DGNum/infrastructure
9
6
Fork 3
Code Issues 31 Pull requests 31 Projects 1 Releases Packages Wiki Activity Actions

feat(lon): Init from npins

Browse source
This commit is contained in:
Tom Hubrecht 2025-06-10 17:43:19 +02:00
parent 6e76bcf5f8
commit 863f141ec0
Signed by: thubrecht
SSH key fingerprint: SHA256:r+nK/SIcWlJ0zFZJGHtlAoRwq1Rm+WcKAm5ADYMoQPc
19 changed files with 449 additions and 3644 deletions
Download patch file Download diff file Expand all files Collapse all files

20
.forgejo/workflows/lon-update.yaml generated Normal file
View file

@ -0,0 +1,20 @@
###
# This file was automatically generated with nix-actions.
jobs:
update:
runs-on: nix
steps:
- uses: actions/checkout@v4
with:
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
LON_LIST_COMMITS: true
LON_TOKEN: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
LON_USER_EMAIL: admins+lon-bot@dgnum.eu
LON_USER_NAME: DGNum [bot]
run: "nix-shell -A lon-update --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nlon bot forgejo'"
name: Update dependencies
on:
schedule:
- cron: 30 13 * * *

973
.forgejo/workflows/npins-update.yaml generated
View file

@ -1,973 +0,0 @@
###
# This file was automatically generated with nix-actions.
env:
GIT_AUTHOR_EMAIL: chores@mail.hubrecht.ovh
GIT_AUTHOR_NAME: HT Chores
GIT_COMMITTER_EMAIL: chores@mail.hubrecht.ovh
GIT_COMMITTER_NAME: HT Chores
jobs:
agenix:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/agenix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update agenix'
GIT_UPDATE_BRANCH: npins-updates/agenix
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update agenix\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
arkheon:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/arkheon
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update arkheon'
GIT_UPDATE_BRANCH: npins-updates/arkheon
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update arkheon\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
cas-eleves:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/cas-eleves
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update cas-eleves'
GIT_UPDATE_BRANCH: npins-updates/cas-eleves
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update cas-eleves\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
cgroup-exporter:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/cgroup-exporter
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update cgroup-exporter'
GIT_UPDATE_BRANCH: npins-updates/cgroup-exporter
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update cgroup-exporter\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
colmena:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/colmena
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update colmena'
GIT_UPDATE_BRANCH: npins-updates/colmena
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update colmena\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
dgsi:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/dgsi
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update dgsi'
GIT_UPDATE_BRANCH: npins-updates/dgsi
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update dgsi\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
disko:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/disko
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update disko'
GIT_UPDATE_BRANCH: npins-updates/disko
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update disko\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
dns_nix:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/dns.nix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update dns.nix'
GIT_UPDATE_BRANCH: npins-updates/dns.nix
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update dns.nix\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
git-hooks:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/git-hooks
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update git-hooks'
GIT_UPDATE_BRANCH: npins-updates/git-hooks
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update git-hooks\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
kadenios:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/kadenios
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update kadenios'
GIT_UPDATE_BRANCH: npins-updates/kadenios
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update kadenios\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
kat-pkgs:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/kat-pkgs
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update kat-pkgs'
GIT_UPDATE_BRANCH: npins-updates/kat-pkgs
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update kat-pkgs\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
liminix:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/liminix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update liminix'
GIT_UPDATE_BRANCH: npins-updates/liminix
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update liminix\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
linkal:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/linkal
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update linkal'
GIT_UPDATE_BRANCH: npins-updates/linkal
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update linkal\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
lix:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/lix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update lix'
GIT_UPDATE_BRANCH: npins-updates/lix
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update lix\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
lix-module:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/lix-module
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update lix-module'
GIT_UPDATE_BRANCH: npins-updates/lix-module
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update lix-module\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
metis:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/metis
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update metis'
GIT_UPDATE_BRANCH: npins-updates/metis
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update metis\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
microvm_nix:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/microvm.nix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update microvm.nix'
GIT_UPDATE_BRANCH: npins-updates/microvm.nix
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update microvm.nix\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nix-actions:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-actions
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-actions'
GIT_UPDATE_BRANCH: npins-updates/nix-actions
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nix-actions\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nix-modules:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-modules
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-modules'
GIT_UPDATE_BRANCH: npins-updates/nix-modules
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nix-modules\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nix-pkgs:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-pkgs
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-pkgs'
GIT_UPDATE_BRANCH: npins-updates/nix-pkgs
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nix-pkgs\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nix-reuse:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nix-reuse
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nix-reuse'
GIT_UPDATE_BRANCH: npins-updates/nix-reuse
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nix-reuse\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nixos-24_05:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-24.05
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-24.05'
GIT_UPDATE_BRANCH: npins-updates/nixos-24.05
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nixos-24.05\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nixos-24_11:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-24.11
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-24.11'
GIT_UPDATE_BRANCH: npins-updates/nixos-24.11
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nixos-24.11\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nixos-25_05:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-25.05
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-25.05'
GIT_UPDATE_BRANCH: npins-updates/nixos-25.05
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nixos-25.05\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
nixos-unstable:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/nixos-unstable
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update nixos-unstable'
GIT_UPDATE_BRANCH: npins-updates/nixos-unstable
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update nixos-unstable\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
npins:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/npins
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update npins'
GIT_UPDATE_BRANCH: npins-updates/npins
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update npins\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
proxmox-nixos:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/proxmox-nixos
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update proxmox-nixos'
GIT_UPDATE_BRANCH: npins-updates/proxmox-nixos
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update proxmox-nixos\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
signal-irc-bridge:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/signal-irc-bridge
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update signal-irc-bridge'
GIT_UPDATE_BRANCH: npins-updates/signal-irc-bridge
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update signal-irc-bridge\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
snix-cache:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/snix-cache
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update snix-cache'
GIT_UPDATE_BRANCH: npins-updates/snix-cache
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update snix-cache\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
stateless-uptime-kuma:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/stateless-uptime-kuma
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update stateless-uptime-kuma'
GIT_UPDATE_BRANCH: npins-updates/stateless-uptime-kuma
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update stateless-uptime-kuma\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
wp4nix:
runs-on: nix-infra
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }}
- env:
GIT_UPDATE_BRANCH: npins-updates/wp4nix
name: Switch to a new branch
run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\
; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\
EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\
\n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n"
- env:
COMMIT_MESSAGE: 'chore(npins): Update wp4nix'
GIT_UPDATE_BRANCH: npins-updates/wp4nix
name: Open a PR if updates are present
run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o
errexit\nnpins update wp4nix\n\nif ! git diff --exit-code npins/sources.json
> /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \
\ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \
\ git commit --amend --no-edit\n git push --force\n else\n git commit
--message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\
\n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores
-t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create
a pull request if needed\n # i.e. no PR with the same title exists\n if
[ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\
) ]; then\n tea pr create --description \"Automatic npins update\" --title
\"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\
\ ]; then\n git push --force\nfi\n'"
name: Update dependencies
on:
schedule:
- cron: 30 13 * * *

1
.gitattributes vendored
View file

@ -5,3 +5,4 @@
/.forgejo/workflows/*.yaml linguist-generated
/LICENSES/* linguist-vendored
/REUSE.toml linguist-generated
lon.lock linguist-generated

8
REUSE.toml generated
View file

@ -2,7 +2,7 @@ version = 1
[[annotations]]
SPDX-FileCopyrightText = "NONE"
SPDX-License-Identifier = "CC0-1.0"
path = ["**/.envrc", "**/Cargo.lock", "**/_hardware-configuration.nix", ".gitignore", "REUSE.toml", "shell.nix", "patches/colmena/0001-*", "pkgs/by-name/docuseal/rubyEnv/*", "pkgs/by-name/docuseal/deps.json", "pkgs/by-name/docuseal/yarn.lock"]
path = ["**/.envrc", "**/Cargo.lock", "**/_hardware-configuration.nix", ".gitignore", "REUSE.toml", "shell.nix", "**/lon.lock", "**/lon.nix", "patches/nixpkgs/403844.patch", "patches/colmena/0001-*", "pkgs/by-name/docuseal/rubyEnv/*", "pkgs/by-name/docuseal/deps.json", "pkgs/by-name/docuseal/yarn.lock"]
precedence = "closest"
[[annotations]]
@ -59,12 +59,6 @@ SPDX-License-Identifier = "MIT"
path = "lib/colmena/*"
precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = "The [npins](https://github.com/andir/npins) contributors"
SPDX-License-Identifier = "EUPL-1.2"
path = "**/npins/*"
precedence = "closest"
[[annotations]]
SPDX-FileCopyrightText = "The [forgejo](https://codeberg.org/forgejo/forgejo) contributors"
SPDX-License-Identifier = "GPL-3.0-or-later"

2
bootstrap.nix
View file

@ -5,7 +5,7 @@
# SPDX-License-Identifier: EUPL-1.2
let
unpatchedSources = import ./npins;
unpatchedSources = import ./lon.nix;
pkgs = import unpatchedSources.nixos-unstable { overlays = [ ]; };

24
default.nix
View file

@ -11,7 +11,10 @@ in
sources ? bootstrap.sources,
pkgs ? import sources.nixos-unstable {
overlays = [
(_: super: { lib = super.lib.extend bootstrap.overlays.lib; })
(self: super: {
lib = super.lib.extend bootstrap.overlays.lib;
lon = self.callPackage (sources.lon + "/nix/packages/lon.nix") { };
})
];
},
}:
@ -37,7 +40,6 @@ let
stages = [ "pre-push" ];
settings.ignore = [
"**/lon.nix"
"**/npins"
];
};
@ -75,6 +77,11 @@ let
"REUSE.toml"
"shell.nix"
"**/lon.lock"
"**/lon.nix"
"patches/nixpkgs/403844.patch"
# Commit revert
"patches/colmena/0001-*"
@ -177,13 +184,6 @@ let
license = "MIT";
}
# npins generated files
{
path = "**/npins/*";
license = "EUPL-1.2";
copyright = "The [npins](https://github.com/andir/npins) contributors";
}
# images
{
path = "machines/nixos/compute01/extranix/static-data/images/forgejo.png";
@ -238,7 +238,7 @@ in
packages =
[
(pkgs.callPackage "${sources.npins}/npins.nix" { })
pkgs.lon
# SSO testing
pkgs.kanidm
@ -272,10 +272,6 @@ in
scripts.push-to-cache
];
eval-shell.packages = [ scripts.nix-build-and-cache ];
npins-shell.packages = [
(pkgs.callPackage "${sources.npins}/npins.nix" { })
pkgs.tea
];
};
};
}

315
lon.lock generated Normal file
View file

@ -0,0 +1,315 @@
{
"version": "1",
"sources": {
"agenix": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "ryantm",
"repo": "agenix",
"branch": "main",
"revision": "564595d0ad4be7277e07fa63b5a991b3c645655d",
"url": "https://github.com/ryantm/agenix/archive/564595d0ad4be7277e07fa63b5a991b3c645655d.tar.gz",
"hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU="
},
"arkheon": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "RaitoBezarius",
"repo": "arkheon",
"branch": "main",
"revision": "3eea876b29217d01cf2ef03ea9fdd8779d28ad04",
"url": "https://github.com/RaitoBezarius/arkheon/archive/3eea876b29217d01cf2ef03ea9fdd8779d28ad04.tar.gz",
"hash": "sha256-+R6MhTXuSzNeGQiL4DQwlP5yNhmnhbf7pQWPUWgcZSM="
},
"cas-eleves": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "bdbb2a6c772144813bd75316080f5fecd2c5cc9e",
"url": "https://git.dgnum.eu/DGNum/cas-eleves.git",
"hash": "sha256-kQDO331t2YsrDoVGHzftU6Y96VXfWNzgI7QmeBNCGTA=",
"lastModified": 1736030096,
"submodules": false
},
"cgroup-exporter": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "arianvp",
"repo": "cgroup-exporter",
"branch": "main",
"revision": "97b83d6d495b3cb6f959a4368fd93ac342d23706",
"url": "https://github.com/arianvp/cgroup-exporter/archive/97b83d6d495b3cb6f959a4368fd93ac342d23706.tar.gz",
"hash": "sha256-MP45mdfhZ3MjpL0sJolZ0GkY3Le8QoUDqS+loPtxu2I="
},
"colmena": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "b5135dc8af1d7637b337cc2632990400221da577",
"url": "https://git.dgnum.eu/DGNum/colmena",
"hash": "sha256-7gg+K3PEYlN0sGPgDlmnM8zgDDIV505gNcwjFN61Qvk=",
"lastModified": 1746392348,
"submodules": false
},
"dgsi": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "fbf6385e65400802a3f9f75f7cd91d5c01373d1b",
"url": "https://git.dgnum.eu/DGNum/dgsi.git",
"hash": "sha256-aOUI69wbMm9+KVWwcMw5TgVnk3DfjOzE4OEyYTD8XPU=",
"lastModified": 1748894673,
"submodules": false
},
"disko": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "nix-community",
"repo": "disko",
"branch": "master",
"revision": "cdf8deded8813edfa6e65544f69fdd3a59fa2bb4",
"url": "https://github.com/nix-community/disko/archive/cdf8deded8813edfa6e65544f69fdd3a59fa2bb4.tar.gz",
"hash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0="
},
"dns.nix": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "nix-community",
"repo": "dns.nix",
"branch": "master",
"revision": "a3196708a56dee76186a9415c187473b94e6cbae",
"url": "https://github.com/nix-community/dns.nix/archive/a3196708a56dee76186a9415c187473b94e6cbae.tar.gz",
"hash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ="
},
"git-hooks": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "cachix",
"repo": "git-hooks.nix",
"branch": "master",
"revision": "fa466640195d38ec97cf0493d6d6882bc4d14969",
"url": "https://github.com/cachix/git-hooks.nix/archive/fa466640195d38ec97cf0493d6d6882bc4d14969.tar.gz",
"hash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo="
},
"kadenios": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "4fd9e3a2117f54c4184b02fd3aef31626fcad149",
"url": "https://git.dgnum.eu/DGNum/kadenios.git",
"hash": "sha256-32alJ/9M+Vaa+zSzmoMgB1+f2h4GYP3OiJ8odRMeCdw=",
"lastModified": 1720702967,
"submodules": false
},
"kat-pkgs": {
"type": "Git",
"fetchType": "git",
"branch": "master",
"revision": "19b3de953c4d4e8888b90019db81852f8ad39dbb",
"url": "https://git.dgnum.eu/lbailly/kat-pkgs",
"hash": "sha256-bWO5dHrwZWF2EbCuSzxigaKkJdNCBQx5nD1J/u2pdNg=",
"lastModified": 1749652165,
"submodules": false
},
"liminix": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "1322de1ee0cdb19fead79e12ab279ee0b575019a",
"url": "https://git.dgnum.eu/DGNum/liminix",
"hash": "sha256-k5QjFRwKK8Hw7bl6XwOHiwr7hmTtBMdOUWieNKM10x4=",
"lastModified": 1733703952,
"submodules": false
},
"linkal": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "JulienMalka",
"repo": "Linkal",
"branch": "main",
"revision": "085630bf369b68d2264baca020efc94c877d78e6",
"url": "https://github.com/JulienMalka/Linkal/archive/085630bf369b68d2264baca020efc94c877d78e6.tar.gz",
"hash": "sha256-nQ22VdXMO6M+rIsrPYHGmt7Zi7VWt9BeuF7WM+U2glQ="
},
"lix": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "d169c092fc28838a253be136d17fe7de1292c728",
"url": "https://git.lix.systems/lix-project/lix.git",
"hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=",
"lastModified": 1743274305,
"submodules": false
},
"lix-module": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "fa69ae26cc32dda178117b46487c2165c0e08316",
"url": "https://git.lix.systems/lix-project/nixos-module.git",
"hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=",
"lastModified": 1742945498,
"submodules": false
},
"lon": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "nikstur",
"repo": "lon",
"branch": "main",
"revision": "c29151c0adefbf2eef904a3435350356cef98da2",
"url": "https://github.com/nikstur/lon/archive/c29151c0adefbf2eef904a3435350356cef98da2.tar.gz",
"hash": "sha256-1oQ4uLI92Ih2rmNyP4wzP9xZrQp48FHirOhV/aerZPc="
},
"metis": {
"type": "Git",
"fetchType": "git",
"branch": "master",
"revision": "f8898110f4aa32c5384af605e727bfea9b0bd2de",
"url": "https://git.dgnum.eu/DGNum/metis",
"hash": "sha256-WrQCoe8h848nkQQfZnshsOdoY2NP5gAsl24hXpzDnR8=",
"lastModified": 1737730724,
"submodules": false
},
"microvm.nix": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "RaitoBezarius",
"repo": "microvm.nix",
"branch": "main",
"revision": "49899c9a4fdf75320785e79709bf1608c34caeb8",
"url": "https://github.com/RaitoBezarius/microvm.nix/archive/49899c9a4fdf75320785e79709bf1608c34caeb8.tar.gz",
"hash": "sha256-nn/kta8Od0T2k5+xQj+S2PNqOmxsDdHNaIv8eNtX5ms="
},
"nix-actions": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "06847b3256df402da0475dccb290832ec92a9f8c",
"url": "https://git.dgnum.eu/DGNum/nix-actions.git",
"hash": "sha256-2xOZdKiUfcriQFKG37vY96dgCJLndhLa7cGacq8+SA8=",
"lastModified": 1746294989,
"submodules": false
},
"nix-modules": {
"type": "Git",
"fetchType": "git",
"branch": "dgnum",
"revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f",
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules",
"hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA=",
"lastModified": 1746016692,
"submodules": false
},
"nix-pkgs": {
"type": "Git",
"fetchType": "git",
"branch": "dgnum",
"revision": "7a0e2e660b26ddd67bb8132beb6b13e3a69003a4",
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs",
"hash": "sha256-1uzLfSTvB8UXN9zbzQr2cQXjARIXw1cBwPK6mA9GoXc=",
"lastModified": 1745005124,
"submodules": false
},
"nix-reuse": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "45633dc6a0512cbbb010bc615b5d1b6e46e57597",
"url": "https://git.dgnum.eu/DGNum/nix-reuse",
"hash": "sha256-xr63AvDLp+RS0F7qwuOoWNENuepPbpuHLe4VPS85XBQ=",
"lastModified": 1737547777,
"submodules": false
},
"nixos-24.05": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "NixOS",
"repo": "nixpkgs",
"branch": "nixos-24.05",
"revision": "b134951a4c9f",
"url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f.tar.gz",
"hash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8="
},
"nixos-24.11": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "NixOS",
"repo": "nixpkgs",
"branch": "nixos-24.11",
"revision": "bf3287dac860",
"url": "https://github.com/NixOS/nixpkgs/archive/bf3287dac860.tar.gz",
"hash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA="
},
"nixos-25.05": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "NixOS",
"repo": "nixpkgs",
"branch": "nixos-25.05",
"revision": "70c74b02eac4",
"url": "https://github.com/NixOS/nixpkgs/archive/70c74b02eac4.tar.gz",
"hash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw="
},
"nixos-unstable": {
"type": "GitHub",
"fetchType": "tarball",
"owner": "NixOS",
"repo": "nixpkgs",
"branch": "nixos-unstable",
"revision": "d89fc19e405c",
"url": "https://github.com/NixOS/nixpkgs/archive/d89fc19e405c.tar.gz",
"hash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ="
},
"proxmox-nixos": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "91c96a414e14835b84adbf775f793739a5851fab",
"url": "https://github.com/SaumonNet/proxmox-nixos.git",
"hash": "sha256-YYbR1o5qTPUxpaVhkJcOGjghNGbIBQmivXAgNTFDxqU=",
"lastModified": 1743764738,
"submodules": false
},
"signal-irc-bridge": {
"type": "Git",
"fetchType": "git",
"branch": "master",
"revision": "52a370b29ff2edbec63e192e782b934823263ef2",
"url": "https://git.dgnum.eu/mdebray/signal-irc-bridge",
"hash": "sha256-sR8v7bheOigZ08VAv/AX9wFNmMZQEUqEwX3V9wW68tc=",
"lastModified": 1744031004,
"submodules": false
},
"snix-cache": {
"type": "Git",
"fetchType": "git",
"branch": "main",
"revision": "62346b99c2e1085203bc2e5bb5f07e7773977b49",
"url": "https://git.dgnum.eu/DGNum/snix-cache.git",
"hash": "sha256-6BYUWwzitWF2EV8wvJOlqensJ3x4f4ka+iZ9Zy5XnWI=",
"lastModified": 1744711329,
"submodules": false
},
"stateless-uptime-kuma": {
"type": "Git",
"fetchType": "git",
"branch": "master",
"revision": "d378d1ce00c676fa22ef0808cf73f3e1c34e0191",
"url": "https://git.dgnum.eu/mdebray/stateless-uptime-kuma",
"hash": "sha256-Dq0Kk6inCrxsxRfpYJVDZ45pMW/OZ3AAecmgF+yIZQI=",
"lastModified": 1734436346,
"submodules": false
},
"wp4nix": {
"type": "Git",
"fetchType": "git",
"branch": "master",
"revision": "2fc9a0734168cab536e3129efa6397d6cd3ac89f",
"url": "https://git.helsinki.tools//helsinki-systems/wp4nix",
"hash": "sha256-abwqAZGsWuWqfxou8XlqedBvXsUw1/xanSgljLCJxdM=",
"lastModified": 1743397420,
"submodules": false
}
}
}

53
lon.nix Normal file
View file

@ -0,0 +1,53 @@
# Generated by lon. Do not modify!
let
lock = builtins.fromJSON (builtins.readFile ./lon.lock);
# Override with a path defined in an environment variable. If no variable is
# set, the original path is used.
overrideFromEnv =
name: path:
let
replacement = builtins.getEnv "LON_OVERRIDE_${name}";
in
if replacement == "" then
path
else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
if builtins.substring 0 1 replacement == "/" then
/. + replacement
else
/. + builtins.getEnv "PWD" + "/${replacement}";
fetchSource =
args@{ fetchType, ... }:
if fetchType == "git" then
builtins.fetchGit (
{
url = args.url;
ref = args.branch;
rev = args.revision;
narHash = args.hash;
submodules = args.submodules;
}
// (
if args ? lastModified then
{
inherit (args) lastModified;
shallow = true;
}
else
{ }
)
)
else if fetchType == "tarball" then
builtins.fetchTarball {
url = args.url;
sha256 = args.hash;
}
else
builtins.throw "Unsupported source type ${fetchType}";
in
builtins.mapAttrs (name: args: overrideFromEnv name (fetchSource args)) lock.sources

2
machines/nixos/compute01/arkheon.nix
View file

@ -5,7 +5,7 @@
{ config, sources, ... }:
{
nixpkgs.overlays = [ (import (sources.arkheon.outPath + "/overlay.nix")) ];
nixpkgs.overlays = [ (import (sources.arkheon + "/overlay.nix")) ];
services.arkheon = {
enable = true;

2
machines/nixos/compute01/signal-irc-bridge.nix
View file

@ -9,7 +9,7 @@
...
}:
{
imports = [ (import (sources.signal-irc-bridge.outPath + "/module.nix")) ];
imports = [ (import (sources.signal-irc-bridge + "/module.nix")) ];
services.signal-irc-bridge = {
enable = true;

2
meta/README.md
View file

@ -46,7 +46,7 @@ Machines can use different versions of NixOS, the supported ones are specified h
- Run the following command
```bash
npins add channel nixos-$VERSION
lon add github --name nixos-$VERSION NixOS/nixpkgs nixos-$VERSION
```
- Edit `meta/nixpkgs.nix` and add `$VERSION` to the supported version.

145
npins/default.nix
View file

@ -1,145 +0,0 @@
/*
This file is provided under the MIT licence:
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the Software), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED AS IS, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
# Generated by npins. Do not modify; will be overwritten regularly
let
data = builtins.fromJSON (builtins.readFile ./sources.json);
version = data.version;
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
range =
first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
concatStrings = builtins.concatStringsSep "";
# If the environment variable NPINS_OVERRIDE_${name} is set, then use
# the path directly as opposed to the fetched source.
# (Taken from Niv for compatibility)
mayOverride =
name: path:
let
envVarName = "NPINS_OVERRIDE_${saneName}";
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
ersatz = builtins.getEnv envVarName;
in
if ersatz == "" then
path
else
# this turns the string into an actual Nix path (for both absolute and
# relative paths)
builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" (
if builtins.substring 0 1 ersatz == "/" then
/. + ersatz
else
/. + builtins.getEnv "PWD" + "/${ersatz}"
);
mkSource =
name: spec:
assert spec ? type;
let
path =
if spec.type == "Git" then
mkGitSource spec
else if spec.type == "GitRelease" then
mkGitSource spec
else if spec.type == "PyPi" then
mkPyPiSource spec
else if spec.type == "Channel" then
mkChannelSource spec
else if spec.type == "Tarball" then
mkTarballSource spec
else
builtins.throw "Unknown source type ${spec.type}";
in
spec // { outPath = mayOverride name path; };
mkGitSource =
{
repository,
revision,
url ? null,
submodules,
hash,
...
}:
assert repository ? type;
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
# In the latter case, there we will always be an url to the tarball
if url != null && !submodules then
builtins.fetchTarball {
inherit url;
sha256 = hash;
}
else
let
url =
if repository.type == "Git" then
repository.url
else if repository.type == "GitHub" then
"https://github.com/${repository.owner}/${repository.repo}.git"
else if repository.type == "GitLab" then
"${repository.server}/${repository.repo_path}.git"
else
throw "Unrecognized repository type ${repository.type}";
urlToName =
url: rev:
let
matched = builtins.match "^.*/([^/]*)(\\.git)?$" url;
short = builtins.substring 0 7 rev;
appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
in
"${if matched == null then "source" else builtins.head matched}${appendShort}";
name = urlToName url revision;
in
builtins.fetchGit {
rev = revision;
narHash = hash;
allRefs = true;
inherit name submodules url;
};
mkPyPiSource =
{ url, hash, ... }:
builtins.fetchurl {
inherit url;
sha256 = hash;
};
mkChannelSource =
{ url, hash, ... }:
builtins.fetchTarball {
inherit url;
sha256 = hash;
};
mkTarballSource =
{
url,
locked_url ? url,
hash,
...
}:
builtins.fetchTarball {
url = locked_url;
sha256 = hash;
};
in
if version == 6 then
builtins.mapAttrs mkSource data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"

381
npins/sources.json
View file

@ -1,381 +0,0 @@
{
"pins": {
"agenix": {
"type": "GitRelease",
"repository": {
"type": "GitHub",
"owner": "ryantm",
"repo": "agenix"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"submodules": false,
"version": "0.15.0",
"revision": "564595d0ad4be7277e07fa63b5a991b3c645655d",
"url": "https://api.github.com/repos/ryantm/agenix/tarball/refs/tags/0.15.0",
"hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU="
},
"arkheon": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "RaitoBezarius",
"repo": "arkheon"
},
"branch": "main",
"submodules": false,
"revision": "3eea876b29217d01cf2ef03ea9fdd8779d28ad04",
"url": "https://github.com/RaitoBezarius/arkheon/archive/3eea876b29217d01cf2ef03ea9fdd8779d28ad04.tar.gz",
"hash": "sha256-+R6MhTXuSzNeGQiL4DQwlP5yNhmnhbf7pQWPUWgcZSM="
},
"cas-eleves": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/cas-eleves.git"
},
"branch": "main",
"submodules": false,
"revision": "bdbb2a6c772144813bd75316080f5fecd2c5cc9e",
"url": null,
"hash": "sha256-kQDO331t2YsrDoVGHzftU6Y96VXfWNzgI7QmeBNCGTA="
},
"cgroup-exporter": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "arianvp",
"repo": "cgroup-exporter"
},
"branch": "main",
"submodules": false,
"revision": "97b83d6d495b3cb6f959a4368fd93ac342d23706",
"url": "https://github.com/arianvp/cgroup-exporter/archive/97b83d6d495b3cb6f959a4368fd93ac342d23706.tar.gz",
"hash": "sha256-MP45mdfhZ3MjpL0sJolZ0GkY3Le8QoUDqS+loPtxu2I="
},
"colmena": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/colmena"
},
"branch": "main",
"submodules": false,
"revision": "b5135dc8af1d7637b337cc2632990400221da577",
"url": null,
"hash": "sha256-7gg+K3PEYlN0sGPgDlmnM8zgDDIV505gNcwjFN61Qvk="
},
"dgsi": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/dgsi.git"
},
"branch": "main",
"submodules": false,
"revision": "fbf6385e65400802a3f9f75f7cd91d5c01373d1b",
"url": null,
"hash": "sha256-aOUI69wbMm9+KVWwcMw5TgVnk3DfjOzE4OEyYTD8XPU="
},
"disko": {
"type": "GitRelease",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "disko"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"submodules": false,
"version": "v1.11.0",
"revision": "cdf8deded8813edfa6e65544f69fdd3a59fa2bb4",
"url": "https://api.github.com/repos/nix-community/disko/tarball/refs/tags/v1.11.0",
"hash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0="
},
"dns.nix": {
"type": "GitRelease",
"repository": {
"type": "GitHub",
"owner": "nix-community",
"repo": "dns.nix"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"submodules": false,
"version": "v1.2.0",
"revision": "a3196708a56dee76186a9415c187473b94e6cbae",
"url": "https://api.github.com/repos/nix-community/dns.nix/tarball/refs/tags/v1.2.0",
"hash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ="
},
"git-hooks": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "cachix",
"repo": "git-hooks.nix"
},
"branch": "master",
"submodules": false,
"revision": "fa466640195d38ec97cf0493d6d6882bc4d14969",
"url": "https://github.com/cachix/git-hooks.nix/archive/fa466640195d38ec97cf0493d6d6882bc4d14969.tar.gz",
"hash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo="
},
"kadenios": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/kadenios.git"
},
"branch": "main",
"submodules": false,
"revision": "4fd9e3a2117f54c4184b02fd3aef31626fcad149",
"url": null,
"hash": "sha256-32alJ/9M+Vaa+zSzmoMgB1+f2h4GYP3OiJ8odRMeCdw="
},
"kat-pkgs": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/lbailly/kat-pkgs"
},
"branch": "master",
"submodules": false,
"revision": "19b3de953c4d4e8888b90019db81852f8ad39dbb",
"url": null,
"hash": "sha256-bWO5dHrwZWF2EbCuSzxigaKkJdNCBQx5nD1J/u2pdNg="
},
"liminix": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/liminix"
},
"branch": "main",
"submodules": false,
"revision": "1322de1ee0cdb19fead79e12ab279ee0b575019a",
"url": null,
"hash": "sha256-k5QjFRwKK8Hw7bl6XwOHiwr7hmTtBMdOUWieNKM10x4="
},
"linkal": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "JulienMalka",
"repo": "Linkal"
},
"branch": "main",
"submodules": false,
"revision": "085630bf369b68d2264baca020efc94c877d78e6",
"url": "https://github.com/JulienMalka/Linkal/archive/085630bf369b68d2264baca020efc94c877d78e6.tar.gz",
"hash": "sha256-nQ22VdXMO6M+rIsrPYHGmt7Zi7VWt9BeuF7WM+U2glQ="
},
"lix": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.lix.systems/lix-project/lix.git"
},
"branch": "main",
"submodules": false,
"revision": "d169c092fc28838a253be136d17fe7de1292c728",
"url": null,
"hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc="
},
"lix-module": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.lix.systems/lix-project/nixos-module.git"
},
"branch": "main",
"submodules": false,
"revision": "fa69ae26cc32dda178117b46487c2165c0e08316",
"url": null,
"hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8="
},
"metis": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/metis"
},
"branch": "master",
"submodules": false,
"revision": "f8898110f4aa32c5384af605e727bfea9b0bd2de",
"url": null,
"hash": "sha256-WrQCoe8h848nkQQfZnshsOdoY2NP5gAsl24hXpzDnR8="
},
"microvm.nix": {
"type": "Git",
"repository": {
"type": "GitHub",
"owner": "RaitoBezarius",
"repo": "microvm.nix"
},
"branch": "main",
"submodules": false,
"revision": "49899c9a4fdf75320785e79709bf1608c34caeb8",
"url": "https://github.com/RaitoBezarius/microvm.nix/archive/49899c9a4fdf75320785e79709bf1608c34caeb8.tar.gz",
"hash": "sha256-nn/kta8Od0T2k5+xQj+S2PNqOmxsDdHNaIv8eNtX5ms="
},
"nix-actions": {
"type": "GitRelease",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/nix-actions.git"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"submodules": false,
"version": "v0.5.1",
"revision": "06847b3256df402da0475dccb290832ec92a9f8c",
"url": null,
"hash": "sha256-2xOZdKiUfcriQFKG37vY96dgCJLndhLa7cGacq8+SA8="
},
"nix-modules": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-modules"
},
"branch": "dgnum",
"submodules": false,
"revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f",
"url": null,
"hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA="
},
"nix-pkgs": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs"
},
"branch": "dgnum",
"submodules": false,
"revision": "7a0e2e660b26ddd67bb8132beb6b13e3a69003a4",
"url": null,
"hash": "sha256-1uzLfSTvB8UXN9zbzQr2cQXjARIXw1cBwPK6mA9GoXc="
},
"nix-reuse": {
"type": "GitRelease",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/nix-reuse"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"submodules": false,
"version": "v0.1.3",
"revision": "45633dc6a0512cbbb010bc615b5d1b6e46e57597",
"url": null,
"hash": "sha256-xr63AvDLp+RS0F7qwuOoWNENuepPbpuHLe4VPS85XBQ="
},
"nixos-24.05": {
"type": "Channel",
"name": "nixos-24.05",
"url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.7376.b134951a4c9f/nixexprs.tar.xz",
"hash": "sha256-m6KS4Y44VAxk5ZnELE2dzLbjPtKRGtsprphQC6A7Erk="
},
"nixos-24.11": {
"type": "Channel",
"name": "nixos-24.11",
"url": "https://releases.nixos.org/nixos/24.11/nixos-24.11.717608.bf3287dac860/nixexprs.tar.xz",
"hash": "sha256-i+e1YvYG/DiWvKoEM0DhWG87ZPzkkYQwKlc0tS5jx+E="
},
"nixos-25.05": {
"type": "Channel",
"name": "nixos-25.05",
"url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.803579.70c74b02eac4/nixexprs.tar.xz",
"hash": "sha256-0RxtgAd4gHYPFFwICal8k8hvJBOkCeTjFkh4HsqYDbE="
},
"nixos-unstable": {
"type": "Channel",
"name": "nixos-unstable",
"url": "https://releases.nixos.org/nixos/unstable/nixos-25.05pre797896.d89fc19e405c/nixexprs.tar.xz",
"hash": "sha256-bFJJ/qwB3VJ0nFuVYYHJXinT4tNJ2jhXTVT6SpYiFOM="
},
"npins": {
"type": "GitRelease",
"repository": {
"type": "GitHub",
"owner": "andir",
"repo": "npins"
},
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"submodules": false,
"version": "0.3.1",
"revision": "476671559d5879ad2f95fe21b9eb7c7541b3e718",
"url": "https://api.github.com/repos/andir/npins/tarball/refs/tags/0.3.1",
"hash": "sha256-PPk9Ve1pM3X7NfGeGb8Jiq4YDEwAjErP4xzGwLaakTU="
},
"proxmox-nixos": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://github.com/SaumonNet/proxmox-nixos.git"
},
"branch": "main",
"submodules": false,
"revision": "91c96a414e14835b84adbf775f793739a5851fab",
"url": null,
"hash": "sha256-YYbR1o5qTPUxpaVhkJcOGjghNGbIBQmivXAgNTFDxqU="
},
"signal-irc-bridge": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/mdebray/signal-irc-bridge"
},
"branch": "master",
"submodules": false,
"revision": "52a370b29ff2edbec63e192e782b934823263ef2",
"url": null,
"hash": "sha256-sR8v7bheOigZ08VAv/AX9wFNmMZQEUqEwX3V9wW68tc="
},
"snix-cache": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/DGNum/snix-cache.git"
},
"branch": "main",
"submodules": false,
"revision": "62346b99c2e1085203bc2e5bb5f07e7773977b49",
"url": null,
"hash": "sha256-6BYUWwzitWF2EV8wvJOlqensJ3x4f4ka+iZ9Zy5XnWI="
},
"stateless-uptime-kuma": {
"type": "Git",
"repository": {
"type": "Git",
"url": "https://git.dgnum.eu/mdebray/stateless-uptime-kuma"
},
"branch": "master",
"submodules": false,
"revision": "d378d1ce00c676fa22ef0808cf73f3e1c34e0191",
"url": null,
"hash": "sha256-Dq0Kk6inCrxsxRfpYJVDZ45pMW/OZ3AAecmgF+yIZQI="
},
"wp4nix": {
"type": "Git",
"repository": {
"type": "GitLab",
"repo_path": "helsinki-systems/wp4nix",
"server": "https://git.helsinki.tools/"
},
"branch": "master",
"submodules": false,
"revision": "2fc9a0734168cab536e3129efa6397d6cd3ac89f",
"url": "https://git.helsinki.tools/api/v4/projects/helsinki-systems%2Fwp4nix/repository/archive.tar.gz?sha=2fc9a0734168cab536e3129efa6397d6cd3ac89f",
"hash": "sha256-abwqAZGsWuWqfxou8XlqedBvXsUw1/xanSgljLCJxdM="
}
},
"version": 6
}

7
patches/default.nix
View file

@ -57,12 +57,7 @@ with {
{
_type = "url";
url = "https://github.com/ryantm/agenix/pull/292.patch";
hash = "sha256-e45hiHF0HbCYb+3RRhy+8nNIFvefb6SZSN3xcl1mpvI=";
hash = "sha256-dO7Lvf2mdCIN6MjNcE+OS7ibaSunJ84Krqlk8ywMtwo=";
}
];
"npins" = [
(local ./npins/00-master.patch)
(local ./npins/01-sri-hashes.patch)
];
}

1053
patches/npins/00-master.patch
View file

File diff suppressed because it is too large Load diff

962
patches/npins/01-sri-hashes.patch
View file

@ -1,962 +0,0 @@
From 6d86eb4b9884f46a38baaafd6a048cbfdc6a6b9b Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom@hubrecht.ovh>
Date: Tue, 6 May 2025 18:32:31 +0200
Subject: [PATCH] feat: Use SRI hashes for locking pins
Here, we:
- Switch to using SRI hashes for all locked inputs
- Add support for narHash in fetchGit
It is a follow-up of #87 using snix nix-compat crate for manipulating
hashes
Co-authored-by: Raito Bezarius <masterancpp@gmail.com>
---
Cargo.lock | 386 +++++++++++++++++++++++++++++++++++++++++++++++-
Cargo.toml | 2 +
npins.nix | 4 +
src/default.nix | 10 +-
src/git.rs | 22 +--
src/nix.rs | 20 ++-
src/pypi.rs | 20 ++-
src/versions.rs | 40 +++--
8 files changed, 466 insertions(+), 38 deletions(-)
diff --git a/Cargo.lock b/Cargo.lock
index fc0b0df..6345d09 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -120,12 +120,38 @@ version = "0.22.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
+[[package]]
+name = "base64ct"
+version = "1.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3"
+
[[package]]
name = "bitflags"
version = "2.9.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd"
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "bstr"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "234113d19d0d7d613b40e86fb654acf958910802bcceab913a4f9e7cda03b1a4"
+dependencies = [
+ "memchr",
+ "regex-automata",
+ "serde",
+]
+
[[package]]
name = "bumpalo"
version = "3.17.0"
@@ -205,6 +231,21 @@ version = "1.0.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990"
+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
+dependencies = [
+ "libc",
+]
+
[[package]]
name = "crossterm"
version = "0.28.1"
@@ -216,6 +257,69 @@ dependencies = [
"rustix",
]
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "curve25519-dalek"
+version = "4.1.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "curve25519-dalek-derive",
+ "digest",
+ "fiat-crypto",
+ "rustc_version",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "curve25519-dalek-derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "data-encoding"
+version = "2.9.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476"
+
+[[package]]
+name = "der"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
+dependencies = [
+ "const-oid",
+ "zeroize",
+]
+
+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+]
+
[[package]]
name = "displaydoc"
version = "0.2.5"
@@ -227,6 +331,41 @@ dependencies = [
"syn",
]
+[[package]]
+name = "ed25519"
+version = "2.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53"
+dependencies = [
+ "pkcs8",
+ "signature",
+]
+
+[[package]]
+name = "ed25519-dalek"
+version = "2.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871"
+dependencies = [
+ "curve25519-dalek",
+ "ed25519",
+ "serde",
+ "sha2",
+ "subtle",
+ "zeroize",
+]
+
+[[package]]
+name = "enum-primitive-derive"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba7795da175654fe16979af73f81f26a8ea27638d8d9823d317016888a63dc4c"
+dependencies = [
+ "num-traits",
+ "quote",
+ "syn",
+]
+
[[package]]
name = "env_filter"
version = "0.1.3"
@@ -265,6 +404,12 @@ dependencies = [
"windows-sys 0.59.0",
]
+[[package]]
+name = "fiat-crypto"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d"
+
[[package]]
name = "fnv"
version = "1.0.7"
@@ -369,6 +514,16 @@ dependencies = [
"slab",
]
+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
[[package]]
name = "getrandom"
version = "0.2.15"
@@ -402,6 +557,12 @@ version = "0.31.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f"
+[[package]]
+name = "glob"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2"
+
[[package]]
name = "hashbrown"
version = "0.15.2"
@@ -719,6 +880,16 @@ version = "0.2.172"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
+[[package]]
+name = "libmimalloc-sys"
+version = "0.1.42"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec9d6fac27761dabcd4ee73571cdb06b7022dc99089acbe5435691edffaac0f4"
+dependencies = [
+ "cc",
+ "libc",
+]
+
[[package]]
name = "linux-raw-sys"
version = "0.4.15"
@@ -753,6 +924,15 @@ version = "2.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3"
+[[package]]
+name = "mimalloc"
+version = "0.1.46"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "995942f432bbb4822a7e9c3faa87a695185b0d09273ba85f097b54f4e458f2af"
+dependencies = [
+ "libmimalloc-sys",
+]
+
[[package]]
name = "mime"
version = "0.3.17"
@@ -779,6 +959,53 @@ dependencies = [
"windows-sys 0.52.0",
]
+[[package]]
+name = "nix-compat"
+version = "0.1.0"
+source = "git+https://git.snix.dev/snix/snix#4749964f06a7aa20ee19c5f7b3c97079e5c67911"
+dependencies = [
+ "bitflags",
+ "bstr",
+ "bytes",
+ "data-encoding",
+ "ed25519",
+ "ed25519-dalek",
+ "enum-primitive-derive",
+ "futures",
+ "glob",
+ "mimalloc",
+ "nix-compat-derive",
+ "nom",
+ "num-traits",
+ "num_enum",
+ "pin-project-lite",
+ "serde",
+ "serde_json",
+ "sha2",
+ "thiserror",
+ "tokio",
+ "tracing",
+]
+
+[[package]]
+name = "nix-compat-derive"
+version = "0.1.0"
+source = "git+https://git.snix.dev/snix/snix#4749964f06a7aa20ee19c5f7b3c97079e5c67911"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
+[[package]]
+name = "nom"
+version = "8.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405"
+dependencies = [
+ "memchr",
+]
+
[[package]]
name = "npins"
version = "0.3.1"
@@ -787,11 +1014,13 @@ dependencies = [
"async-trait",
"clap",
"crossterm",
+ "data-encoding",
"env_logger",
"futures",
"lenient_semver_parser",
"lenient_version",
"log",
+ "nix-compat",
"reqwest",
"serde",
"serde_json",
@@ -799,6 +1028,36 @@ dependencies = [
"url",
]
+[[package]]
+name = "num-traits"
+version = "0.2.19"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "num_enum"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179"
+dependencies = [
+ "num_enum_derive",
+]
+
+[[package]]
+name = "num_enum_derive"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56"
+dependencies = [
+ "proc-macro-crate",
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
[[package]]
name = "object"
version = "0.36.7"
@@ -855,6 +1114,16 @@ version = "0.1.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
[[package]]
name = "ppv-lite86"
version = "0.2.21"
@@ -864,6 +1133,15 @@ dependencies = [
"zerocopy",
]
+[[package]]
+name = "proc-macro-crate"
+version = "3.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "edce586971a4dfaa28950c6f18ed55e0406c1ab88bbce2c6f6293a7aaba73d35"
+dependencies = [
+ "toml_edit",
+]
+
[[package]]
name = "proc-macro2"
version = "1.0.94"
@@ -949,7 +1227,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94"
dependencies = [
"rand_chacha",
- "rand_core",
+ "rand_core 0.9.3",
"zerocopy",
]
@@ -960,7 +1238,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
dependencies = [
"ppv-lite86",
- "rand_core",
+ "rand_core 0.9.3",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom 0.2.15",
]
[[package]]
@@ -1079,6 +1366,15 @@ version = "2.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d"
+[[package]]
+name = "rustc_version"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
+dependencies = [
+ "semver",
+]
+
[[package]]
name = "rustix"
version = "0.38.44"
@@ -1153,6 +1449,12 @@ version = "1.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
+[[package]]
+name = "semver"
+version = "1.0.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0"
+
[[package]]
name = "serde"
version = "1.0.219"
@@ -1198,6 +1500,17 @@ dependencies = [
"serde",
]
+[[package]]
+name = "sha2"
+version = "0.10.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
[[package]]
name = "shlex"
version = "1.3.0"
@@ -1213,6 +1526,15 @@ dependencies = [
"libc",
]
+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "rand_core 0.6.4",
+]
+
[[package]]
name = "slab"
version = "0.4.9"
@@ -1238,6 +1560,16 @@ dependencies = [
"windows-sys 0.52.0",
]
+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
[[package]]
name = "stable_deref_trait"
version = "1.2.0"
@@ -1370,6 +1702,23 @@ dependencies = [
"tokio",
]
+[[package]]
+name = "toml_datetime"
+version = "0.6.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3"
+
+[[package]]
+name = "toml_edit"
+version = "0.22.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e"
+dependencies = [
+ "indexmap",
+ "toml_datetime",
+ "winnow",
+]
+
[[package]]
name = "tower"
version = "0.5.2"
@@ -1404,9 +1753,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0"
dependencies = [
"pin-project-lite",
+ "tracing-attributes",
"tracing-core",
]
+[[package]]
+name = "tracing-attributes"
+version = "0.1.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
[[package]]
name = "tracing-core"
version = "0.1.33"
@@ -1422,6 +1783,12 @@ version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
+[[package]]
+name = "typenum"
+version = "1.18.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f"
+
[[package]]
name = "unicode-ident"
version = "1.0.18"
@@ -1464,6 +1831,12 @@ version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821"
+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
[[package]]
name = "want"
version = "0.3.1"
@@ -1769,6 +2142,15 @@ version = "0.53.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486"
+[[package]]
+name = "winnow"
+version = "0.7.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c06928c8748d81b05c9be96aad92e1b6ff01833332f281e8cfca3be4b35fc9ec"
+dependencies = [
+ "memchr",
+]
+
[[package]]
name = "wit-bindgen-rt"
version = "0.39.0"
diff --git a/Cargo.toml b/Cargo.toml
index b603f77..badbe24 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -32,6 +32,8 @@ futures = "0.3.31"
clap = { version = "4.5", features = [ "derive", "env" ], optional = true }
crossterm = { version = "0.28.1", default-features = false, optional = true }
env_logger = { version = "^0.11.0", features = ["color", "auto-color", "regex"], default-features = false, optional = true }
+nix-compat = { git = "https://git.snix.dev/snix/snix", version = "0.1.0" }
+data-encoding = "2.9.0"
[dev-dependencies]
env_logger = { version = "^0.11.0", features = ["color", "auto-color", "regex"], default-features = false }
diff --git a/npins.nix b/npins.nix
index 912d431..dfdcda8 100644
--- a/npins.nix
+++ b/npins.nix
@@ -51,6 +51,10 @@ let
version = cargoToml.package.version;
cargoLock = {
lockFile = src + "/Cargo.lock";
+
+ outputHashes = {
+ "nix-compat-0.1.0" = "sha256-U9pAde6R2yoP8ivnoNX/1rve+ALrDk8+4R2BKoGzg24=";
+ };
};
inherit src;
diff --git a/src/default.nix b/src/default.nix
index 6592476..fc9ebc5 100644
--- a/src/default.nix
+++ b/src/default.nix
@@ -82,7 +82,7 @@ let
if url != null && !submodules then
builtins.fetchTarball {
inherit url;
- sha256 = hash; # FIXME: check nix version & use SRI hashes
+ sha256 = hash;
}
else
let
@@ -109,9 +109,9 @@ let
in
builtins.fetchGit {
rev = revision;
- inherit name;
- # hash = hash;
- inherit url submodules;
+ narHash = hash;
+
+ inherit name submodules url;
};
mkPyPiSource =
@@ -140,7 +140,7 @@ let
sha256 = hash;
};
in
-if version == 5 then
+if version == 6 then
builtins.mapAttrs mkSource data.pins
else
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
diff --git a/src/git.rs b/src/git.rs
index 334e9d1..c7c5241 100644
--- a/src/git.rs
+++ b/src/git.rs
@@ -852,7 +852,7 @@ mod test {
pin.fetch(&version).await?,
OptionalUrlHashes {
url: None,
- hash: "17giznxp84h53jsm334dkp1fz6x9ff2yqfkq34ihq0ray1x3yhyd".into(),
+ hash: "sha256-zUM/evAqAwwjGXg67IVzqZvvwp2NjFG1HAUSdLv98Z0=".into(),
}
);
Ok(())
@@ -880,7 +880,7 @@ mod test {
pin.fetch(&version).await?,
ReleasePinHashes {
url: None,
- hash: "0q06gjh6129bfs0x072xicmq0q2psnq6ckf05p1jfdxwl7jljg06".into(),
+ hash: "sha256-BjxJ5aG8NyfDLcBNZrDVV2CAK4tdHNCBdiuJYKB8BmA=".into(),
revision: "35be5b2b2c3431de1100996487d53134f658b866".into(),
}
);
@@ -908,7 +908,7 @@ mod test {
pin.fetch(&version).await?,
OptionalUrlHashes {
url: Some("https://github.com/oliverwatkins/swing_library/archive/1edb0a9cebe046cc915a218c57dbf7f40739aeee.tar.gz".parse().unwrap()),
- hash: "17giznxp84h53jsm334dkp1fz6x9ff2yqfkq34ihq0ray1x3yhyd".into(),
+ hash: "sha256-zUM/evAqAwwjGXg67IVzqZvvwp2NjFG1HAUSdLv98Z0=".into(),
}
);
Ok(())
@@ -942,7 +942,7 @@ mod test {
.parse()
.unwrap()
),
- hash: "0q06gjh6129bfs0x072xicmq0q2psnq6ckf05p1jfdxwl7jljg06".into(),
+ hash: "sha256-BjxJ5aG8NyfDLcBNZrDVV2CAK4tdHNCBdiuJYKB8BmA=".into(),
}
);
Ok(())
@@ -976,7 +976,7 @@ mod test {
.parse()
.unwrap()
),
- hash: "0arqpja90n3yy767x0ckwg4biqm4igcpa0vznvx3daaywjkb1v7v".into(),
+ hash: "sha256-++ywpuReqTb6tn8DddmLpOK4yOOTgX7M8X5YkJS8OCs=".into(),
}
);
Ok(())
@@ -1004,7 +1004,7 @@ mod test {
pin.fetch(&version).await?,
OptionalUrlHashes {
url: Some("https://git.lix.systems/lix-project/lix/archive/4bbdb2f5564b9b42bcaf0e1eec28325300f31c72.tar.gz".parse().unwrap()),
- hash: "03rygh7i9wzl6mhha6cv5q26iyzwy8l59d5cq4r6j5kpss9l1hn3".into(),
+ hash: "sha256-w8JAk9Z3Fmkyway0VCjy/PtoBC6bGQVhNfTzFA98Pg8=".into(),
}
);
Ok(())
@@ -1039,7 +1039,7 @@ mod test {
.parse()
.unwrap()
),
- hash: "1iyylsiv1n6mf6rbi4k4fm5nv24a940cwfz92gk9fx6axh2kxjbz".into(),
+ hash: "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=".into(),
}
);
Ok(())
@@ -1067,7 +1067,7 @@ mod test {
pin.fetch(&version).await?,
OptionalUrlHashes {
url: Some("https://gitlab.com/api/v4/projects/maxigaz%2Fgitlab-dark/repository/archive.tar.gz?sha=e7145078163692697b843915a665d4f41139a65c".parse().unwrap()),
- hash: "0nmcr0g0cms4yx9wsgbyvxyvdlqwa9qdb8179g47rs0y04iylcsv".into(),
+ hash: "sha256-WzPqIwEe6HzISyeg1XBSHNO2fd9+Pc1T90RXBh7IrFo=".into(),
}
);
Ok(())
@@ -1100,7 +1100,7 @@ mod test {
url: Some("https://gitlab.com/api/v4/projects/maxigaz%2Fgitlab-dark/repository/archive.tar.gz?ref=v1.16.0"
.parse()
.unwrap()),
- hash: "0nmcr0g0cms4yx9wsgbyvxyvdlqwa9qdb8179g47rs0y04iylcsv".into(),
+ hash: "sha256-WzPqIwEe6HzISyeg1XBSHNO2fd9+Pc1T90RXBh7IrFo=".into(),
}
);
Ok(())
@@ -1128,7 +1128,7 @@ mod test {
pin.fetch(&version).await?,
OptionalUrlHashes {
url: Some("https://gitlab.gnome.org/api/v4/projects/Archive%2Fgnome-games/repository/archive.tar.gz?sha=bca2071b6923d45d9aabac27b3ea1e40f5fa3006".parse().unwrap()),
- hash: "0pn7mdj56flvvlhm96igx8g833sslzgypfb2a4zv7lj8z3kiikmg".into(),
+ hash: "sha256-r84Y5/hI0rM/UWK569+nWo+BHuovmlQh3Zs6U2Srx14=".into(),
}
);
Ok(())
@@ -1159,7 +1159,7 @@ mod test {
ReleasePinHashes {
revision: "2c89145d52d072a4ca5da900c2676d890bfab1ff".into(),
url: Some("https://gitlab.gnome.org/api/v4/projects/Archive%2Fgnome-games/repository/archive.tar.gz?ref=40.0".parse().unwrap()),
- hash: "0pn7mdj56flvvlhm96igx8g833sslzgypfb2a4zv7lj8z3kiikmg".into(),
+ hash: "sha256-r84Y5/hI0rM/UWK569+nWo+BHuovmlQh3Zs6U2Srx14=".into(),
}
);
Ok(())
diff --git a/src/nix.rs b/src/nix.rs
index 2248079..499e0e7 100644
--- a/src/nix.rs
+++ b/src/nix.rs
@@ -1,5 +1,6 @@
use crate::check_url;
use anyhow::{Context, Result};
+use data_encoding::BASE64;
use log::debug;
#[allow(unused)]
@@ -8,6 +9,16 @@ pub struct PrefetchInfo {
hash: String,
}
+pub fn hash_to_sri(s: &str, algo: &str) -> Result<String> {
+ let hash = nix_compat::nixhash::from_str(s, Some(algo))?;
+
+ Ok(format!(
+ "{}-{}",
+ hash.algo(),
+ BASE64.encode(hash.digest_as_bytes())
+ ))
+}
+
pub async fn nix_prefetch_tarball(url: impl AsRef<str>) -> Result<String> {
let url = url.as_ref();
check_url(url).await?;
@@ -37,8 +48,11 @@ pub async fn nix_prefetch_tarball(url: impl AsRef<str>) -> Result<String> {
}
let stdout = String::from_utf8_lossy(&output.stdout);
- log::debug!("Got hash: {}", stdout);
- Ok(String::from(stdout.trim()))
+ let hash = stdout.trim();
+
+ log::debug!("Got sha256: {}", hash);
+
+ hash_to_sri(&hash, "sha256")
}
pub async fn nix_prefetch_git(
@@ -111,5 +125,5 @@ pub async fn nix_prefetch_git(
let info: NixPrefetchGitResponse = serde_json::from_slice(&output.stdout)
.context("Failed to deserialize nix-pfetch-git JSON response.")?;
- Ok(info.sha256)
+ hash_to_sri(&info.sha256, "sha256")
}
diff --git a/src/pypi.rs b/src/pypi.rs
index 51191d2..5d744ef 100644
--- a/src/pypi.rs
+++ b/src/pypi.rs
@@ -1,6 +1,6 @@
//! Pin a PyPi package
-use crate::*;
+use crate::{nix::hash_to_sri, *};
use anyhow::{Context, Result};
use lenient_version::Version;
use serde::{Deserialize, Serialize};
@@ -125,11 +125,15 @@ impl Updatable for Pin {
anyhow::format_err!("Unsupported package: must contain some \"source\" download",)
})?;
- let hash = latest_source.digests.remove("sha256").ok_or_else(|| {
- anyhow::format_err!(
- "JSON metadata is invalid: must contain a `sha256` entry within `digests`",
- )
- })?;
+ let hash = latest_source
+ .digests
+ .remove("sha256")
+ .ok_or_else(|| {
+ anyhow::format_err!(
+ "JSON metadata is invalid: must contain a `sha256` entry within `digests`",
+ )
+ })
+ .and_then(|s| hash_to_sri(&s, "sha256"))?;
Ok(GenericUrlHashes {
hash,
@@ -190,7 +194,7 @@ mod test {
assert_eq!(
pin.fetch(&version).await?,
GenericUrlHashes {
- hash: "3953b158b7b690642d68cd6beb1d59f6e10526f2ee10a6fb4636a913cc95e718".into(),
+ hash: "sha256-OVOxWLe2kGQtaM1r6x1Z9uEFJvLuEKb7RjapE8yV5xg=".into(),
url: "https://files.pythonhosted.org/packages/d1/d5/0c270c22d61ff6b883d0f24956f13e904b131b5ac2829e0af1cda99d70b1/gaiatest-0.34.tar.gz".parse().unwrap(),
}
);
@@ -216,7 +220,7 @@ mod test {
assert_eq!(
pin.fetch(&version).await?,
GenericUrlHashes {
- hash: "39d09c6627255fcf39c938937995665b6377799c4fa141f6b481bcb5e6a688ac".into(),
+ hash: "sha256-OdCcZiclX885yTiTeZVmW2N3eZxPoUH2tIG8teamiKw=".into(),
url: "https://files.pythonhosted.org/packages/fd/75/6e72889c3b154a179040b94963a50901966ff30b68600271df374b2ded7a/streamlit-0.89.0.tar.gz".parse().unwrap(),
}
);
diff --git a/src/versions.rs b/src/versions.rs
index 003402f..a65c995 100644
--- a/src/versions.rs
+++ b/src/versions.rs
@@ -1,11 +1,12 @@
//! Versioning support for the save format
use super::*;
+use crate::nix::hash_to_sri;
use anyhow::{Context, Result};
use serde_json::{json, Map, Value};
/// The current format version
-pub const LATEST: u64 = 5;
+pub const LATEST: u64 = 6;
/// Custom manual deserialize wrapper that checks the version
pub fn from_value_versioned(value: Value) -> Result<NixPins> {
@@ -83,11 +84,18 @@ pub fn upgrade(mut pins_raw: Map<String, Value>) -> Result<Value> {
* They are omitted here; Only non-trivial upgrades should be inserted.
*/
type Upgrader = Box<dyn Fn(&mut Map<String, Value>) -> Result<()>>;
- let version_upgraders: BTreeMap<u64, Upgrader> = [(
- 0,
- Box::new(|pins_raw: &mut Map<String, Value>| generic_upgrader(pins_raw, upgrade_v0_pin))
- as Upgrader,
- )]
+ let version_upgraders: BTreeMap<u64, Upgrader> = [
+ (
+ 0,
+ Box::new(|pins_raw: &mut Map<String, Value>| generic_upgrader(pins_raw, upgrade_v0_pin))
+ as Upgrader,
+ ),
+ (
+ 5,
+ Box::new(|pins_raw: &mut Map<String, Value>| generic_upgrader(pins_raw, upgrade_v5_pin))
+ as Upgrader,
+ ),
+ ]
.into_iter()
.collect();
@@ -224,6 +232,20 @@ fn upgrade_v0_pin(name: &str, raw_pin: &mut Map<String, Value>) -> Result<()> {
Ok(())
}
+/* v5→v6. This upgrade changes the hashes of git and git-release pins to use SRI hashes instead of
+ * raw sha256 hashes.
+ */
+fn upgrade_v5_pin(name: &str, raw_pin: &mut Map<String, Value>) -> Result<()> {
+ log::debug!("Updating {} to v6", name);
+
+ if let Some(raw_hash) = raw_pin.remove("hash") {
+ let hash: String = serde_json::from_value(raw_hash)?;
+ raw_pin.insert("hash".into(), hash_to_sri(&hash, "sha256")?.into());
+ }
+
+ Ok(())
+}
+
#[cfg(test)]
mod test {
use super::*;
@@ -301,19 +323,19 @@ mod test {
"nixos-mailserver".into() => Pin::Git {
input: git::GitPin::new(git::Repository::git("https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git".parse().unwrap()), "nixos-21.11".into(), false),
version: Some(git::GitRevision::new("6e3a7b2ea6f0d68b82027b988aa25d3423787303".into()).unwrap()),
- hashes: Some(git::OptionalUrlHashes { url: None, hash: "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44".into() } ),
+ hashes: Some(git::OptionalUrlHashes { url: None, hash: "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=".into() } ),
frozen: Frozen::default(),
},
"nixpkgs".into() => Pin::Git {
input: git::GitPin::new(git::Repository::github("nixos", "nixpkgs"), "nixpkgs-unstable".into(), false),
version: Some(git::GitRevision::new("5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2".into()).unwrap()),
- hashes: Some(git::OptionalUrlHashes { url: Some("https://github.com/nixos/nixpkgs/archive/5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2.tar.gz".parse().unwrap()), hash: "1r74afnalgcbpv7b9sbdfbnx1kfj0kp1yfa60bbbv27n36vqdhbb".into() }),
+ hashes: Some(git::OptionalUrlHashes { url: Some("https://github.com/nixos/nixpkgs/archive/5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2.tar.gz".parse().unwrap()), hash: "sha256-a8GGtxn2iL3WAkY5H+4E0s3Q7XJt6bTOvos9qqxT5OQ=".into() }),
frozen: Frozen::default(),
},
"streamlit".into() => Pin::PyPi {
input: pypi::Pin { name: "streamlit".into(), version_upper_bound: None },
version: Some(GenericVersion { version: "1.3.1".into() }),
- hashes: Some(GenericUrlHashes { url: "https://files.pythonhosted.org/packages/c3/9d/ac871992617220442832af12c3808716f4349ab05ff939d695fe8b542f00/streamlit-1.3.1.tar.gz".parse().unwrap(), hash: "adec7935c9cf774b9115b2456cf2f48c4f49b9f67159a97db0fe228357c1afdf".into() } ),
+ hashes: Some(GenericUrlHashes { url: "https://files.pythonhosted.org/packages/c3/9d/ac871992617220442832af12c3808716f4349ab05ff939d695fe8b542f00/streamlit-1.3.1.tar.gz".parse().unwrap(), hash: "sha256-rex5NcnPd0uRFbJFbPL0jE9JufZxWal9sP4ig1fBr98=".into() } ),
frozen: Frozen::default(),
},
"youtube-dl".into() => Pin::GitRelease {

2
pkgs/default.nix
View file

@ -3,7 +3,7 @@
# SPDX-License-Identifier: EUPL-1.2
{
sources ? import ../npins,
sources ? import ../lon.nix,
pkgs ? import sources."nixos-unstable" { },
callPackage ? pkgs.callPackage,
}:

43
workflows/lon-update.nix Normal file
View file

@ -0,0 +1,43 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ nix-actions, ... }:
let
inherit (nix-actions.lib) nix-shell secret;
in
{
name = "Update dependencies";
on.schedule = [
# Run every 24h
{ cron = "30 13 * * *"; }
];
jobs = {
update = {
runs-on = "nix";
steps = [
{
uses = "actions/checkout@v4";
"with".token = secret "TEA_DGNUM_CHORES_TOKEN";
}
{
env = {
LON_TOKEN = secret "TEA_DGNUM_CHORES_TOKEN";
LON_USER_NAME = "DGNum [bot]";
LON_USER_EMAIL = "admins+lon-bot@dgnum.eu";
# LON_LABELS = "bot";
LON_LIST_COMMITS = true;
};
run = nix-shell {
script = "lon bot forgejo";
shell = "lon-update";
};
}
];
};
};
}

98
workflows/npins-update.nix
View file

@ -1,98 +0,0 @@
# SPDX-FileCopyrightText: 2024 Tom Hubrecht <tom.hubrecht@dgnum.eu>
#
# SPDX-License-Identifier: EUPL-1.2
{ lib, nix-actions, ... }:
let
inherit (nix-actions.lib) secret;
inherit (lib) genAttrs mapAttrs' nameValuePair;
dependencies = builtins.attrNames (import ../npins);
in
{
name = "Update dependencies";
on.schedule = [
# Run every 24h
{ cron = "30 13 * * *"; }
];
# Global environment, necessary for rebases and commits
env = rec {
GIT_AUTHOR_NAME = "HT Chores";
GIT_AUTHOR_EMAIL = "chores@mail.hubrecht.ovh";
GIT_COMMITTER_NAME = GIT_AUTHOR_NAME;
GIT_COMMITTER_EMAIL = GIT_AUTHOR_EMAIL;
};
jobs = mapAttrs' (name: nameValuePair (builtins.replaceStrings [ "." ] [ "_" ] name)) (
genAttrs dependencies (name: {
runs-on = "nix-infra";
steps = [
(nix-actions.lib.steps.checkout {
fetch-depth = 0;
token = secret "TEA_DGNUM_CHORES_TOKEN";
})
{
env.GIT_UPDATE_BRANCH = "npins-updates/${name}";
name = "Switch to a new branch";
run = # bash
''
if git ls-remote --exit-code --heads origin "refs/heads/$GIT_UPDATE_BRANCH"; then
git switch "$GIT_UPDATE_BRANCH"
git rebase main
echo "EXISTING_BRANCH=1" >> $GITHUB_ENV
else
git switch -C "$GIT_UPDATE_BRANCH"
echo "EXISTING_BRANCH=" >> $GITHUB_ENV
fi
'';
}
{
env = {
GIT_UPDATE_BRANCH = "npins-updates/${name}";
COMMIT_MESSAGE = "chore(npins): Update ${name}";
};
name = "Open a PR if updates are present";
run = nix-actions.lib.nix-shell {
shell = "npins-shell";
script = ''
npins update ${name}
if ! git diff --exit-code npins/sources.json > /dev/null; then
echo "[+] Changes detected, pushing updates."
git add npins/sources.json
if [ -n "$EXISTING_BRANCH" ]; then
git commit --amend --no-edit
git push --force
else
git commit --message "$COMMIT_MESSAGE"
git push -u origin "$GIT_UPDATE_BRANCH"
fi
# Connect to the server with the cli
tea login add -n dgnum-chores -t ${secret "TEA_DGNUM_CHORES_TOKEN"} -u https://git.dgnum.eu
# Create a pull request if needed
# i.e. no PR with the same title exists
if [ -z $(tea pr ls -f='head' -o simple | grep "$GIT_UPDATE_BRANCH") ]; then
tea pr create --description "Automatic npins update" --title "$COMMIT_MESSAGE" --head "$GIT_UPDATE_BRANCH"
fi
elif [ -n "$EXISTING_BRANCH" ]; then
git push --force
fi
'';
};
}
];
})
);
}