description: "Sets up the workflow" -inputs: - nix_system: - description: Nix system to use (e.g., `aarch64-darwin`, `x86_64-linux`) - required: true - attic_token: - description: Token for Attic cache - required: true - cachix_auth_token: - description: Auth token for reading and writing to Cachix - required: true - pragmatapro_deploy_key: - description: Deploy key for PragmataPro repository - required: true - secrets_deploy_key: - description: Deploy key for secrets repository - required: true -runs: - using: "composite" - steps: - - name: Install Lix - uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c - with: - extra_nix_config: | - accept-flake-config = true - max-jobs = auto - - name: Add SSH keys to ssh-agent - uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 - with: - ssh-private-key: | - ${{ inputs.pragmatapro_deploy_key }} - ${{ inputs.secrets_deploy_key }} - - name: Setup Attic cache - uses: ryanccn/attic-action@1887fd507f03327c96c64cca30118c96eb17fdad - with: - endpoint: https://cache.e10.camp - cache: tilde - token: ${{ inputs.attic_token }} - - name: Use Cachix store - uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c - with: - authToken: ${{ inputs.cachix_auth_token }} - installCommand: nix profile install github:NixOS/nixpkgs/nixpkgs-unstable#cachix - extraPullNames: tilde,nix-community - name: tilde diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..54b9d45 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,42 @@ +# This file was autogenerated by actions.nix. Do not edit it manually. +# To make changes, edit the workflow definition in your flake's actions-nix configuration +# (typically under flake.actions-nix.workflows.".github/workflows/check.yml") and run: +# nix run .#render-workflows +# Or commit to trigger the pre-commit hook if enabled. +jobs: + check: + name: Check flake + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - name: Install Lix + uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c + with: + extra_nix_config: |- + accept-flake-config = true + max-jobs = auto + - name: Add SSH keys to ssh-agent + uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 + with: + ssh-private-key: |- + ${{ secrets.SECRETS_DEPLOY_KEY }}" + ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" + - name: Setup Attic cache + uses: ryanccn/attic-action@1887fd507f03327c96c64cca30118c96eb17fdad + with: + cache: tilde + endpoint: https://cache.e10.camp + token: ${{ secrets.ATTIC_TOKEN }} + - name: Use Cachix store + uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + installCommand: nix profile install github:NixOS/nixpkgs/nixpkgs-unstable#cachix + name: tilde + - name: Run check flake + run: nix flake -Lv check --impure --show-trace +name: Check +'on': + push: {} + workflow_dispatch: {} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 103e86c..0000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: CI -"on": - push: {} -jobs: - build-dev-shell: - name: Build devShell - runs-on: macos-15 - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup - with: - nix_system: aarch64-darwin - attic_token: ${{ secrets.ATTIC_TOKEN }} - cachix_auth_token: ${{ secrets.CACHIX_AUTH_TOKEN }} - pragmatapro_deploy_key: ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }} - secrets_deploy_key: ${{ secrets.SECRETS_DEPLOY_KEY }} - - name: Build AArch64 Darwin shell - run: | - nix build .#devShells.aarch64-darwin.default --impure --keep-going --print-build-logs --show-trace --verbose - - build-system: - name: Build system - runs-on: ${{ matrix.os }} - strategy: - matrix: - host: - - eMac - - mercury - os: - - macos-26 - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup - with: - nix_system: aarch64-darwin - attic_token: ${{ secrets.ATTIC_TOKEN }} - cachix_auth_token: ${{ secrets.CACHIX_AUTH_TOKEN }} - pragmatapro_deploy_key: ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }} - secrets_deploy_key: ${{ secrets.SECRETS_DEPLOY_KEY }} - - name: Build ${{ matrix.host }} host - run: | - nix build .#darwinConfigurations.${{ matrix.host }}.system --keep-going --print-build-logs --show-trace --verbose - - check: - name: Check flake - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - - uses: ./.github/actions/setup - with: - nix_system: x86_64-linux - attic_token: ${{ secrets.ATTIC_TOKEN }} - cachix_auth_token: ${{ secrets.CACHIX_AUTH_TOKEN }} - pragmatapro_deploy_key: ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }} - secrets_deploy_key: ${{ secrets.SECRETS_DEPLOY_KEY }} - - name: Run flake check - run: | - nix flake -Lv check --impure --show-trace diff --git a/.github/workflows/devshell.yml b/.github/workflows/devshell.yml new file mode 100644 index 0000000..c655f9c --- /dev/null +++ b/.github/workflows/devshell.yml @@ -0,0 +1,43 @@ +# This file was autogenerated by actions.nix. Do not edit it manually. +# To make changes, edit the workflow definition in your flake's actions-nix configuration +# (typically under flake.actions-nix.workflows.".github/workflows/devshell.yml") and run: +# nix run .#render-workflows +# Or commit to trigger the pre-commit hook if enabled. +jobs: + build-dev-shell: + name: Build devShell + runs-on: macos-15 + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - name: Install Lix + uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c + with: + extra_nix_config: |- + accept-flake-config = true + max-jobs = auto + - name: Add SSH keys to ssh-agent + uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 + with: + ssh-private-key: |- + ${{ secrets.SECRETS_DEPLOY_KEY }}" + ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" + - name: Setup Attic cache + uses: ryanccn/attic-action@1887fd507f03327c96c64cca30118c96eb17fdad + with: + cache: tilde + endpoint: https://cache.e10.camp + token: ${{ secrets.ATTIC_TOKEN }} + - name: Use Cachix store + uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + installCommand: nix profile install github:NixOS/nixpkgs/nixpkgs-unstable#cachix + name: tilde + - name: Build aarch64-darwin shell + run: nix build .#devShells.aarch64-darwin.default --impure --keep-going --print-build-logs + --show-trace --verbose +name: devShell +'on': + push: {} + workflow_dispatch: {} diff --git a/.github/workflows/hosts.yml b/.github/workflows/hosts.yml new file mode 100644 index 0000000..628e495 --- /dev/null +++ b/.github/workflows/hosts.yml @@ -0,0 +1,48 @@ +# This file was autogenerated by actions.nix. Do not edit it manually. +# To make changes, edit the workflow definition in your flake's actions-nix configuration +# (typically under flake.actions-nix.workflows.".github/workflows/hosts.yml") and run: +# nix run .#render-workflows +# Or commit to trigger the pre-commit hook if enabled. +jobs: + build-system: + name: Build host system + runs-on: macos-15 + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - name: Install Lix + uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c + with: + extra_nix_config: |- + accept-flake-config = true + max-jobs = auto + - name: Add SSH keys to ssh-agent + uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 + with: + ssh-private-key: |- + ${{ secrets.SECRETS_DEPLOY_KEY }}" + ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" + - name: Setup Attic cache + uses: ryanccn/attic-action@1887fd507f03327c96c64cca30118c96eb17fdad + with: + cache: tilde + endpoint: https://cache.e10.camp + token: ${{ secrets.ATTIC_TOKEN }} + - name: Use Cachix store + uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + installCommand: nix profile install github:NixOS/nixpkgs/nixpkgs-unstable#cachix + name: tilde + - name: Build ${{ matrix.host }} host system + run: nix build .#darwinConfigurations.${{ matrix.host }}.system --keep-going + --print-build-logs --show-trace --verbose + strategy: + matrix: + host: + - eMac + - mercury +name: Host configurations +'on': + push: {} + workflow_dispatch: {} diff --git a/.github/workflows/packages.yml b/.github/workflows/packages.yml new file mode 100644 index 0000000..33ec738 --- /dev/null +++ b/.github/workflows/packages.yml @@ -0,0 +1,55 @@ +# This file was autogenerated by actions.nix. Do not edit it manually. +# To make changes, edit the workflow definition in your flake's actions-nix configuration +# (typically under flake.actions-nix.workflows.".github/workflows/packages.yml") and run: +# nix run .#render-workflows +# Or commit to trigger the pre-commit hook if enabled. +jobs: + build-package: + name: Build package + runs-on: macos-15 + steps: + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + - name: Install Lix + uses: samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c + with: + extra_nix_config: |- + accept-flake-config = true + max-jobs = auto + - name: Add SSH keys to ssh-agent + uses: webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555 + with: + ssh-private-key: |- + ${{ secrets.SECRETS_DEPLOY_KEY }}" + ${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" + - name: Setup Attic cache + uses: ryanccn/attic-action@1887fd507f03327c96c64cca30118c96eb17fdad + with: + cache: tilde + endpoint: https://cache.e10.camp + token: ${{ secrets.ATTIC_TOKEN }} + - name: Use Cachix store + uses: cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c + with: + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + installCommand: nix profile install github:NixOS/nixpkgs/nixpkgs-unstable#cachix + name: tilde + - name: Build ${{ matrix.package }} (${{ matrix.architecture }}) package + run: nix build .#packages.${{ matrix.architecture }}.${{ matrix.package }} --keep-going + --print-build-logs --show-trace --verbose + strategy: + matrix: + architecture: + - aarch64-darwin + package: + - gh-stack + - nix-docker + - oh-my-tmux + - render-workflows + - sf-pro +name: Build packages +'on': + push: + paths: + - flake.lock + - modules/packages/**/*.nix diff --git a/Justfile b/Justfile index 6046b3e..6d8d68e 100644 --- a/Justfile +++ b/Justfile @@ -64,3 +64,7 @@ generate-user-age-key: [doc("Get the age key for the current host")] host-age-key: nix shell nixpkgs#ssh-to-age --command sh -c "sudo cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age" + +[doc("Render the GitHub workflow files")] +render-workflows: + nix run .#render-workflows diff --git a/flake.lock b/flake.lock index 2ca1853..11173ba 100644 --- a/flake.lock +++ b/flake.lock @@ -1,10 +1,32 @@ { "nodes": { + "actions-nix": { + "inputs": { + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1778054136, + "narHash": "sha256-cHQkWpJqeKdQjEtu9oazDhb6QbiVU4lKYNYSrkAINQg=", + "owner": "nialov", + "repo": "actions.nix", + "rev": "91db1c323f9dd60920feb057274bf8fbffcbbe1b", + "type": "github" + }, + "original": { + "owner": "nialov", + "repo": "actions.nix", + "type": "github" + } + }, "attic": { "inputs": { "crane": "crane", - "flake-compat": "flake-compat_4", - "flake-parts": "flake-parts_6", + "flake-compat": "flake-compat_5", + "flake-parts": "flake-parts_7", "nixpkgs": [ "tilde-secrets", "tilde", @@ -135,7 +157,7 @@ "cachix_3": { "inputs": { "devenv": "devenv_5", - "flake-compat": "flake-compat_10", + "flake-compat": "flake-compat_11", "nixpkgs": [ "tilde-secrets", "tilde", @@ -250,7 +272,7 @@ "devenv": { "inputs": { "cachix": "cachix", - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "nix": "nix_3", "nixpkgs": "nixpkgs_6", "pre-commit-hooks": "pre-commit-hooks_2" @@ -371,7 +393,7 @@ "devenv_4": { "inputs": { "cachix": "cachix_3", - "flake-compat": "flake-compat_12", + "flake-compat": "flake-compat_13", "nix": "nix_5", "nixpkgs": [ "tilde-secrets", @@ -450,7 +472,7 @@ }, "devenv_6": { "inputs": { - "flake-compat": "flake-compat_15", + "flake-compat": "flake-compat_16", "nix": "nix_6", "nixpkgs": [ "tilde-secrets", @@ -673,13 +695,13 @@ "locked": { "lastModified": 1767039857, "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -687,11 +709,11 @@ "flake-compat_10": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1673956053, + "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "type": "github" }, "original": { @@ -733,6 +755,22 @@ } }, "flake-compat_13": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_14": { "flake": false, "locked": { "lastModified": 1673956053, @@ -748,7 +786,7 @@ "type": "github" } }, - "flake-compat_14": { + "flake-compat_15": { "flake": false, "locked": { "lastModified": 1696426674, @@ -764,7 +802,7 @@ "type": "github" } }, - "flake-compat_15": { + "flake-compat_16": { "flake": false, "locked": { "lastModified": 1673956053, @@ -780,7 +818,7 @@ "type": "github" } }, - "flake-compat_16": { + "flake-compat_17": { "flake": false, "locked": { "lastModified": 1673956053, @@ -813,6 +851,22 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1733328505, @@ -828,7 +882,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1696426674, @@ -844,7 +898,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1673956053, @@ -860,7 +914,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1696426674, @@ -876,7 +930,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1696426674, @@ -892,7 +946,7 @@ "type": "github" } }, - "flake-compat_8": { + "flake-compat_9": { "locked": { "lastModified": 1696426674, "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", @@ -906,32 +960,46 @@ "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" } }, - "flake-compat_9": { - "flake": false, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "actions-nix", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { - "owner": "edolstra", - "repo": "flake-compat", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "flake-parts": { + "flake-parts_10": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "tilde-secrets", + "tilde", + "tilde-secrets", + "tilde", + "tilde-secrets", + "tilde", + "nixvim", + "nixpkgs" + ] }, "locked": { - "lastModified": 1777988971, - "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "lastModified": 1726153070, + "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "type": "github" }, "original": { @@ -940,7 +1008,7 @@ "type": "github" } }, - "flake-parts_10": { + "flake-parts_11": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_6" }, @@ -958,7 +1026,7 @@ "type": "github" } }, - "flake-parts_11": { + "flake-parts_12": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_7" }, @@ -976,7 +1044,7 @@ "type": "github" } }, - "flake-parts_12": { + "flake-parts_13": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_8" }, @@ -994,7 +1062,7 @@ "type": "github" } }, - "flake-parts_13": { + "flake-parts_14": { "inputs": { "nixpkgs-lib": [ "tilde-secrets", @@ -1023,7 +1091,7 @@ "type": "github" } }, - "flake-parts_14": { + "flake-parts_15": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_9" }, @@ -1041,7 +1109,7 @@ "type": "github" } }, - "flake-parts_15": { + "flake-parts_16": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_10" }, @@ -1059,7 +1127,7 @@ "type": "github" } }, - "flake-parts_16": { + "flake-parts_17": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_11" }, @@ -1078,6 +1146,24 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1777988971, + "narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -1095,7 +1181,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_3" }, @@ -1113,7 +1199,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "tilde-secrets", @@ -1138,7 +1224,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_4" }, @@ -1156,7 +1242,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_7": { "inputs": { "nixpkgs-lib": [ "tilde-secrets", @@ -1183,7 +1269,7 @@ "type": "github" } }, - "flake-parts_7": { + "flake-parts_8": { "inputs": { "nixpkgs-lib": [ "tilde-secrets", @@ -1211,36 +1297,9 @@ "type": "github" } }, - "flake-parts_8": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_5" - }, - "locked": { - "lastModified": 1726153070, - "narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, "flake-parts_9": { "inputs": { - "nixpkgs-lib": [ - "tilde-secrets", - "tilde", - "tilde-secrets", - "tilde", - "tilde-secrets", - "tilde", - "nixvim", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_5" }, "locked": { "lastModified": 1726153070, @@ -1764,6 +1823,29 @@ } }, "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "actions-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "git-hooks_2": { "inputs": { "flake-compat": [ "tilde-secrets", @@ -1775,7 +1857,7 @@ "nixvim", "flake-compat" ], - "gitignore": "gitignore_2", + "gitignore": "gitignore_3", "nixpkgs": [ "tilde-secrets", "tilde", @@ -1812,6 +1894,28 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "actions-nix", + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -1839,7 +1943,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -1867,7 +1971,7 @@ "type": "github" } }, - "gitignore_3": { + "gitignore_4": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -1898,7 +2002,7 @@ "type": "github" } }, - "gitignore_4": { + "gitignore_5": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -1928,7 +2032,7 @@ "type": "github" } }, - "gitignore_5": { + "gitignore_6": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -1958,7 +2062,7 @@ "type": "github" } }, - "gitignore_6": { + "gitignore_7": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -1990,7 +2094,7 @@ "type": "github" } }, - "gitignore_7": { + "gitignore_8": { "inputs": { "nixpkgs": [ "tilde-secrets", @@ -2497,7 +2601,7 @@ }, "nix": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_6", "nixpkgs": [ "tilde-secrets", "tilde", @@ -2855,7 +2959,7 @@ "devenv", "flake-compat" ], - "flake-parts": "flake-parts_7", + "flake-parts": "flake-parts_8", "libgit2": "libgit2", "nixpkgs": "nixpkgs_5", "nixpkgs-23-11": "nixpkgs-23-11", @@ -2879,7 +2983,7 @@ }, "nix_4": { "inputs": { - "flake-compat": "flake-compat_9", + "flake-compat": "flake-compat_10", "nixpkgs": [ "tilde-secrets", "tilde", @@ -2913,7 +3017,7 @@ }, "nix_5": { "inputs": { - "flake-compat": "flake-compat_13", + "flake-compat": "flake-compat_14", "nixpkgs": [ "tilde-secrets", "tilde", @@ -3902,7 +4006,7 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": [ "tilde-secrets", "tilde", @@ -3929,9 +4033,9 @@ "nixvim_2": { "inputs": { "devshell": "devshell", - "flake-compat": "flake-compat_8", - "flake-parts": "flake-parts_9", - "git-hooks": "git-hooks", + "flake-compat": "flake-compat_9", + "flake-parts": "flake-parts_10", + "git-hooks": "git-hooks_2", "home-manager": "home-manager_5", "nix-darwin": "nix-darwin_5", "nixpkgs": [ @@ -3962,7 +4066,7 @@ }, "nixvim_3": { "inputs": { - "flake-parts": "flake-parts_13", + "flake-parts": "flake-parts_14", "home-manager": "home-manager_7", "nix-darwin": "nix-darwin_7", "nixpkgs": [ @@ -4197,7 +4301,7 @@ }, "pragmatapro_3": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4222,7 +4326,7 @@ }, "pragmatapro_4": { "inputs": { - "flake-parts": "flake-parts_10", + "flake-parts": "flake-parts_11", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4249,7 +4353,7 @@ }, "pragmatapro_5": { "inputs": { - "flake-parts": "flake-parts_14", + "flake-parts": "flake-parts_15", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4379,7 +4483,7 @@ "devenv", "flake-compat" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4408,9 +4512,9 @@ }, "pre-commit-hooks_3": { "inputs": { - "flake-compat": "flake-compat_11", + "flake-compat": "flake-compat_12", "flake-utils": "flake-utils_13", - "gitignore": "gitignore_3", + "gitignore": "gitignore_4", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4455,7 +4559,7 @@ "flake-compat" ], "flake-utils": "flake-utils_14", - "gitignore": "gitignore_4", + "gitignore": "gitignore_5", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4486,9 +4590,9 @@ }, "pre-commit-hooks_5": { "inputs": { - "flake-compat": "flake-compat_14", + "flake-compat": "flake-compat_15", "flake-utils": "flake-utils_20", - "gitignore": "gitignore_5", + "gitignore": "gitignore_6", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4545,7 +4649,7 @@ "flake-compat" ], "flake-utils": "flake-utils_22", - "gitignore": "gitignore_6", + "gitignore": "gitignore_7", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4578,9 +4682,9 @@ }, "pre-commit-hooks_7": { "inputs": { - "flake-compat": "flake-compat_16", + "flake-compat": "flake-compat_17", "flake-utils": "flake-utils_24", - "gitignore": "gitignore_7", + "gitignore": "gitignore_8", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4616,7 +4720,7 @@ "crane": "crane_2", "devshell": "devshell_2", "fenix": "fenix", - "flake-parts": "flake-parts_11", + "flake-parts": "flake-parts_12", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4646,7 +4750,7 @@ "crane": "crane_3", "devshell": "devshell_3", "fenix": "fenix_2", - "flake-parts": "flake-parts_15", + "flake-parts": "flake-parts_16", "nixpkgs": [ "tilde-secrets", "tilde", @@ -4675,9 +4779,10 @@ }, "root": { "inputs": { + "actions-nix": "actions-nix", "emacs-overlay": "emacs-overlay", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", "flake-root": "flake-root", "haumea": "haumea", "home-manager": "home-manager", @@ -4979,8 +5084,8 @@ "tilde": { "inputs": { "emacs-overlay": "emacs-overlay_2", - "flake-compat": "flake-compat_2", - "flake-parts": "flake-parts_2", + "flake-compat": "flake-compat_3", + "flake-parts": "flake-parts_3", "flake-root": "flake-root_2", "haumea": "haumea_2", "home-manager": "home-manager_2", @@ -5333,8 +5438,8 @@ }, "tilde_2": { "inputs": { - "flake-compat": "flake-compat_3", - "flake-parts": "flake-parts_3", + "flake-compat": "flake-compat_4", + "flake-parts": "flake-parts_4", "flake-root": "flake-root_3", "haumea": "haumea_3", "home-manager": "home-manager_3", @@ -5364,8 +5469,8 @@ "inputs": { "attic": "attic", "devenv": "devenv", - "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_8", + "flake-compat": "flake-compat_8", + "flake-parts": "flake-parts_9", "flake-root": "flake-root_4", "haumea": "haumea_4", "home-manager": "home-manager_4", @@ -5395,7 +5500,7 @@ "tilde_4": { "inputs": { "devenv": "devenv_4", - "flake-parts": "flake-parts_12", + "flake-parts": "flake-parts_13", "flake-root": "flake-root_5", "haumea": "haumea_5", "home-manager": "home-manager_6", @@ -5425,7 +5530,7 @@ "tilde_5": { "inputs": { "devenv": "devenv_6", - "flake-parts": "flake-parts_16", + "flake-parts": "flake-parts_17", "flake-root": "flake-root_6", "haumea": "haumea_6", "home-manager": "home-manager_8", diff --git a/flake.nix b/flake.nix index c7449fe..252eed0 100644 --- a/flake.nix +++ b/flake.nix @@ -56,13 +56,16 @@ pragmatapro.inputs.nixpkgs.follows = "nixpkgs"; pragmatapro.inputs.flake-parts.follows = "flake-parts"; + actions-nix.url = "github:nialov/actions.nix"; + actions-nix.inputs.nixpkgs.follows = "nixpkgs"; + flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; }; outputs = inputs@{ self, flake-parts, ... }: flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; + systems = [ "x86_64-linux" "aarch64-darwin" ]; imports = [ ./lib @@ -74,6 +77,7 @@ ./modules/core/secrets.nix ./modules/core/flake-root.nix + ./modules/development/ci.nix ./modules/development/shell.nix ./modules/development/treefmt.nix diff --git a/modules/development/ci.nix b/modules/development/ci.nix new file mode 100644 index 0000000..12c78dd --- /dev/null +++ b/modules/development/ci.nix @@ -0,0 +1,130 @@ +{ self, inputs, ... }: +let l = inputs.nixpkgs.lib // builtins; +in { + imports = [ inputs.actions-nix.flakeModules.default ]; + + flake.actions-nix.workflows = let + actions = { + checkout = "actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd"; + install-lix = + "samueldr/lix-gha-installer-action@7b7f14d320d6aacfb65bd1ef761566b3b69e474c"; + ssh-agent = + "webfactory/ssh-agent@e83874834305fe9a4a2997156cb26c5de65a8555"; + attic = "ryanccn/attic-action@1887fd507f03327c96c64cca30118c96eb17fdad"; + cachix = "cachix/cachix-action@1eb2ef646ac0255473d23a5907ad7b04ce94065c"; + }; + setup = [ + { + name = "Checkout code"; + uses = actions.checkout; + } + { + name = "Install Lix"; + uses = actions.install-lix; + "with" = { + extra_nix_config = '' + accept-flake-config = true + max-jobs = auto + ''; + }; + } + { + name = "Add SSH keys to ssh-agent"; + uses = actions.ssh-agent; + "with" = { + ssh-private-key = '' + ''${{ secrets.SECRETS_DEPLOY_KEY }}" + ''${{ secrets.PRAGMATAPRO_DEPLOY_KEY }}" + ''; + }; + } + { + name = "Setup Attic cache"; + uses = actions.attic; + "with" = { + cache = "tilde"; + endpoint = "https://cache.e10.camp"; + token = "\${{ secrets.ATTIC_TOKEN }}"; + }; + } + { + name = "Use Cachix store"; + uses = actions.cachix; + "with" = { + authToken = "\${{ secrets.CACHIX_AUTH_TOKEN }}"; + installCommand = + "nix profile install github:NixOS/nixpkgs/nixpkgs-unstable#cachix"; + name = "tilde"; + }; + } + ]; + in { + ".github/workflows/check.yml" = { + name = "Check"; + jobs = { + check = { + name = "Check flake"; + runs-on = "ubuntu-latest"; + steps = setup ++ [{ + name = "Run check flake"; + run = "nix flake -Lv check --impure --show-trace"; + }]; + }; + }; + }; + + ".github/workflows/hosts.yml" = { + name = "Host configurations"; + jobs = { + build-system = { + name = "Build host system"; + runs-on = "macos-15"; + strategy.matrix.host = l.attrNames self.darwinConfigurations; + steps = setup ++ [{ + name = "Build \${{ matrix.host }} host system"; + run = '' + nix build .#darwinConfigurations.''${{ matrix.host }}.system --keep-going --print-build-logs --show-trace --verbose + ''; + }]; + }; + }; + }; + + ".github/workflows/packages.yml" = { + name = "Build packages"; + on.push.paths = [ "flake.lock" "modules/packages/**/*.nix" ]; + jobs = { + build-package = { + name = "Build package"; + runs-on = "macos-15"; + strategy.matrix = { + architecture = [ "aarch64-darwin" ]; + package = l.attrNames self.packages.aarch64-darwin; + }; + steps = setup ++ [{ + name = + "Build \${{ matrix.package }} (\${{ matrix.architecture }}) package"; + run = '' + nix build .#packages.''${{ matrix.architecture }}.''${{ matrix.package }} --keep-going --print-build-logs --show-trace --verbose + ''; + }]; + }; + }; + }; + + ".github/workflows/devshell.yml" = { + name = "devShell"; + jobs = { + build-dev-shell = { + name = "Build devShell"; + runs-on = "macos-15"; + steps = setup ++ [{ + name = "Build aarch64-darwin shell"; + run = + "nix build .#devShells.aarch64-darwin.default --impure --keep-going --print-build-logs --show-trace --verbose"; + }]; + }; + }; + }; + }; +} diff --git a/modules/development/treefmt.nix b/modules/development/treefmt.nix index 739c7af..bca131b 100644 --- a/modules/development/treefmt.nix +++ b/modules/development/treefmt.nix @@ -17,8 +17,12 @@ prettier.enable = true; }; settings.formatter = { - prettier.excludes = - [ "secrets.json" "**/secrets.json" "**/secrets.yml" ]; + prettier.excludes = [ + ".github/**/*.yml" + "secrets.json" + "**/secrets.json" + "**/secrets.yml" + ]; }; }; in {