From 863f141ec030742c8f7da01fab5146c5042da81b Mon Sep 17 00:00:00 2001 From: Tom Hubrecht Date: Tue, 10 Jun 2025 17:43:19 +0200 Subject: [PATCH] feat(lon): Init from npins --- .forgejo/workflows/lon-update.yaml | 20 + .forgejo/workflows/npins-update.yaml | 973 --------------- .gitattributes | 1 + REUSE.toml | 8 +- bootstrap.nix | 2 +- default.nix | 24 +- lon.lock | 315 +++++ lon.nix | 53 + machines/nixos/compute01/arkheon.nix | 2 +- .../nixos/compute01/signal-irc-bridge.nix | 2 +- meta/README.md | 2 +- npins/default.nix | 145 --- npins/sources.json | 381 ------ patches/default.nix | 7 +- patches/npins/00-master.patch | 1053 ----------------- patches/npins/01-sri-hashes.patch | 962 --------------- pkgs/default.nix | 2 +- workflows/lon-update.nix | 43 + workflows/npins-update.nix | 98 -- 19 files changed, 449 insertions(+), 3644 deletions(-) create mode 100644 .forgejo/workflows/lon-update.yaml delete mode 100644 .forgejo/workflows/npins-update.yaml create mode 100644 lon.lock create mode 100644 lon.nix delete mode 100644 npins/default.nix delete mode 100644 npins/sources.json delete mode 100644 patches/npins/00-master.patch delete mode 100644 patches/npins/01-sri-hashes.patch create mode 100644 workflows/lon-update.nix delete mode 100644 workflows/npins-update.nix diff --git a/.forgejo/workflows/lon-update.yaml b/.forgejo/workflows/lon-update.yaml new file mode 100644 index 0000000..49547f2 --- /dev/null +++ b/.forgejo/workflows/lon-update.yaml @@ -0,0 +1,20 @@ +### +# This file was automatically generated with nix-actions. +jobs: + update: + runs-on: nix + steps: + - uses: actions/checkout@v4 + with: + token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} + - env: + LON_LIST_COMMITS: true + LON_TOKEN: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} + LON_USER_EMAIL: admins+lon-bot@dgnum.eu + LON_USER_NAME: DGNum [bot] + run: "nix-shell -A lon-update --run 'set -o pipefail\nset -o nounset\nset -o + errexit\nlon bot forgejo'" +name: Update dependencies +on: + schedule: + - cron: 30 13 * * * diff --git a/.forgejo/workflows/npins-update.yaml b/.forgejo/workflows/npins-update.yaml deleted file mode 100644 index 0152a93..0000000 --- a/.forgejo/workflows/npins-update.yaml +++ /dev/null @@ -1,973 +0,0 @@ -### -# This file was automatically generated with nix-actions. -env: - GIT_AUTHOR_EMAIL: chores@mail.hubrecht.ovh - GIT_AUTHOR_NAME: HT Chores - GIT_COMMITTER_EMAIL: chores@mail.hubrecht.ovh - GIT_COMMITTER_NAME: HT Chores -jobs: - agenix: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/agenix - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update agenix' - GIT_UPDATE_BRANCH: npins-updates/agenix - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update agenix\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - arkheon: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/arkheon - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update arkheon' - GIT_UPDATE_BRANCH: npins-updates/arkheon - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update arkheon\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - cas-eleves: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/cas-eleves - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update cas-eleves' - GIT_UPDATE_BRANCH: npins-updates/cas-eleves - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update cas-eleves\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - cgroup-exporter: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/cgroup-exporter - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update cgroup-exporter' - GIT_UPDATE_BRANCH: npins-updates/cgroup-exporter - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update cgroup-exporter\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - colmena: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/colmena - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update colmena' - GIT_UPDATE_BRANCH: npins-updates/colmena - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update colmena\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - dgsi: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/dgsi - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update dgsi' - GIT_UPDATE_BRANCH: npins-updates/dgsi - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update dgsi\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - disko: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/disko - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update disko' - GIT_UPDATE_BRANCH: npins-updates/disko - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update disko\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - dns_nix: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/dns.nix - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update dns.nix' - GIT_UPDATE_BRANCH: npins-updates/dns.nix - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update dns.nix\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - git-hooks: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/git-hooks - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update git-hooks' - GIT_UPDATE_BRANCH: npins-updates/git-hooks - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update git-hooks\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - kadenios: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/kadenios - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update kadenios' - GIT_UPDATE_BRANCH: npins-updates/kadenios - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update kadenios\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - kat-pkgs: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/kat-pkgs - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update kat-pkgs' - GIT_UPDATE_BRANCH: npins-updates/kat-pkgs - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update kat-pkgs\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - liminix: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/liminix - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update liminix' - GIT_UPDATE_BRANCH: npins-updates/liminix - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update liminix\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - linkal: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/linkal - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update linkal' - GIT_UPDATE_BRANCH: npins-updates/linkal - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update linkal\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - lix: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/lix - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update lix' - GIT_UPDATE_BRANCH: npins-updates/lix - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update lix\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - lix-module: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/lix-module - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update lix-module' - GIT_UPDATE_BRANCH: npins-updates/lix-module - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update lix-module\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - metis: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/metis - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update metis' - GIT_UPDATE_BRANCH: npins-updates/metis - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update metis\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - microvm_nix: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/microvm.nix - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update microvm.nix' - GIT_UPDATE_BRANCH: npins-updates/microvm.nix - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update microvm.nix\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nix-actions: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nix-actions - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nix-actions' - GIT_UPDATE_BRANCH: npins-updates/nix-actions - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nix-actions\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nix-modules: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nix-modules - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nix-modules' - GIT_UPDATE_BRANCH: npins-updates/nix-modules - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nix-modules\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nix-pkgs: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nix-pkgs - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nix-pkgs' - GIT_UPDATE_BRANCH: npins-updates/nix-pkgs - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nix-pkgs\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nix-reuse: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nix-reuse - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nix-reuse' - GIT_UPDATE_BRANCH: npins-updates/nix-reuse - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nix-reuse\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nixos-24_05: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nixos-24.05 - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nixos-24.05' - GIT_UPDATE_BRANCH: npins-updates/nixos-24.05 - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nixos-24.05\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nixos-24_11: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nixos-24.11 - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nixos-24.11' - GIT_UPDATE_BRANCH: npins-updates/nixos-24.11 - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nixos-24.11\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nixos-25_05: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nixos-25.05 - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nixos-25.05' - GIT_UPDATE_BRANCH: npins-updates/nixos-25.05 - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nixos-25.05\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - nixos-unstable: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/nixos-unstable - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update nixos-unstable' - GIT_UPDATE_BRANCH: npins-updates/nixos-unstable - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update nixos-unstable\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - npins: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/npins - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update npins' - GIT_UPDATE_BRANCH: npins-updates/npins - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update npins\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - proxmox-nixos: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/proxmox-nixos - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update proxmox-nixos' - GIT_UPDATE_BRANCH: npins-updates/proxmox-nixos - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update proxmox-nixos\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - signal-irc-bridge: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/signal-irc-bridge - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update signal-irc-bridge' - GIT_UPDATE_BRANCH: npins-updates/signal-irc-bridge - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update signal-irc-bridge\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - snix-cache: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/snix-cache - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update snix-cache' - GIT_UPDATE_BRANCH: npins-updates/snix-cache - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update snix-cache\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - stateless-uptime-kuma: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/stateless-uptime-kuma - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update stateless-uptime-kuma' - GIT_UPDATE_BRANCH: npins-updates/stateless-uptime-kuma - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update stateless-uptime-kuma\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" - wp4nix: - runs-on: nix-infra - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 - token: ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} - - env: - GIT_UPDATE_BRANCH: npins-updates/wp4nix - name: Switch to a new branch - run: "if git ls-remote --exit-code --heads origin \"refs/heads/$GIT_UPDATE_BRANCH\"\ - ; then\n git switch \"$GIT_UPDATE_BRANCH\"\n git rebase main\n echo \"\ - EXISTING_BRANCH=1\" >> $GITHUB_ENV\nelse\n git switch -C \"$GIT_UPDATE_BRANCH\"\ - \n echo \"EXISTING_BRANCH=\" >> $GITHUB_ENV\nfi\n" - - env: - COMMIT_MESSAGE: 'chore(npins): Update wp4nix' - GIT_UPDATE_BRANCH: npins-updates/wp4nix - name: Open a PR if updates are present - run: "nix-shell -A npins-shell --run 'set -o pipefail\nset -o nounset\nset -o - errexit\nnpins update wp4nix\n\nif ! git diff --exit-code npins/sources.json - > /dev/null; then\n echo \"[+] Changes detected, pushing updates.\"\n\n \ - \ git add npins/sources.json\n\n if [ -n \"$EXISTING_BRANCH\" ]; then\n \ - \ git commit --amend --no-edit\n git push --force\n else\n git commit - --message \"$COMMIT_MESSAGE\"\n git push -u origin \"$GIT_UPDATE_BRANCH\"\ - \n fi\n\n # Connect to the server with the cli\n tea login add -n dgnum-chores - -t ${{ secrets.TEA_DGNUM_CHORES_TOKEN }} -u https://git.dgnum.eu\n\n # Create - a pull request if needed\n # i.e. no PR with the same title exists\n if - [ -z $(tea pr ls -f='\\''head'\\'' -o simple | grep \"$GIT_UPDATE_BRANCH\"\ - ) ]; then\n tea pr create --description \"Automatic npins update\" --title - \"$COMMIT_MESSAGE\" --head \"$GIT_UPDATE_BRANCH\"\n fi\nelif [ -n \"$EXISTING_BRANCH\"\ - \ ]; then\n git push --force\nfi\n'" -name: Update dependencies -on: - schedule: - - cron: 30 13 * * * diff --git a/.gitattributes b/.gitattributes index 8b698d8..3a0e326 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,3 +5,4 @@ /.forgejo/workflows/*.yaml linguist-generated /LICENSES/* linguist-vendored /REUSE.toml linguist-generated +lon.lock linguist-generated diff --git a/REUSE.toml b/REUSE.toml index 1420b70..c25eb47 100644 --- a/REUSE.toml +++ b/REUSE.toml @@ -2,7 +2,7 @@ version = 1 [[annotations]] SPDX-FileCopyrightText = "NONE" SPDX-License-Identifier = "CC0-1.0" -path = ["**/.envrc", "**/Cargo.lock", "**/_hardware-configuration.nix", ".gitignore", "REUSE.toml", "shell.nix", "patches/colmena/0001-*", "pkgs/by-name/docuseal/rubyEnv/*", "pkgs/by-name/docuseal/deps.json", "pkgs/by-name/docuseal/yarn.lock"] +path = ["**/.envrc", "**/Cargo.lock", "**/_hardware-configuration.nix", ".gitignore", "REUSE.toml", "shell.nix", "**/lon.lock", "**/lon.nix", "patches/nixpkgs/403844.patch", "patches/colmena/0001-*", "pkgs/by-name/docuseal/rubyEnv/*", "pkgs/by-name/docuseal/deps.json", "pkgs/by-name/docuseal/yarn.lock"] precedence = "closest" [[annotations]] @@ -59,12 +59,6 @@ SPDX-License-Identifier = "MIT" path = "lib/colmena/*" precedence = "closest" -[[annotations]] -SPDX-FileCopyrightText = "The [npins](https://github.com/andir/npins) contributors" -SPDX-License-Identifier = "EUPL-1.2" -path = "**/npins/*" -precedence = "closest" - [[annotations]] SPDX-FileCopyrightText = "The [forgejo](https://codeberg.org/forgejo/forgejo) contributors" SPDX-License-Identifier = "GPL-3.0-or-later" diff --git a/bootstrap.nix b/bootstrap.nix index 9e324b6..cde10ae 100644 --- a/bootstrap.nix +++ b/bootstrap.nix @@ -5,7 +5,7 @@ # SPDX-License-Identifier: EUPL-1.2 let - unpatchedSources = import ./npins; + unpatchedSources = import ./lon.nix; pkgs = import unpatchedSources.nixos-unstable { overlays = [ ]; }; diff --git a/default.nix b/default.nix index 696e532..1d20f1e 100644 --- a/default.nix +++ b/default.nix @@ -11,7 +11,10 @@ in sources ? bootstrap.sources, pkgs ? import sources.nixos-unstable { overlays = [ - (_: super: { lib = super.lib.extend bootstrap.overlays.lib; }) + (self: super: { + lib = super.lib.extend bootstrap.overlays.lib; + lon = self.callPackage (sources.lon + "/nix/packages/lon.nix") { }; + }) ]; }, }: @@ -37,7 +40,6 @@ let stages = [ "pre-push" ]; settings.ignore = [ "**/lon.nix" - "**/npins" ]; }; @@ -75,6 +77,11 @@ let "REUSE.toml" "shell.nix" + "**/lon.lock" + "**/lon.nix" + + "patches/nixpkgs/403844.patch" + # Commit revert "patches/colmena/0001-*" @@ -177,13 +184,6 @@ let license = "MIT"; } - # npins generated files - { - path = "**/npins/*"; - license = "EUPL-1.2"; - copyright = "The [npins](https://github.com/andir/npins) contributors"; - } - # images { path = "machines/nixos/compute01/extranix/static-data/images/forgejo.png"; @@ -238,7 +238,7 @@ in packages = [ - (pkgs.callPackage "${sources.npins}/npins.nix" { }) + pkgs.lon # SSO testing pkgs.kanidm @@ -272,10 +272,6 @@ in scripts.push-to-cache ]; eval-shell.packages = [ scripts.nix-build-and-cache ]; - npins-shell.packages = [ - (pkgs.callPackage "${sources.npins}/npins.nix" { }) - pkgs.tea - ]; }; }; } diff --git a/lon.lock b/lon.lock new file mode 100644 index 0000000..60c34c8 --- /dev/null +++ b/lon.lock @@ -0,0 +1,315 @@ +{ + "version": "1", + "sources": { + "agenix": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "ryantm", + "repo": "agenix", + "branch": "main", + "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d", + "url": "https://github.com/ryantm/agenix/archive/564595d0ad4be7277e07fa63b5a991b3c645655d.tar.gz", + "hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=" + }, + "arkheon": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "RaitoBezarius", + "repo": "arkheon", + "branch": "main", + "revision": "3eea876b29217d01cf2ef03ea9fdd8779d28ad04", + "url": "https://github.com/RaitoBezarius/arkheon/archive/3eea876b29217d01cf2ef03ea9fdd8779d28ad04.tar.gz", + "hash": "sha256-+R6MhTXuSzNeGQiL4DQwlP5yNhmnhbf7pQWPUWgcZSM=" + }, + "cas-eleves": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "bdbb2a6c772144813bd75316080f5fecd2c5cc9e", + "url": "https://git.dgnum.eu/DGNum/cas-eleves.git", + "hash": "sha256-kQDO331t2YsrDoVGHzftU6Y96VXfWNzgI7QmeBNCGTA=", + "lastModified": 1736030096, + "submodules": false + }, + "cgroup-exporter": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "arianvp", + "repo": "cgroup-exporter", + "branch": "main", + "revision": "97b83d6d495b3cb6f959a4368fd93ac342d23706", + "url": "https://github.com/arianvp/cgroup-exporter/archive/97b83d6d495b3cb6f959a4368fd93ac342d23706.tar.gz", + "hash": "sha256-MP45mdfhZ3MjpL0sJolZ0GkY3Le8QoUDqS+loPtxu2I=" + }, + "colmena": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "b5135dc8af1d7637b337cc2632990400221da577", + "url": "https://git.dgnum.eu/DGNum/colmena", + "hash": "sha256-7gg+K3PEYlN0sGPgDlmnM8zgDDIV505gNcwjFN61Qvk=", + "lastModified": 1746392348, + "submodules": false + }, + "dgsi": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "fbf6385e65400802a3f9f75f7cd91d5c01373d1b", + "url": "https://git.dgnum.eu/DGNum/dgsi.git", + "hash": "sha256-aOUI69wbMm9+KVWwcMw5TgVnk3DfjOzE4OEyYTD8XPU=", + "lastModified": 1748894673, + "submodules": false + }, + "disko": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "nix-community", + "repo": "disko", + "branch": "master", + "revision": "cdf8deded8813edfa6e65544f69fdd3a59fa2bb4", + "url": "https://github.com/nix-community/disko/archive/cdf8deded8813edfa6e65544f69fdd3a59fa2bb4.tar.gz", + "hash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=" + }, + "dns.nix": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "nix-community", + "repo": "dns.nix", + "branch": "master", + "revision": "a3196708a56dee76186a9415c187473b94e6cbae", + "url": "https://github.com/nix-community/dns.nix/archive/a3196708a56dee76186a9415c187473b94e6cbae.tar.gz", + "hash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=" + }, + "git-hooks": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "cachix", + "repo": "git-hooks.nix", + "branch": "master", + "revision": "fa466640195d38ec97cf0493d6d6882bc4d14969", + "url": "https://github.com/cachix/git-hooks.nix/archive/fa466640195d38ec97cf0493d6d6882bc4d14969.tar.gz", + "hash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=" + }, + "kadenios": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "4fd9e3a2117f54c4184b02fd3aef31626fcad149", + "url": "https://git.dgnum.eu/DGNum/kadenios.git", + "hash": "sha256-32alJ/9M+Vaa+zSzmoMgB1+f2h4GYP3OiJ8odRMeCdw=", + "lastModified": 1720702967, + "submodules": false + }, + "kat-pkgs": { + "type": "Git", + "fetchType": "git", + "branch": "master", + "revision": "19b3de953c4d4e8888b90019db81852f8ad39dbb", + "url": "https://git.dgnum.eu/lbailly/kat-pkgs", + "hash": "sha256-bWO5dHrwZWF2EbCuSzxigaKkJdNCBQx5nD1J/u2pdNg=", + "lastModified": 1749652165, + "submodules": false + }, + "liminix": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "1322de1ee0cdb19fead79e12ab279ee0b575019a", + "url": "https://git.dgnum.eu/DGNum/liminix", + "hash": "sha256-k5QjFRwKK8Hw7bl6XwOHiwr7hmTtBMdOUWieNKM10x4=", + "lastModified": 1733703952, + "submodules": false + }, + "linkal": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "JulienMalka", + "repo": "Linkal", + "branch": "main", + "revision": "085630bf369b68d2264baca020efc94c877d78e6", + "url": "https://github.com/JulienMalka/Linkal/archive/085630bf369b68d2264baca020efc94c877d78e6.tar.gz", + "hash": "sha256-nQ22VdXMO6M+rIsrPYHGmt7Zi7VWt9BeuF7WM+U2glQ=" + }, + "lix": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "d169c092fc28838a253be136d17fe7de1292c728", + "url": "https://git.lix.systems/lix-project/lix.git", + "hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=", + "lastModified": 1743274305, + "submodules": false + }, + "lix-module": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "fa69ae26cc32dda178117b46487c2165c0e08316", + "url": "https://git.lix.systems/lix-project/nixos-module.git", + "hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=", + "lastModified": 1742945498, + "submodules": false + }, + "lon": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "nikstur", + "repo": "lon", + "branch": "main", + "revision": "c29151c0adefbf2eef904a3435350356cef98da2", + "url": "https://github.com/nikstur/lon/archive/c29151c0adefbf2eef904a3435350356cef98da2.tar.gz", + "hash": "sha256-1oQ4uLI92Ih2rmNyP4wzP9xZrQp48FHirOhV/aerZPc=" + }, + "metis": { + "type": "Git", + "fetchType": "git", + "branch": "master", + "revision": "f8898110f4aa32c5384af605e727bfea9b0bd2de", + "url": "https://git.dgnum.eu/DGNum/metis", + "hash": "sha256-WrQCoe8h848nkQQfZnshsOdoY2NP5gAsl24hXpzDnR8=", + "lastModified": 1737730724, + "submodules": false + }, + "microvm.nix": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "RaitoBezarius", + "repo": "microvm.nix", + "branch": "main", + "revision": "49899c9a4fdf75320785e79709bf1608c34caeb8", + "url": "https://github.com/RaitoBezarius/microvm.nix/archive/49899c9a4fdf75320785e79709bf1608c34caeb8.tar.gz", + "hash": "sha256-nn/kta8Od0T2k5+xQj+S2PNqOmxsDdHNaIv8eNtX5ms=" + }, + "nix-actions": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "06847b3256df402da0475dccb290832ec92a9f8c", + "url": "https://git.dgnum.eu/DGNum/nix-actions.git", + "hash": "sha256-2xOZdKiUfcriQFKG37vY96dgCJLndhLa7cGacq8+SA8=", + "lastModified": 1746294989, + "submodules": false + }, + "nix-modules": { + "type": "Git", + "fetchType": "git", + "branch": "dgnum", + "revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f", + "url": "https://git.hubrecht.ovh/hubrecht/nix-modules", + "hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA=", + "lastModified": 1746016692, + "submodules": false + }, + "nix-pkgs": { + "type": "Git", + "fetchType": "git", + "branch": "dgnum", + "revision": "7a0e2e660b26ddd67bb8132beb6b13e3a69003a4", + "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs", + "hash": "sha256-1uzLfSTvB8UXN9zbzQr2cQXjARIXw1cBwPK6mA9GoXc=", + "lastModified": 1745005124, + "submodules": false + }, + "nix-reuse": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "45633dc6a0512cbbb010bc615b5d1b6e46e57597", + "url": "https://git.dgnum.eu/DGNum/nix-reuse", + "hash": "sha256-xr63AvDLp+RS0F7qwuOoWNENuepPbpuHLe4VPS85XBQ=", + "lastModified": 1737547777, + "submodules": false + }, + "nixos-24.05": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "NixOS", + "repo": "nixpkgs", + "branch": "nixos-24.05", + "revision": "b134951a4c9f", + "url": "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f.tar.gz", + "hash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=" + }, + "nixos-24.11": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "NixOS", + "repo": "nixpkgs", + "branch": "nixos-24.11", + "revision": "bf3287dac860", + "url": "https://github.com/NixOS/nixpkgs/archive/bf3287dac860.tar.gz", + "hash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=" + }, + "nixos-25.05": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "NixOS", + "repo": "nixpkgs", + "branch": "nixos-25.05", + "revision": "70c74b02eac4", + "url": "https://github.com/NixOS/nixpkgs/archive/70c74b02eac4.tar.gz", + "hash": "sha256-N5waoqWt8aMr/MykZjSErOokYH6rOsMMXu3UOVH5kiw=" + }, + "nixos-unstable": { + "type": "GitHub", + "fetchType": "tarball", + "owner": "NixOS", + "repo": "nixpkgs", + "branch": "nixos-unstable", + "revision": "d89fc19e405c", + "url": "https://github.com/NixOS/nixpkgs/archive/d89fc19e405c.tar.gz", + "hash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=" + }, + "proxmox-nixos": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "91c96a414e14835b84adbf775f793739a5851fab", + "url": "https://github.com/SaumonNet/proxmox-nixos.git", + "hash": "sha256-YYbR1o5qTPUxpaVhkJcOGjghNGbIBQmivXAgNTFDxqU=", + "lastModified": 1743764738, + "submodules": false + }, + "signal-irc-bridge": { + "type": "Git", + "fetchType": "git", + "branch": "master", + "revision": "52a370b29ff2edbec63e192e782b934823263ef2", + "url": "https://git.dgnum.eu/mdebray/signal-irc-bridge", + "hash": "sha256-sR8v7bheOigZ08VAv/AX9wFNmMZQEUqEwX3V9wW68tc=", + "lastModified": 1744031004, + "submodules": false + }, + "snix-cache": { + "type": "Git", + "fetchType": "git", + "branch": "main", + "revision": "62346b99c2e1085203bc2e5bb5f07e7773977b49", + "url": "https://git.dgnum.eu/DGNum/snix-cache.git", + "hash": "sha256-6BYUWwzitWF2EV8wvJOlqensJ3x4f4ka+iZ9Zy5XnWI=", + "lastModified": 1744711329, + "submodules": false + }, + "stateless-uptime-kuma": { + "type": "Git", + "fetchType": "git", + "branch": "master", + "revision": "d378d1ce00c676fa22ef0808cf73f3e1c34e0191", + "url": "https://git.dgnum.eu/mdebray/stateless-uptime-kuma", + "hash": "sha256-Dq0Kk6inCrxsxRfpYJVDZ45pMW/OZ3AAecmgF+yIZQI=", + "lastModified": 1734436346, + "submodules": false + }, + "wp4nix": { + "type": "Git", + "fetchType": "git", + "branch": "master", + "revision": "2fc9a0734168cab536e3129efa6397d6cd3ac89f", + "url": "https://git.helsinki.tools//helsinki-systems/wp4nix", + "hash": "sha256-abwqAZGsWuWqfxou8XlqedBvXsUw1/xanSgljLCJxdM=", + "lastModified": 1743397420, + "submodules": false + } + } +} diff --git a/lon.nix b/lon.nix new file mode 100644 index 0000000..a88d448 --- /dev/null +++ b/lon.nix @@ -0,0 +1,53 @@ +# Generated by lon. Do not modify! +let + + lock = builtins.fromJSON (builtins.readFile ./lon.lock); + + # Override with a path defined in an environment variable. If no variable is + # set, the original path is used. + overrideFromEnv = + name: path: + let + replacement = builtins.getEnv "LON_OVERRIDE_${name}"; + in + if replacement == "" then + path + else + # this turns the string into an actual Nix path (for both absolute and + # relative paths) + if builtins.substring 0 1 replacement == "/" then + /. + replacement + else + /. + builtins.getEnv "PWD" + "/${replacement}"; + + fetchSource = + args@{ fetchType, ... }: + if fetchType == "git" then + builtins.fetchGit ( + { + url = args.url; + ref = args.branch; + rev = args.revision; + narHash = args.hash; + submodules = args.submodules; + } + // ( + if args ? lastModified then + { + inherit (args) lastModified; + shallow = true; + } + else + { } + ) + ) + else if fetchType == "tarball" then + builtins.fetchTarball { + url = args.url; + sha256 = args.hash; + } + else + builtins.throw "Unsupported source type ${fetchType}"; + +in +builtins.mapAttrs (name: args: overrideFromEnv name (fetchSource args)) lock.sources diff --git a/machines/nixos/compute01/arkheon.nix b/machines/nixos/compute01/arkheon.nix index 65dc676..e416f1e 100644 --- a/machines/nixos/compute01/arkheon.nix +++ b/machines/nixos/compute01/arkheon.nix @@ -5,7 +5,7 @@ { config, sources, ... }: { - nixpkgs.overlays = [ (import (sources.arkheon.outPath + "/overlay.nix")) ]; + nixpkgs.overlays = [ (import (sources.arkheon + "/overlay.nix")) ]; services.arkheon = { enable = true; diff --git a/machines/nixos/compute01/signal-irc-bridge.nix b/machines/nixos/compute01/signal-irc-bridge.nix index ff82cd3..c7abb80 100644 --- a/machines/nixos/compute01/signal-irc-bridge.nix +++ b/machines/nixos/compute01/signal-irc-bridge.nix @@ -9,7 +9,7 @@ ... }: { - imports = [ (import (sources.signal-irc-bridge.outPath + "/module.nix")) ]; + imports = [ (import (sources.signal-irc-bridge + "/module.nix")) ]; services.signal-irc-bridge = { enable = true; diff --git a/meta/README.md b/meta/README.md index ddbb5e3..baaeec5 100644 --- a/meta/README.md +++ b/meta/README.md @@ -46,7 +46,7 @@ Machines can use different versions of NixOS, the supported ones are specified h - Run the following command ```bash -npins add channel nixos-$VERSION +lon add github --name nixos-$VERSION NixOS/nixpkgs nixos-$VERSION ``` - Edit `meta/nixpkgs.nix` and add `$VERSION` to the supported version. diff --git a/npins/default.nix b/npins/default.nix deleted file mode 100644 index 1fb84ae..0000000 --- a/npins/default.nix +++ /dev/null @@ -1,145 +0,0 @@ -/* - This file is provided under the MIT licence: - - Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: - - The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. - - THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -*/ -# Generated by npins. Do not modify; will be overwritten regularly -let - data = builtins.fromJSON (builtins.readFile ./sources.json); - version = data.version; - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 - range = - first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 - stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); - - # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 - stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); - concatStrings = builtins.concatStringsSep ""; - - # If the environment variable NPINS_OVERRIDE_${name} is set, then use - # the path directly as opposed to the fetched source. - # (Taken from Niv for compatibility) - mayOverride = - name: path: - let - envVarName = "NPINS_OVERRIDE_${saneName}"; - saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name; - ersatz = builtins.getEnv envVarName; - in - if ersatz == "" then - path - else - # this turns the string into an actual Nix path (for both absolute and - # relative paths) - builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" ( - if builtins.substring 0 1 ersatz == "/" then - /. + ersatz - else - /. + builtins.getEnv "PWD" + "/${ersatz}" - ); - - mkSource = - name: spec: - assert spec ? type; - let - path = - if spec.type == "Git" then - mkGitSource spec - else if spec.type == "GitRelease" then - mkGitSource spec - else if spec.type == "PyPi" then - mkPyPiSource spec - else if spec.type == "Channel" then - mkChannelSource spec - else if spec.type == "Tarball" then - mkTarballSource spec - else - builtins.throw "Unknown source type ${spec.type}"; - in - spec // { outPath = mayOverride name path; }; - - mkGitSource = - { - repository, - revision, - url ? null, - submodules, - hash, - ... - }: - assert repository ? type; - # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository - # In the latter case, there we will always be an url to the tarball - if url != null && !submodules then - builtins.fetchTarball { - inherit url; - sha256 = hash; - } - else - let - url = - if repository.type == "Git" then - repository.url - else if repository.type == "GitHub" then - "https://github.com/${repository.owner}/${repository.repo}.git" - else if repository.type == "GitLab" then - "${repository.server}/${repository.repo_path}.git" - else - throw "Unrecognized repository type ${repository.type}"; - urlToName = - url: rev: - let - matched = builtins.match "^.*/([^/]*)(\\.git)?$" url; - - short = builtins.substring 0 7 rev; - - appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else ""; - in - "${if matched == null then "source" else builtins.head matched}${appendShort}"; - name = urlToName url revision; - in - builtins.fetchGit { - rev = revision; - narHash = hash; - allRefs = true; - - inherit name submodules url; - }; - - mkPyPiSource = - { url, hash, ... }: - builtins.fetchurl { - inherit url; - sha256 = hash; - }; - - mkChannelSource = - { url, hash, ... }: - builtins.fetchTarball { - inherit url; - sha256 = hash; - }; - - mkTarballSource = - { - url, - locked_url ? url, - hash, - ... - }: - builtins.fetchTarball { - url = locked_url; - sha256 = hash; - }; -in -if version == 6 then - builtins.mapAttrs mkSource data.pins -else - throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" diff --git a/npins/sources.json b/npins/sources.json deleted file mode 100644 index db2068c..0000000 --- a/npins/sources.json +++ /dev/null @@ -1,381 +0,0 @@ -{ - "pins": { - "agenix": { - "type": "GitRelease", - "repository": { - "type": "GitHub", - "owner": "ryantm", - "repo": "agenix" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "0.15.0", - "revision": "564595d0ad4be7277e07fa63b5a991b3c645655d", - "url": "https://api.github.com/repos/ryantm/agenix/tarball/refs/tags/0.15.0", - "hash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=" - }, - "arkheon": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "RaitoBezarius", - "repo": "arkheon" - }, - "branch": "main", - "submodules": false, - "revision": "3eea876b29217d01cf2ef03ea9fdd8779d28ad04", - "url": "https://github.com/RaitoBezarius/arkheon/archive/3eea876b29217d01cf2ef03ea9fdd8779d28ad04.tar.gz", - "hash": "sha256-+R6MhTXuSzNeGQiL4DQwlP5yNhmnhbf7pQWPUWgcZSM=" - }, - "cas-eleves": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/cas-eleves.git" - }, - "branch": "main", - "submodules": false, - "revision": "bdbb2a6c772144813bd75316080f5fecd2c5cc9e", - "url": null, - "hash": "sha256-kQDO331t2YsrDoVGHzftU6Y96VXfWNzgI7QmeBNCGTA=" - }, - "cgroup-exporter": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "arianvp", - "repo": "cgroup-exporter" - }, - "branch": "main", - "submodules": false, - "revision": "97b83d6d495b3cb6f959a4368fd93ac342d23706", - "url": "https://github.com/arianvp/cgroup-exporter/archive/97b83d6d495b3cb6f959a4368fd93ac342d23706.tar.gz", - "hash": "sha256-MP45mdfhZ3MjpL0sJolZ0GkY3Le8QoUDqS+loPtxu2I=" - }, - "colmena": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/colmena" - }, - "branch": "main", - "submodules": false, - "revision": "b5135dc8af1d7637b337cc2632990400221da577", - "url": null, - "hash": "sha256-7gg+K3PEYlN0sGPgDlmnM8zgDDIV505gNcwjFN61Qvk=" - }, - "dgsi": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/dgsi.git" - }, - "branch": "main", - "submodules": false, - "revision": "fbf6385e65400802a3f9f75f7cd91d5c01373d1b", - "url": null, - "hash": "sha256-aOUI69wbMm9+KVWwcMw5TgVnk3DfjOzE4OEyYTD8XPU=" - }, - "disko": { - "type": "GitRelease", - "repository": { - "type": "GitHub", - "owner": "nix-community", - "repo": "disko" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "v1.11.0", - "revision": "cdf8deded8813edfa6e65544f69fdd3a59fa2bb4", - "url": "https://api.github.com/repos/nix-community/disko/tarball/refs/tags/v1.11.0", - "hash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=" - }, - "dns.nix": { - "type": "GitRelease", - "repository": { - "type": "GitHub", - "owner": "nix-community", - "repo": "dns.nix" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "v1.2.0", - "revision": "a3196708a56dee76186a9415c187473b94e6cbae", - "url": "https://api.github.com/repos/nix-community/dns.nix/tarball/refs/tags/v1.2.0", - "hash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=" - }, - "git-hooks": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "cachix", - "repo": "git-hooks.nix" - }, - "branch": "master", - "submodules": false, - "revision": "fa466640195d38ec97cf0493d6d6882bc4d14969", - "url": "https://github.com/cachix/git-hooks.nix/archive/fa466640195d38ec97cf0493d6d6882bc4d14969.tar.gz", - "hash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=" - }, - "kadenios": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/kadenios.git" - }, - "branch": "main", - "submodules": false, - "revision": "4fd9e3a2117f54c4184b02fd3aef31626fcad149", - "url": null, - "hash": "sha256-32alJ/9M+Vaa+zSzmoMgB1+f2h4GYP3OiJ8odRMeCdw=" - }, - "kat-pkgs": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/lbailly/kat-pkgs" - }, - "branch": "master", - "submodules": false, - "revision": "19b3de953c4d4e8888b90019db81852f8ad39dbb", - "url": null, - "hash": "sha256-bWO5dHrwZWF2EbCuSzxigaKkJdNCBQx5nD1J/u2pdNg=" - }, - "liminix": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/liminix" - }, - "branch": "main", - "submodules": false, - "revision": "1322de1ee0cdb19fead79e12ab279ee0b575019a", - "url": null, - "hash": "sha256-k5QjFRwKK8Hw7bl6XwOHiwr7hmTtBMdOUWieNKM10x4=" - }, - "linkal": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "JulienMalka", - "repo": "Linkal" - }, - "branch": "main", - "submodules": false, - "revision": "085630bf369b68d2264baca020efc94c877d78e6", - "url": "https://github.com/JulienMalka/Linkal/archive/085630bf369b68d2264baca020efc94c877d78e6.tar.gz", - "hash": "sha256-nQ22VdXMO6M+rIsrPYHGmt7Zi7VWt9BeuF7WM+U2glQ=" - }, - "lix": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.lix.systems/lix-project/lix.git" - }, - "branch": "main", - "submodules": false, - "revision": "d169c092fc28838a253be136d17fe7de1292c728", - "url": null, - "hash": "sha256-gsPA3AAGi3pucRpzJbhWWyyOBv2/2OjAjU/SlcSE8Vc=" - }, - "lix-module": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.lix.systems/lix-project/nixos-module.git" - }, - "branch": "main", - "submodules": false, - "revision": "fa69ae26cc32dda178117b46487c2165c0e08316", - "url": null, - "hash": "sha256-MB/b/xcDKqaVBxJIIxwb81r8ZiGLeKEcqokATRRroo8=" - }, - "metis": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/metis" - }, - "branch": "master", - "submodules": false, - "revision": "f8898110f4aa32c5384af605e727bfea9b0bd2de", - "url": null, - "hash": "sha256-WrQCoe8h848nkQQfZnshsOdoY2NP5gAsl24hXpzDnR8=" - }, - "microvm.nix": { - "type": "Git", - "repository": { - "type": "GitHub", - "owner": "RaitoBezarius", - "repo": "microvm.nix" - }, - "branch": "main", - "submodules": false, - "revision": "49899c9a4fdf75320785e79709bf1608c34caeb8", - "url": "https://github.com/RaitoBezarius/microvm.nix/archive/49899c9a4fdf75320785e79709bf1608c34caeb8.tar.gz", - "hash": "sha256-nn/kta8Od0T2k5+xQj+S2PNqOmxsDdHNaIv8eNtX5ms=" - }, - "nix-actions": { - "type": "GitRelease", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/nix-actions.git" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "v0.5.1", - "revision": "06847b3256df402da0475dccb290832ec92a9f8c", - "url": null, - "hash": "sha256-2xOZdKiUfcriQFKG37vY96dgCJLndhLa7cGacq8+SA8=" - }, - "nix-modules": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.hubrecht.ovh/hubrecht/nix-modules" - }, - "branch": "dgnum", - "submodules": false, - "revision": "0cdf222c07b9cbd49857ae046fb41ae9f651cc3f", - "url": null, - "hash": "sha256-VHlkJny+t1AhZ61JOeyYM1rLa4cPEoEt/5+vqAqAJgA=" - }, - "nix-pkgs": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.hubrecht.ovh/hubrecht/nix-pkgs" - }, - "branch": "dgnum", - "submodules": false, - "revision": "7a0e2e660b26ddd67bb8132beb6b13e3a69003a4", - "url": null, - "hash": "sha256-1uzLfSTvB8UXN9zbzQr2cQXjARIXw1cBwPK6mA9GoXc=" - }, - "nix-reuse": { - "type": "GitRelease", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/nix-reuse" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "v0.1.3", - "revision": "45633dc6a0512cbbb010bc615b5d1b6e46e57597", - "url": null, - "hash": "sha256-xr63AvDLp+RS0F7qwuOoWNENuepPbpuHLe4VPS85XBQ=" - }, - "nixos-24.05": { - "type": "Channel", - "name": "nixos-24.05", - "url": "https://releases.nixos.org/nixos/24.05/nixos-24.05.7376.b134951a4c9f/nixexprs.tar.xz", - "hash": "sha256-m6KS4Y44VAxk5ZnELE2dzLbjPtKRGtsprphQC6A7Erk=" - }, - "nixos-24.11": { - "type": "Channel", - "name": "nixos-24.11", - "url": "https://releases.nixos.org/nixos/24.11/nixos-24.11.717608.bf3287dac860/nixexprs.tar.xz", - "hash": "sha256-i+e1YvYG/DiWvKoEM0DhWG87ZPzkkYQwKlc0tS5jx+E=" - }, - "nixos-25.05": { - "type": "Channel", - "name": "nixos-25.05", - "url": "https://releases.nixos.org/nixos/25.05/nixos-25.05.803579.70c74b02eac4/nixexprs.tar.xz", - "hash": "sha256-0RxtgAd4gHYPFFwICal8k8hvJBOkCeTjFkh4HsqYDbE=" - }, - "nixos-unstable": { - "type": "Channel", - "name": "nixos-unstable", - "url": "https://releases.nixos.org/nixos/unstable/nixos-25.05pre797896.d89fc19e405c/nixexprs.tar.xz", - "hash": "sha256-bFJJ/qwB3VJ0nFuVYYHJXinT4tNJ2jhXTVT6SpYiFOM=" - }, - "npins": { - "type": "GitRelease", - "repository": { - "type": "GitHub", - "owner": "andir", - "repo": "npins" - }, - "pre_releases": false, - "version_upper_bound": null, - "release_prefix": null, - "submodules": false, - "version": "0.3.1", - "revision": "476671559d5879ad2f95fe21b9eb7c7541b3e718", - "url": "https://api.github.com/repos/andir/npins/tarball/refs/tags/0.3.1", - "hash": "sha256-PPk9Ve1pM3X7NfGeGb8Jiq4YDEwAjErP4xzGwLaakTU=" - }, - "proxmox-nixos": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://github.com/SaumonNet/proxmox-nixos.git" - }, - "branch": "main", - "submodules": false, - "revision": "91c96a414e14835b84adbf775f793739a5851fab", - "url": null, - "hash": "sha256-YYbR1o5qTPUxpaVhkJcOGjghNGbIBQmivXAgNTFDxqU=" - }, - "signal-irc-bridge": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/mdebray/signal-irc-bridge" - }, - "branch": "master", - "submodules": false, - "revision": "52a370b29ff2edbec63e192e782b934823263ef2", - "url": null, - "hash": "sha256-sR8v7bheOigZ08VAv/AX9wFNmMZQEUqEwX3V9wW68tc=" - }, - "snix-cache": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/DGNum/snix-cache.git" - }, - "branch": "main", - "submodules": false, - "revision": "62346b99c2e1085203bc2e5bb5f07e7773977b49", - "url": null, - "hash": "sha256-6BYUWwzitWF2EV8wvJOlqensJ3x4f4ka+iZ9Zy5XnWI=" - }, - "stateless-uptime-kuma": { - "type": "Git", - "repository": { - "type": "Git", - "url": "https://git.dgnum.eu/mdebray/stateless-uptime-kuma" - }, - "branch": "master", - "submodules": false, - "revision": "d378d1ce00c676fa22ef0808cf73f3e1c34e0191", - "url": null, - "hash": "sha256-Dq0Kk6inCrxsxRfpYJVDZ45pMW/OZ3AAecmgF+yIZQI=" - }, - "wp4nix": { - "type": "Git", - "repository": { - "type": "GitLab", - "repo_path": "helsinki-systems/wp4nix", - "server": "https://git.helsinki.tools/" - }, - "branch": "master", - "submodules": false, - "revision": "2fc9a0734168cab536e3129efa6397d6cd3ac89f", - "url": "https://git.helsinki.tools/api/v4/projects/helsinki-systems%2Fwp4nix/repository/archive.tar.gz?sha=2fc9a0734168cab536e3129efa6397d6cd3ac89f", - "hash": "sha256-abwqAZGsWuWqfxou8XlqedBvXsUw1/xanSgljLCJxdM=" - } - }, - "version": 6 -} diff --git a/patches/default.nix b/patches/default.nix index 5b8bfc2..58e390c 100644 --- a/patches/default.nix +++ b/patches/default.nix @@ -57,12 +57,7 @@ with { { _type = "url"; url = "https://github.com/ryantm/agenix/pull/292.patch"; - hash = "sha256-e45hiHF0HbCYb+3RRhy+8nNIFvefb6SZSN3xcl1mpvI="; + hash = "sha256-dO7Lvf2mdCIN6MjNcE+OS7ibaSunJ84Krqlk8ywMtwo="; } ]; - - "npins" = [ - (local ./npins/00-master.patch) - (local ./npins/01-sri-hashes.patch) - ]; } diff --git a/patches/npins/00-master.patch b/patches/npins/00-master.patch deleted file mode 100644 index 0d23fcf..0000000 --- a/patches/npins/00-master.patch +++ /dev/null @@ -1,1053 +0,0 @@ -From 66a2631df9f50d3a582ef1384ecf9ae81058c10f Mon Sep 17 00:00:00 2001 -From: piegames -Date: Fri, 2 May 2025 10:14:17 +0200 -Subject: [PATCH 1/7] small error handling improvemnent - -Printing errors to log doesn't work well when used as a library ---- - src/git.rs | 9 +++------ - 1 file changed, 3 insertions(+), 6 deletions(-) - -diff --git a/src/git.rs b/src/git.rs -index 6ac2c71..ceb8ffd 100644 ---- a/src/git.rs -+++ b/src/git.rs -@@ -635,17 +635,14 @@ async fn fetch_remote(args: &[&str]) -> Result> { - .await - .context("Failed waiting for git ls-remote subprocess")?; - if !process.status.success() { -- log::error!("git ls-remote failed. stderr output:"); -- String::from_utf8_lossy(&process.stderr) -- .split('\n') -- .for_each(|line| log::error!("> {}", line)); - anyhow::bail!( -- "git ls-remote failed with exit code {}", -+ "git ls-remote failed with exit code {}\n{}", - process - .status - .code() - .map(|code| code.to_string()) -- .unwrap_or_else(|| "None".into()) -+ .unwrap_or_else(|| "None".into()), -+ String::from_utf8_lossy(&process.stderr) - ); - } - log::debug!("git ls-remote stdout:"); - -From ddb925e70846e41ca74b6038a346d5fbdfecae6b Mon Sep 17 00:00:00 2001 -From: piegames -Date: Tue, 6 May 2025 16:50:58 +0200 -Subject: [PATCH 2/7] check all URLs beforehand - -This typically gives way better error message for little performance -cost ---- - src/git.rs | 10 ++++++---- - src/lib.rs | 14 ++++++++++++++ - src/nix.rs | 5 +++++ - 3 files changed, 25 insertions(+), 4 deletions(-) - -diff --git a/src/git.rs b/src/git.rs -index ceb8ffd..054336c 100644 ---- a/src/git.rs -+++ b/src/git.rs -@@ -624,7 +624,9 @@ impl RemoteInfo { - } - - /// Convenience wrapper around calling `git ls-remote` --async fn fetch_remote(args: &[&str]) -> Result> { -+async fn fetch_remote(url: &str, args: &[&str]) -> Result> { -+ check_url(url).await?; -+ - log::debug!("Executing `git ls-remote {}`", args.join(" ")); - let process = Command::new("git") - // Disable any interactive login attempts, failing gracefully instead -@@ -674,7 +676,7 @@ async fn fetch_remote(args: &[&str]) -> Result> { - pub async fn fetch_ref(repo: &Url, ref_: impl AsRef) -> Result { - let ref_ = ref_.as_ref(); - -- let mut remotes = fetch_remote(&["--refs", repo.as_str(), ref_]) -+ let mut remotes = fetch_remote(repo.as_str(), &["--refs", repo.as_str(), ref_]) - .await - .with_context(|| format!("Failed to get revision from remote for {} {}", repo, ref_))?; - -@@ -698,7 +700,7 @@ pub async fn fetch_branch_head(repo: &Url, branch: impl AsRef) -> Result Result> { -- let remotes = fetch_remote(&["--refs", repo.as_str(), "refs/tags/*"]) -+ let remotes = fetch_remote(repo.as_str(), &["--refs", repo.as_str(), "refs/tags/*"]) - .await - .with_context(|| format!("Failed to list tags for {}", repo))?; - -@@ -706,7 +708,7 @@ pub async fn fetch_tags(repo: &Url) -> Result> { - } - - pub async fn fetch_default_branch(repo: &Url) -> Result { -- let remotes = fetch_remote(&["--symref", repo.as_str(), "HEAD"]) -+ let remotes = fetch_remote(repo.as_str(), &["--symref", repo.as_str(), "HEAD"]) - .await - .with_context(|| format!("Failed to resolve default branch for {}", repo))?; - -diff --git a/src/lib.rs b/src/lib.rs -index f30521d..3fb73bf 100644 ---- a/src/lib.rs -+++ b/src/lib.rs -@@ -47,6 +47,20 @@ where - Ok(serde_json::from_str(&response)?) - } - -+/// Issue a http HEAD request to an URL as a quick sanity check for its validity. -+/// Doing this beforehand adds little overhead and greatly improves error messages -+async fn check_url(url: &str) -> anyhow::Result<()> { -+ log::debug!("Checking {url}"); -+ let response = build_client()?.head(url).send().await?; -+ /* Some servers don't like HEAD and will give us "405 Method Not Allowed" for that, -+ * this has nothing to do with out sanity check and can safely be ignored. -+ */ -+ if response.status() != reqwest::StatusCode::from_u16(405).unwrap() { -+ response.error_for_status()?; -+ } -+ anyhow::Ok(()) -+} -+ - /// The main trait implemented by all pins - /// - /// It comes with two associated types, `Version` and `Hashes`. Together, each of these types -diff --git a/src/nix.rs b/src/nix.rs -index 0bde5b2..947a4b2 100644 ---- a/src/nix.rs -+++ b/src/nix.rs -@@ -1,3 +1,4 @@ -+use crate::check_url; - use anyhow::{Context, Result}; - use log::debug; - -@@ -9,6 +10,8 @@ pub struct PrefetchInfo { - - pub async fn nix_prefetch_tarball(url: impl AsRef) -> Result { - let url = url.as_ref(); -+ check_url(url).await?; -+ - log::debug!( - "Executing `nix-prefetch-url --unpack --name source --type sha256 {}`", - url -@@ -44,6 +47,8 @@ pub async fn nix_prefetch_git( - submodules: bool, - ) -> Result { - let url = url.as_ref(); -+ check_url(url).await?; -+ - log::debug!( - "Executing: `nix-prefetch-git {}{} {}`", - if submodules { - -From dd32d914d555dfd54fe6e6ecec510f8154f727c8 Mon Sep 17 00:00:00 2001 -From: piegames -Date: Thu, 24 Apr 2025 13:46:35 +0200 -Subject: [PATCH 3/7] git: Refactoring around repositories - ---- - src/cli.rs | 53 +++++++---------- - src/flake.rs | 46 ++++++++------- - src/git.rs | 154 +++++++++++------------------------------------- - src/niv.rs | 11 +++- - src/versions.rs | 6 +- - 5 files changed, 93 insertions(+), 177 deletions(-) - -diff --git a/src/cli.rs b/src/cli.rs -index 95efbc6..b8ee0e6 100644 ---- a/src/cli.rs -+++ b/src/cli.rs -@@ -123,16 +123,13 @@ pub struct GitHubAddOpts { - - impl GitHubAddOpts { - pub fn add(&self) -> Result<(Option, Pin)> { -+ let repository = git::Repository::github(&self.owner, &self.repository); -+ - Ok(( - Some(self.repository.clone()), - match &self.more.branch { - Some(branch) => { -- let pin = git::GitPin::github( -- &self.owner, -- &self.repository, -- branch.clone(), -- self.more.submodules, -- ); -+ let pin = git::GitPin::new(repository, branch.clone(), self.more.submodules); - let version = self - .more - .at -@@ -142,9 +139,8 @@ impl GitHubAddOpts { - (pin, version).into() - }, - None => { -- let pin = git::GitReleasePin::github( -- &self.owner, -- &self.repository, -+ let pin = git::GitReleasePin::new( -+ repository, - self.more.pre_releases, - self.more.version_upper_bound.clone(), - self.more.release_prefix.clone(), -@@ -177,18 +173,13 @@ impl ForgejoAddOpts { - }, - _ => Err(err), - })?; -+ let repository = git::Repository::forgejo(server_url, &self.owner, &self.repository); - - Ok(( - Some(self.repository.clone()), - match &self.more.branch { - Some(branch) => { -- let pin = git::GitPin::forgejo( -- server_url, -- &self.owner, -- &self.repository, -- branch.clone(), -- self.more.submodules, -- ); -+ let pin = git::GitPin::new(repository, branch.clone(), self.more.submodules); - let version = self - .more - .at -@@ -198,10 +189,8 @@ impl ForgejoAddOpts { - (pin, version).into() - }, - None => { -- let pin = git::GitReleasePin::forgejo( -- server_url, -- &self.owner, -- &self.repository, -+ let pin = git::GitReleasePin::new( -+ repository, - self.more.pre_releases, - self.more.version_upper_bound.clone(), - self.more.release_prefix.clone(), -@@ -244,6 +233,11 @@ pub struct GitLabAddOpts { - - impl GitLabAddOpts { - pub fn add(&self) -> Result<(Option, Pin)> { -+ let repository = git::Repository::gitlab( -+ self.repo_path.join("/"), -+ Some(self.server.clone()), -+ self.private_token.clone(), -+ ); - Ok(( - Some(self.repo_path - .last() -@@ -251,23 +245,19 @@ impl GitLabAddOpts { - .clone()), - match &self.more.branch { - Some(branch) => { -- let pin = git::GitPin::gitlab( -- self.repo_path.join("/"), -+ let pin = git::GitPin::new( -+ repository, - branch.clone(), -- Some(self.server.clone()), -- self.private_token.clone(), - self.more.submodules, - ); - let version = self.more.at.as_ref().map(|at| git::GitRevision::new(at.clone())).transpose()?; - (pin, version).into() - }, - None => { -- let pin = git::GitReleasePin::gitlab( -- self.repo_path.join("/"), -- Some(self.server.clone()), -+ let pin = git::GitReleasePin::new( -+ repository, - self.more.pre_releases, - self.more.version_upper_bound.clone(), -- self.private_token.clone(), - self.more.release_prefix.clone(), - self.more.submodules, - ); -@@ -315,12 +305,13 @@ impl GitAddOpts { - Some(seg) => seg.to_owned(), - }; - let name = name.strip_suffix(".git").unwrap_or(&name); -+ let repository = git::Repository::git(url); - - Ok(( - Some(name.to_owned()), - match &self.more.branch { - Some(branch) => { -- let pin = git::GitPin::git(url, branch.clone(), self.more.submodules); -+ let pin = git::GitPin::new(repository, branch.clone(), self.more.submodules); - let version = self - .more - .at -@@ -330,8 +321,8 @@ impl GitAddOpts { - (pin, version).into() - }, - None => { -- let pin = git::GitReleasePin::git( -- url, -+ let pin = git::GitReleasePin::new( -+ repository, - self.more.pre_releases, - self.more.version_upper_bound.clone(), - self.more.release_prefix.clone(), -diff --git a/src/flake.rs b/src/flake.rs -index 3e4420d..57b4522 100644 ---- a/src/flake.rs -+++ b/src/flake.rs -@@ -76,32 +76,36 @@ impl FlakePin { - // TODO: parsing the query string to retrieve servers other than - // gitlab.com is not supported for now, but could be added. - let branch = self.fetch_default_branch("https://gitlab.com").await?; -- git::GitPin::gitlab( -- format!( -- "{}/{}", -- self.locked -- .owner -- .context("missing field owner in gitlab flake input")?, -- self.locked -- .repo -- .context("missing field repo in gitlab flake input")? -+ git::GitPin::new( -+ git::Repository::gitlab( -+ format!( -+ "{}/{}", -+ self.locked -+ .owner -+ .context("missing field owner in gitlab flake input")?, -+ self.locked -+ .repo -+ .context("missing field repo in gitlab flake input")? -+ ), -+ None, -+ None, - ), - branch, -- None, -- None, - false, - ) - .into() - }, - Github => { - let branch = self.fetch_default_branch("https://github.com").await?; -- git::GitPin::github( -- self.locked -- .owner -- .context("missing owner field in github flake input")?, -- self.locked -- .repo -- .context("missing field repo in github flake input")?, -+ git::GitPin::new( -+ git::Repository::github( -+ self.locked -+ .owner -+ .context("missing owner field in github flake input")?, -+ self.locked -+ .repo -+ .context("missing field repo in github flake input")?, -+ ), - branch, - false, - ) -@@ -112,8 +116,10 @@ impl FlakePin { - if let Some(shortened) = ref_.strip_prefix("refs/heads/") { - ref_ = shortened.to_string(); - } -- git::GitPin::git( -- self.locked.url.context("missing url on git flake input")?, -+ git::GitPin::new( -+ git::Repository::git( -+ self.locked.url.context("missing url on git flake input")?, -+ ), - ref_, - false, - ) -diff --git a/src/git.rs b/src/git.rs -index 054336c..b05e591 100644 ---- a/src/git.rs -+++ b/src/git.rs -@@ -118,6 +118,34 @@ pub enum Repository { - } - - impl Repository { -+ pub fn git(url: url::Url) -> Self { -+ Self::Git { url } -+ } -+ -+ pub fn github(owner: impl Into, repo: impl Into) -> Self { -+ Repository::GitHub { -+ owner: owner.into(), -+ repo: repo.into(), -+ } -+ } -+ -+ pub fn forgejo(server: Url, owner: impl Into, repo: impl Into) -> Self { -+ Repository::Forgejo { -+ server, -+ owner: owner.into(), -+ repo: repo.into(), -+ } -+ } -+ -+ pub fn gitlab(repo_path: String, server: Option, private_token: Option) -> Self { -+ let server = server.unwrap_or_else(|| "https://gitlab.com/".parse().unwrap()); -+ Repository::GitLab { -+ repo_path, -+ server, -+ private_token, -+ } -+ } -+ - /// Get the URL to the represented Git repository - fn git_url(&self) -> Result { - Ok(match self { -@@ -269,61 +297,9 @@ impl diff::Diff for GitPin { - } - - impl GitPin { -- pub fn git(url: Url, branch: String, submodules: bool) -> Self { -- Self { -- repository: Repository::Git { url }, -- branch, -- submodules, -- } -- } -- -- pub fn github( -- owner: impl Into, -- repo: impl Into, -- branch: String, -- submodules: bool, -- ) -> Self { -- Self { -- repository: Repository::GitHub { -- owner: owner.into(), -- repo: repo.into(), -- }, -- branch, -- submodules, -- } -- } -- -- pub fn forgejo( -- server: Url, -- owner: impl Into, -- repo: impl Into, -- branch: String, -- submodules: bool, -- ) -> Self { -+ pub fn new(repository: Repository, branch: String, submodules: bool) -> Self { - Self { -- repository: Repository::Forgejo { -- server, -- owner: owner.into(), -- repo: repo.into(), -- }, -- branch, -- submodules, -- } -- } -- -- pub fn gitlab( -- repo_path: String, -- branch: String, -- server: Option, -- private_token: Option, -- submodules: bool, -- ) -> Self { -- Self { -- repository: Repository::GitLab { -- repo_path, -- server: server.unwrap_or_else(|| "https://gitlab.com/".parse().unwrap()), -- private_token, -- }, -+ repository, - branch, - submodules, - } -@@ -426,79 +402,15 @@ impl diff::Diff for GitReleasePin { - } - - impl GitReleasePin { -- pub fn git( -- url: Url, -+ pub fn new( -+ repository: Repository, - pre_releases: bool, - version_upper_bound: Option, - release_prefix: Option, - submodules: bool, - ) -> Self { - Self { -- repository: Repository::Git { url }, -- pre_releases, -- version_upper_bound, -- release_prefix, -- submodules, -- } -- } -- -- pub fn github( -- owner: impl Into, -- repo: impl Into, -- pre_releases: bool, -- version_upper_bound: Option, -- release_prefix: Option, -- submodules: bool, -- ) -> Self { -- Self { -- repository: Repository::GitHub { -- owner: owner.into(), -- repo: repo.into(), -- }, -- pre_releases, -- version_upper_bound, -- release_prefix, -- submodules, -- } -- } -- -- pub fn forgejo( -- server: Url, -- owner: impl Into, -- repo: impl Into, -- pre_releases: bool, -- version_upper_bound: Option, -- release_prefix: Option, -- submodules: bool, -- ) -> Self { -- Self { -- repository: Repository::Forgejo { -- server, -- owner: owner.into(), -- repo: repo.into(), -- }, -- pre_releases, -- version_upper_bound, -- release_prefix, -- submodules, -- } -- } -- -- pub fn gitlab( -- repo_path: String, -- server: Option, -- pre_releases: bool, -- version_upper_bound: Option, -- private_token: Option, -- release_prefix: Option, -- submodules: bool, -- ) -> Self { -- Self { -- repository: Repository::GitLab { -- repo_path, -- server: server.unwrap_or_else(|| "https://gitlab.com/".parse().unwrap()), -- private_token, -- }, -+ repository, - pre_releases, - version_upper_bound, - release_prefix, -diff --git a/src/niv.rs b/src/niv.rs -index c1bd544..e34271e 100644 ---- a/src/niv.rs -+++ b/src/niv.rs -@@ -23,8 +23,15 @@ impl TryFrom for Pin { - - fn try_from(niv: NivPin) -> Result { - Ok(match niv.owner { -- None => git::GitPin::git(niv.repo.parse()?, niv.branch, false).into(), -- Some(owner) => git::GitPin::github(&owner, &niv.repo, niv.branch, false).into(), -+ None => { -+ git::GitPin::new(git::Repository::git(niv.repo.parse()?), niv.branch, false).into() -+ }, -+ Some(owner) => git::GitPin::new( -+ git::Repository::github(&owner, &niv.repo), -+ niv.branch, -+ false, -+ ) -+ .into(), - }) - } - } -diff --git a/src/versions.rs b/src/versions.rs -index dd42b6b..02a9fe8 100644 ---- a/src/versions.rs -+++ b/src/versions.rs -@@ -276,13 +276,13 @@ mod test { - NixPins { - pins: btreemap![ - "nixos-mailserver".into() => Pin::Git { -- input: git::GitPin::git("https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git".parse().unwrap(), "nixos-21.11".into(), false), -+ input: git::GitPin::new(git::Repository::git("https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git".parse().unwrap()), "nixos-21.11".into(), false), - version: Some(git::GitRevision::new("6e3a7b2ea6f0d68b82027b988aa25d3423787303".into()).unwrap()), - hashes: Some(git::OptionalUrlHashes { url: None, hash: "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44".into() } ), - frozen: Frozen::default(), - }, - "nixpkgs".into() => Pin::Git { -- input: git::GitPin::github("nixos", "nixpkgs", "nixpkgs-unstable".into(), false), -+ input: git::GitPin::new(git::Repository::github("nixos", "nixpkgs"), "nixpkgs-unstable".into(), false), - version: Some(git::GitRevision::new("5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2".into()).unwrap()), - hashes: Some(git::OptionalUrlHashes { url: Some("https://github.com/nixos/nixpkgs/archive/5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2.tar.gz".parse().unwrap()), hash: "1r74afnalgcbpv7b9sbdfbnx1kfj0kp1yfa60bbbv27n36vqdhbb".into() }), - frozen: Frozen::default(), -@@ -294,7 +294,7 @@ mod test { - frozen: Frozen::default(), - }, - "youtube-dl".into() => Pin::GitRelease { -- input: git::GitReleasePin::github("ytdl-org", "youtube-dl", false, None, None, false), -+ input: git::GitReleasePin::new(git::Repository::github("ytdl-org", "youtube-dl"), false, None, None, false), - version: Some(GenericVersion { version: "youtube-dl 2021.12.17".into() }), - hashes: None, - frozen: Frozen::default(), - -From 8230f25bb01f6a36147c09355f78d17b35b31bd4 Mon Sep 17 00:00:00 2001 -From: piegames -Date: Fri, 2 May 2025 11:39:07 +0200 -Subject: [PATCH 4/7] cli: Refactor and deduplicate git pin creation - -Dependency injection for the win! Now moisturize me! I feel DRY ---- - src/cli.rs | 141 +++++++++++++---------------------------------------- - 1 file changed, 33 insertions(+), 108 deletions(-) - -diff --git a/src/cli.rs b/src/cli.rs -index b8ee0e6..2b3b20b 100644 ---- a/src/cli.rs -+++ b/src/cli.rs -@@ -112,6 +112,35 @@ pub struct GenericGitAddOpts { - pub submodules: bool, - } - -+impl GenericGitAddOpts { -+ fn add(&self, repository: git::Repository) -> Result { -+ Ok(match &self.branch { -+ Some(branch) => { -+ let pin = git::GitPin::new(repository, branch.clone(), self.submodules); -+ let version = self -+ .at -+ .as_ref() -+ .map(|at| git::GitRevision::new(at.clone())) -+ .transpose()?; -+ (pin, version).into() -+ }, -+ None => { -+ let pin = git::GitReleasePin::new( -+ repository, -+ self.pre_releases, -+ self.version_upper_bound.clone(), -+ self.release_prefix.clone(), -+ self.submodules, -+ ); -+ let version = self.at.as_ref().map(|at| GenericVersion { -+ version: at.clone(), -+ }); -+ (pin, version).into() -+ }, -+ }) -+ } -+} -+ - #[derive(Debug, Parser)] - pub struct GitHubAddOpts { - pub owner: String, -@@ -125,34 +154,7 @@ impl GitHubAddOpts { - pub fn add(&self) -> Result<(Option, Pin)> { - let repository = git::Repository::github(&self.owner, &self.repository); - -- Ok(( -- Some(self.repository.clone()), -- match &self.more.branch { -- Some(branch) => { -- let pin = git::GitPin::new(repository, branch.clone(), self.more.submodules); -- let version = self -- .more -- .at -- .as_ref() -- .map(|at| git::GitRevision::new(at.clone())) -- .transpose()?; -- (pin, version).into() -- }, -- None => { -- let pin = git::GitReleasePin::new( -- repository, -- self.more.pre_releases, -- self.more.version_upper_bound.clone(), -- self.more.release_prefix.clone(), -- self.more.submodules, -- ); -- let version = self.more.at.as_ref().map(|at| GenericVersion { -- version: at.clone(), -- }); -- (pin, version).into() -- }, -- }, -- )) -+ Ok((Some(self.repository.clone()), self.more.add(repository)?)) - } - } - -@@ -175,34 +177,7 @@ impl ForgejoAddOpts { - })?; - let repository = git::Repository::forgejo(server_url, &self.owner, &self.repository); - -- Ok(( -- Some(self.repository.clone()), -- match &self.more.branch { -- Some(branch) => { -- let pin = git::GitPin::new(repository, branch.clone(), self.more.submodules); -- let version = self -- .more -- .at -- .as_ref() -- .map(|at| git::GitRevision::new(at.clone())) -- .transpose()?; -- (pin, version).into() -- }, -- None => { -- let pin = git::GitReleasePin::new( -- repository, -- self.more.pre_releases, -- self.more.version_upper_bound.clone(), -- self.more.release_prefix.clone(), -- self.more.submodules, -- ); -- let version = self.more.at.as_ref().map(|at| GenericVersion { -- version: at.clone(), -- }); -- (pin, version).into() -- }, -- }, -- )) -+ Ok((Some(self.repository.clone()), self.more.add(repository)?)) - } - } - -@@ -243,30 +218,7 @@ impl GitLabAddOpts { - .last() - .ok_or_else(|| anyhow::format_err!("GitLab repository path must at least have one element (usually two: owner, repo)"))? - .clone()), -- match &self.more.branch { -- Some(branch) => { -- let pin = git::GitPin::new( -- repository, -- branch.clone(), -- self.more.submodules, -- ); -- let version = self.more.at.as_ref().map(|at| git::GitRevision::new(at.clone())).transpose()?; -- (pin, version).into() -- }, -- None => { -- let pin = git::GitReleasePin::new( -- repository, -- self.more.pre_releases, -- self.more.version_upper_bound.clone(), -- self.more.release_prefix.clone(), -- self.more.submodules, -- ); -- let version = self.more.at.as_ref().map(|at| GenericVersion { -- version: at.clone(), -- }); -- (pin, version).into() -- }, -- }, -+ self.more.add(repository)?, - )) - } - } -@@ -307,34 +259,7 @@ impl GitAddOpts { - let name = name.strip_suffix(".git").unwrap_or(&name); - let repository = git::Repository::git(url); - -- Ok(( -- Some(name.to_owned()), -- match &self.more.branch { -- Some(branch) => { -- let pin = git::GitPin::new(repository, branch.clone(), self.more.submodules); -- let version = self -- .more -- .at -- .as_ref() -- .map(|at| git::GitRevision::new(at.clone())) -- .transpose()?; -- (pin, version).into() -- }, -- None => { -- let pin = git::GitReleasePin::new( -- repository, -- self.more.pre_releases, -- self.more.version_upper_bound.clone(), -- self.more.release_prefix.clone(), -- self.more.submodules, -- ); -- let version = self.more.at.as_ref().map(|at| GenericVersion { -- version: at.clone(), -- }); -- (pin, version).into() -- }, -- }, -- )) -+ Ok((Some(name.to_owned()), self.more.add(repository)?)) - } - } - - -From 2a7a0e9262c6634ee734f9e633c84221c27265a3 Mon Sep 17 00:00:00 2001 -From: piegames -Date: Fri, 2 May 2025 14:09:47 +0200 -Subject: [PATCH 5/7] git: Disable interactive host key prompting - ---- - src/git.rs | 1 + - src/nix.rs | 1 + - 2 files changed, 2 insertions(+) - -diff --git a/src/git.rs b/src/git.rs -index b05e591..921b2b2 100644 ---- a/src/git.rs -+++ b/src/git.rs -@@ -543,6 +543,7 @@ async fn fetch_remote(url: &str, args: &[&str]) -> Result> { - let process = Command::new("git") - // Disable any interactive login attempts, failing gracefully instead - .env("GIT_TERMINAL_PROMPT", "0") -+ .env("GIT_SSH_COMMAND", "ssh -o StrictHostKeyChecking=yes") - .arg("ls-remote") - .args(args) - .output() -diff --git a/src/nix.rs b/src/nix.rs -index 947a4b2..2248079 100644 ---- a/src/nix.rs -+++ b/src/nix.rs -@@ -66,6 +66,7 @@ pub async fn nix_prefetch_git( - let output = output - // Disable any interactive login attempts, failing gracefully instead - .env("GIT_TERMINAL_PROMPT", "0") -+ .env("GIT_SSH_COMMAND", "ssh -o StrictHostKeyChecking=yes") - .arg(url) - .arg(git_ref.as_ref()) - .output() - -From 1fad9027f51a2a6f5d8568f4dff96e58dd7dc8ee Mon Sep 17 00:00:00 2001 -From: piegames -Date: Fri, 2 May 2025 16:44:45 +0200 -Subject: [PATCH 6/7] git: Resolve ambiguity with GitHub API - -Currently pins fail when trying to fetch a release on a repo that has a -branch with the same name ---- - src/git.rs | 38 ++++++++++++++++++++++++++++++++++++-- - test.nix | 6 +++--- - 2 files changed, 39 insertions(+), 5 deletions(-) - -diff --git a/src/git.rs b/src/git.rs -index 921b2b2..334e9d1 100644 ---- a/src/git.rs -+++ b/src/git.rs -@@ -229,7 +229,7 @@ impl Repository { - Repository::Git { .. } => None, - Repository::GitHub { owner, repo } => Some( - format!( -- "{github_api}/repos/{owner}/{repo}/tarball/{tag}", -+ "{github_api}/repos/{owner}/{repo}/tarball/refs/tags/{tag}", - github_api = get_github_api_url(), - owner = owner, - repo = repo, -@@ -938,7 +938,7 @@ mod test { - ReleasePinHashes { - revision: "35be5b2b2c3431de1100996487d53134f658b866".into(), - url: Some( -- "https://api.github.com/repos/jstutters/MidiOSC/tarball/v1.1" -+ "https://api.github.com/repos/jstutters/MidiOSC/tarball/refs/tags/v1.1" - .parse() - .unwrap() - ), -@@ -948,6 +948,40 @@ mod test { - Ok(()) - } - -+ // That repo has a tag and a branch with the same name, and the naive endpoint for -+ // GitHub which usually works then returns -+ // { -+ // "message": "'0.2.1' has multiple possibilities: https://github.com/alexfedosov/AFHorizontalDayPicker/tarball/refs/heads/0.2.1, https://github.com/alexfedosov/AFHorizontalDayPicker/tarball/refs/tags/0.2.1", -+ // "documentation_url": "https://docs.github.com/rest/repos/contents#download-a-repository-archive-tar", -+ // "status": "300" -+ // } -+ #[tokio::test] -+ async fn test_github_release_ambiguous() -> Result<()> { -+ let pin = GitReleasePin { -+ repository: Repository::github("alexfedosov", "AFHorizontalDayPicker"), -+ pre_releases: false, -+ version_upper_bound: None, -+ release_prefix: None, -+ submodules: false, -+ }; -+ let version = GenericVersion { -+ version: "0.2.1".into(), -+ }; -+ assert_eq!( -+ pin.fetch(&version).await?, -+ ReleasePinHashes { -+ revision: "ca59ad1dc1b55108f1d17f20bdf443aad3e2f0f5".into(), -+ url: Some( -+ "https://api.github.com/repos/alexfedosov/AFHorizontalDayPicker/tarball/refs/tags/0.2.1" -+ .parse() -+ .unwrap() -+ ), -+ hash: "0arqpja90n3yy767x0ckwg4biqm4igcpa0vznvx3daaywjkb1v7v".into(), -+ } -+ ); -+ Ok(()) -+ } -+ - #[tokio::test] - async fn test_forgejo_update() -> Result<()> { - let pin = GitPin { -diff --git a/test.nix b/test.nix -index caf5533..f61a4c6 100644 ---- a/test.nix -+++ b/test.nix -@@ -338,7 +338,7 @@ let - ln -s ${gitRepo} "${repoPath}.git" - - # Mock the releases -- tarballPath="api/repos/${repoPath}/tarball" -+ tarballPath="api/repos/${repoPath}/tarball/refs/tags" - mkdir -p $tarballPath - archivePath="${repoPath}/archive" - mkdir -p $archivePath -@@ -604,7 +604,7 @@ in - # Check version and url - eq "$(jq -r .pins.bar.version npins/sources.json)" "v0.2" - eq "$(jq -r .pins.bar.revision npins/sources.json)" "$(resolveGitCommit ${gitRepo} v0.2)" -- eq "$(jq -r .pins.bar.url npins/sources.json)" "http://localhost:8000/api/repos/foo/bar/tarball/v0.2" -+ eq "$(jq -r .pins.bar.url npins/sources.json)" "http://localhost:8000/api/repos/foo/bar/tarball/refs/tags/v0.2" - ''; - }; - -@@ -695,7 +695,7 @@ in - eq "$(jq -r .pins.foo2.version npins/sources.json)" "v0.5" - eq "$(jq -r .pins.foo.revision npins/sources.json)" "$(resolveGitCommit ${repositories."owner/foo"})" - eq "$(jq -r .pins.foo2.revision npins/sources.json)" "$(resolveGitCommit ${repositories."owner/foo"})" -- eq "$(jq -r .pins.foo.url npins/sources.json)" "http://localhost:8000/api/repos/owner/foo/tarball/v0.5" -+ eq "$(jq -r .pins.foo.url npins/sources.json)" "http://localhost:8000/api/repos/owner/foo/tarball/refs/tags/v0.5" - # release pins with submodules don't have a URL - eq "$(jq -r .pins.foo2.url npins/sources.json)" "null" - ''; - -From a419d89b5739e6e43b57931212c3aa5c60c0f562 Mon Sep 17 00:00:00 2001 -From: piegames -Date: Fri, 9 May 2025 15:46:52 +0200 -Subject: [PATCH 7/7] version: Generalize mechanism to allow for non-trivial - version upgrades - -Inspired by code by Tom Hubrecht in #139 ---- - src/versions.rs | 87 +++++++++++++++++++++++++++++++------------------ - 1 file changed, 55 insertions(+), 32 deletions(-) - -diff --git a/src/versions.rs b/src/versions.rs -index 02a9fe8..003402f 100644 ---- a/src/versions.rs -+++ b/src/versions.rs -@@ -54,38 +54,57 @@ pub fn upgrade(mut pins_raw: Map) -> Result { - ) - })?; - -- /* This is where the upgrading happens (at the moment we don't have any versions to upgrade from) */ -- match version { -- 0 => { -- let pins = pins_raw -- .get_mut("pins") -- .and_then(Value::as_object_mut) -- .ok_or_else(|| anyhow::format_err!("sources.json must contain a `pins` object"))?; -- for (name, pin) in pins.iter_mut() { -- upgrade_v0_pin( -- name, -- pin.as_object_mut() -- .ok_or_else(|| anyhow::format_err!("Pin {} must be an object", name))?, -- ) -- .context(anyhow::format_err!( -- "Pin {} could not be upgraded to the latest format version", -- name -- ))?; -- } -- }, -- // All these versions are already handled by serde default fields -- 1 | 2 | 3 | 4 => { -- log::info!("There is nothing to do"); -- }, -- 5 => { -- log::info!("sources.json is already up to date"); -- }, -- unknown => { -- anyhow::bail!( -- "Unknown format version {}, maybe try updating the application?", -- unknown -- ); -- }, -+ /* A generic wrapper that updates all pins individually with a provided upgrade function. -+ * This can be used in all cases where only the pin structure and not the overall file structure -+ * changes, which should actually be most cases. -+ */ -+ fn generic_upgrader( -+ pins_raw: &mut Map, -+ update_pin_fn: fn(&str, &mut Map) -> Result<()>, -+ ) -> Result<()> { -+ let pins = pins_raw -+ .get_mut("pins") -+ .and_then(Value::as_object_mut) -+ .ok_or_else(|| anyhow::format_err!("sources.json must contain a `pins` object"))?; -+ for (name, pin) in pins.iter_mut() { -+ update_pin_fn( -+ name, -+ pin.as_object_mut() -+ .ok_or_else(|| anyhow::format_err!("Pin {} must be an object", name))?, -+ ) -+ .context(anyhow::format_err!("Pin {} could not be upgraded", name))?; -+ } -+ Ok(()) -+ } -+ -+ /* Registry for version upgrade closures. Every uprade is registered for a version and will -+ * modify `pins_raw` to be of its following version. -+ * Most version upgrades are handled by serde default fields and don't need any special treatment. -+ * They are omitted here; Only non-trivial upgrades should be inserted. -+ */ -+ type Upgrader = Box) -> Result<()>>; -+ let version_upgraders: BTreeMap = [( -+ 0, -+ Box::new(|pins_raw: &mut Map| generic_upgrader(pins_raw, upgrade_v0_pin)) -+ as Upgrader, -+ )] -+ .into_iter() -+ .collect(); -+ -+ /* Some quick version checks to provide better user feedback */ -+ if version > LATEST { -+ anyhow::bail!( -+ "Unknown format version {}, maybe try updating the application?", -+ version -+ ); -+ } else if version == LATEST { -+ log::info!("sources.json is already up to date"); -+ } else { -+ for (v, upgrader) in version_upgraders.range(version..) { -+ log::info!("Upgrading to v{}", v + 1); -+ upgrader(&mut pins_raw)?; -+ } -+ log::info!("Upgrade complete"); - } - - /* Set the new version */ -@@ -107,6 +126,10 @@ macro_rules! rename { - }} - } - -+/* v0→v1. This upgrade changes the structure of git pins from a Git/GitHub/GitHubRelease split -+ * to a Git/GitRelease split where both kinds of pin can handle all types of repositories (GitHub or not) -+ * via the `Repository` struct. -+ */ - fn upgrade_v0_pin(name: &str, raw_pin: &mut Map) -> Result<()> { - log::debug!("Updating {} to v1", name); - - diff --git a/patches/npins/01-sri-hashes.patch b/patches/npins/01-sri-hashes.patch deleted file mode 100644 index 544da90..0000000 --- a/patches/npins/01-sri-hashes.patch +++ /dev/null @@ -1,962 +0,0 @@ -From 6d86eb4b9884f46a38baaafd6a048cbfdc6a6b9b Mon Sep 17 00:00:00 2001 -From: Tom Hubrecht -Date: Tue, 6 May 2025 18:32:31 +0200 -Subject: [PATCH] feat: Use SRI hashes for locking pins - -Here, we: -- Switch to using SRI hashes for all locked inputs -- Add support for narHash in fetchGit - -It is a follow-up of #87 using snix nix-compat crate for manipulating -hashes - -Co-authored-by: Raito Bezarius ---- - Cargo.lock | 386 +++++++++++++++++++++++++++++++++++++++++++++++- - Cargo.toml | 2 + - npins.nix | 4 + - src/default.nix | 10 +- - src/git.rs | 22 +-- - src/nix.rs | 20 ++- - src/pypi.rs | 20 ++- - src/versions.rs | 40 +++-- - 8 files changed, 466 insertions(+), 38 deletions(-) - -diff --git a/Cargo.lock b/Cargo.lock -index fc0b0df..6345d09 100644 ---- a/Cargo.lock -+++ b/Cargo.lock -@@ -120,12 +120,38 @@ version = "0.22.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" - -+[[package]] -+name = "base64ct" -+version = "1.7.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "89e25b6adfb930f02d1981565a6e5d9c547ac15a96606256d3b59040e5cd4ca3" -+ - [[package]] - name = "bitflags" - version = "2.9.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "5c8214115b7bf84099f1309324e63141d4c5d7cc26862f97a0a857dbefe165bd" - -+[[package]] -+name = "block-buffer" -+version = "0.10.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" -+dependencies = [ -+ "generic-array", -+] -+ -+[[package]] -+name = "bstr" -+version = "1.12.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "234113d19d0d7d613b40e86fb654acf958910802bcceab913a4f9e7cda03b1a4" -+dependencies = [ -+ "memchr", -+ "regex-automata", -+ "serde", -+] -+ - [[package]] - name = "bumpalo" - version = "3.17.0" -@@ -205,6 +231,21 @@ version = "1.0.3" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "5b63caa9aa9397e2d9480a9b13673856c78d8ac123288526c37d7839f2a86990" - -+[[package]] -+name = "const-oid" -+version = "0.9.6" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" -+ -+[[package]] -+name = "cpufeatures" -+version = "0.2.17" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" -+dependencies = [ -+ "libc", -+] -+ - [[package]] - name = "crossterm" - version = "0.28.1" -@@ -216,6 +257,69 @@ dependencies = [ - "rustix", - ] - -+[[package]] -+name = "crypto-common" -+version = "0.1.6" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" -+dependencies = [ -+ "generic-array", -+ "typenum", -+] -+ -+[[package]] -+name = "curve25519-dalek" -+version = "4.1.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" -+dependencies = [ -+ "cfg-if", -+ "cpufeatures", -+ "curve25519-dalek-derive", -+ "digest", -+ "fiat-crypto", -+ "rustc_version", -+ "subtle", -+ "zeroize", -+] -+ -+[[package]] -+name = "curve25519-dalek-derive" -+version = "0.1.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "syn", -+] -+ -+[[package]] -+name = "data-encoding" -+version = "2.9.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "2a2330da5de22e8a3cb63252ce2abb30116bf5265e89c0e01bc17015ce30a476" -+ -+[[package]] -+name = "der" -+version = "0.7.10" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" -+dependencies = [ -+ "const-oid", -+ "zeroize", -+] -+ -+[[package]] -+name = "digest" -+version = "0.10.7" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" -+dependencies = [ -+ "block-buffer", -+ "crypto-common", -+] -+ - [[package]] - name = "displaydoc" - version = "0.2.5" -@@ -227,6 +331,41 @@ dependencies = [ - "syn", - ] - -+[[package]] -+name = "ed25519" -+version = "2.2.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "115531babc129696a58c64a4fef0a8bf9e9698629fb97e9e40767d235cfbcd53" -+dependencies = [ -+ "pkcs8", -+ "signature", -+] -+ -+[[package]] -+name = "ed25519-dalek" -+version = "2.1.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "4a3daa8e81a3963a60642bcc1f90a670680bd4a77535faa384e9d1c79d620871" -+dependencies = [ -+ "curve25519-dalek", -+ "ed25519", -+ "serde", -+ "sha2", -+ "subtle", -+ "zeroize", -+] -+ -+[[package]] -+name = "enum-primitive-derive" -+version = "0.3.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "ba7795da175654fe16979af73f81f26a8ea27638d8d9823d317016888a63dc4c" -+dependencies = [ -+ "num-traits", -+ "quote", -+ "syn", -+] -+ - [[package]] - name = "env_filter" - version = "0.1.3" -@@ -265,6 +404,12 @@ dependencies = [ - "windows-sys 0.59.0", - ] - -+[[package]] -+name = "fiat-crypto" -+version = "0.2.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" -+ - [[package]] - name = "fnv" - version = "1.0.7" -@@ -369,6 +514,16 @@ dependencies = [ - "slab", - ] - -+[[package]] -+name = "generic-array" -+version = "0.14.7" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" -+dependencies = [ -+ "typenum", -+ "version_check", -+] -+ - [[package]] - name = "getrandom" - version = "0.2.15" -@@ -402,6 +557,12 @@ version = "0.31.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "07e28edb80900c19c28f1072f2e8aeca7fa06b23cd4169cefe1af5aa3260783f" - -+[[package]] -+name = "glob" -+version = "0.3.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "a8d1add55171497b4705a648c6b583acafb01d58050a51727785f0b2c8e0a2b2" -+ - [[package]] - name = "hashbrown" - version = "0.15.2" -@@ -719,6 +880,16 @@ version = "0.2.172" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa" - -+[[package]] -+name = "libmimalloc-sys" -+version = "0.1.42" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "ec9d6fac27761dabcd4ee73571cdb06b7022dc99089acbe5435691edffaac0f4" -+dependencies = [ -+ "cc", -+ "libc", -+] -+ - [[package]] - name = "linux-raw-sys" - version = "0.4.15" -@@ -753,6 +924,15 @@ version = "2.7.4" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "78ca9ab1a0babb1e7d5695e3530886289c18cf2f87ec19a575a0abdce112e3a3" - -+[[package]] -+name = "mimalloc" -+version = "0.1.46" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "995942f432bbb4822a7e9c3faa87a695185b0d09273ba85f097b54f4e458f2af" -+dependencies = [ -+ "libmimalloc-sys", -+] -+ - [[package]] - name = "mime" - version = "0.3.17" -@@ -779,6 +959,53 @@ dependencies = [ - "windows-sys 0.52.0", - ] - -+[[package]] -+name = "nix-compat" -+version = "0.1.0" -+source = "git+https://git.snix.dev/snix/snix#4749964f06a7aa20ee19c5f7b3c97079e5c67911" -+dependencies = [ -+ "bitflags", -+ "bstr", -+ "bytes", -+ "data-encoding", -+ "ed25519", -+ "ed25519-dalek", -+ "enum-primitive-derive", -+ "futures", -+ "glob", -+ "mimalloc", -+ "nix-compat-derive", -+ "nom", -+ "num-traits", -+ "num_enum", -+ "pin-project-lite", -+ "serde", -+ "serde_json", -+ "sha2", -+ "thiserror", -+ "tokio", -+ "tracing", -+] -+ -+[[package]] -+name = "nix-compat-derive" -+version = "0.1.0" -+source = "git+https://git.snix.dev/snix/snix#4749964f06a7aa20ee19c5f7b3c97079e5c67911" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "syn", -+] -+ -+[[package]] -+name = "nom" -+version = "8.0.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "df9761775871bdef83bee530e60050f7e54b1105350d6884eb0fb4f46c2f9405" -+dependencies = [ -+ "memchr", -+] -+ - [[package]] - name = "npins" - version = "0.3.1" -@@ -787,11 +1014,13 @@ dependencies = [ - "async-trait", - "clap", - "crossterm", -+ "data-encoding", - "env_logger", - "futures", - "lenient_semver_parser", - "lenient_version", - "log", -+ "nix-compat", - "reqwest", - "serde", - "serde_json", -@@ -799,6 +1028,36 @@ dependencies = [ - "url", - ] - -+[[package]] -+name = "num-traits" -+version = "0.2.19" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" -+dependencies = [ -+ "autocfg", -+] -+ -+[[package]] -+name = "num_enum" -+version = "0.7.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "4e613fc340b2220f734a8595782c551f1250e969d87d3be1ae0579e8d4065179" -+dependencies = [ -+ "num_enum_derive", -+] -+ -+[[package]] -+name = "num_enum_derive" -+version = "0.7.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "af1844ef2428cc3e1cb900be36181049ef3d3193c63e43026cfe202983b27a56" -+dependencies = [ -+ "proc-macro-crate", -+ "proc-macro2", -+ "quote", -+ "syn", -+] -+ - [[package]] - name = "object" - version = "0.36.7" -@@ -855,6 +1114,16 @@ version = "0.1.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" - -+[[package]] -+name = "pkcs8" -+version = "0.10.2" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7" -+dependencies = [ -+ "der", -+ "spki", -+] -+ - [[package]] - name = "ppv-lite86" - version = "0.2.21" -@@ -864,6 +1133,15 @@ dependencies = [ - "zerocopy", - ] - -+[[package]] -+name = "proc-macro-crate" -+version = "3.3.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "edce586971a4dfaa28950c6f18ed55e0406c1ab88bbce2c6f6293a7aaba73d35" -+dependencies = [ -+ "toml_edit", -+] -+ - [[package]] - name = "proc-macro2" - version = "1.0.94" -@@ -949,7 +1227,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "3779b94aeb87e8bd4e834cee3650289ee9e0d5677f976ecdb6d219e5f4f6cd94" - dependencies = [ - "rand_chacha", -- "rand_core", -+ "rand_core 0.9.3", - "zerocopy", - ] - -@@ -960,7 +1238,16 @@ source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" - dependencies = [ - "ppv-lite86", -- "rand_core", -+ "rand_core 0.9.3", -+] -+ -+[[package]] -+name = "rand_core" -+version = "0.6.4" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" -+dependencies = [ -+ "getrandom 0.2.15", - ] - - [[package]] -@@ -1079,6 +1366,15 @@ version = "2.1.1" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "357703d41365b4b27c590e3ed91eabb1b663f07c4c084095e60cbed4362dff0d" - -+[[package]] -+name = "rustc_version" -+version = "0.4.1" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" -+dependencies = [ -+ "semver", -+] -+ - [[package]] - name = "rustix" - version = "0.38.44" -@@ -1153,6 +1449,12 @@ version = "1.2.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" - -+[[package]] -+name = "semver" -+version = "1.0.26" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "56e6fa9c48d24d85fb3de5ad847117517440f6beceb7798af16b4a87d616b8d0" -+ - [[package]] - name = "serde" - version = "1.0.219" -@@ -1198,6 +1500,17 @@ dependencies = [ - "serde", - ] - -+[[package]] -+name = "sha2" -+version = "0.10.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" -+dependencies = [ -+ "cfg-if", -+ "cpufeatures", -+ "digest", -+] -+ - [[package]] - name = "shlex" - version = "1.3.0" -@@ -1213,6 +1526,15 @@ dependencies = [ - "libc", - ] - -+[[package]] -+name = "signature" -+version = "2.2.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" -+dependencies = [ -+ "rand_core 0.6.4", -+] -+ - [[package]] - name = "slab" - version = "0.4.9" -@@ -1238,6 +1560,16 @@ dependencies = [ - "windows-sys 0.52.0", - ] - -+[[package]] -+name = "spki" -+version = "0.7.3" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" -+dependencies = [ -+ "base64ct", -+ "der", -+] -+ - [[package]] - name = "stable_deref_trait" - version = "1.2.0" -@@ -1370,6 +1702,23 @@ dependencies = [ - "tokio", - ] - -+[[package]] -+name = "toml_datetime" -+version = "0.6.9" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "3da5db5a963e24bc68be8b17b6fa82814bb22ee8660f192bb182771d498f09a3" -+ -+[[package]] -+name = "toml_edit" -+version = "0.22.26" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "310068873db2c5b3e7659d2cc35d21855dbafa50d1ce336397c666e3cb08137e" -+dependencies = [ -+ "indexmap", -+ "toml_datetime", -+ "winnow", -+] -+ - [[package]] - name = "tower" - version = "0.5.2" -@@ -1404,9 +1753,21 @@ source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "784e0ac535deb450455cbfa28a6f0df145ea1bb7ae51b821cf5e7927fdcfbdd0" - dependencies = [ - "pin-project-lite", -+ "tracing-attributes", - "tracing-core", - ] - -+[[package]] -+name = "tracing-attributes" -+version = "0.1.28" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "395ae124c09f9e6918a2310af6038fba074bcf474ac352496d5910dd59a2226d" -+dependencies = [ -+ "proc-macro2", -+ "quote", -+ "syn", -+] -+ - [[package]] - name = "tracing-core" - version = "0.1.33" -@@ -1422,6 +1783,12 @@ version = "0.2.5" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" - -+[[package]] -+name = "typenum" -+version = "1.18.0" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" -+ - [[package]] - name = "unicode-ident" - version = "1.0.18" -@@ -1464,6 +1831,12 @@ version = "0.2.2" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "06abde3611657adf66d383f00b093d7faecc7fa57071cce2578660c9f1010821" - -+[[package]] -+name = "version_check" -+version = "0.9.5" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" -+ - [[package]] - name = "want" - version = "0.3.1" -@@ -1769,6 +2142,15 @@ version = "0.53.0" - source = "registry+https://github.com/rust-lang/crates.io-index" - checksum = "271414315aff87387382ec3d271b52d7ae78726f5d44ac98b4f4030c91880486" - -+[[package]] -+name = "winnow" -+version = "0.7.10" -+source = "registry+https://github.com/rust-lang/crates.io-index" -+checksum = "c06928c8748d81b05c9be96aad92e1b6ff01833332f281e8cfca3be4b35fc9ec" -+dependencies = [ -+ "memchr", -+] -+ - [[package]] - name = "wit-bindgen-rt" - version = "0.39.0" -diff --git a/Cargo.toml b/Cargo.toml -index b603f77..badbe24 100644 ---- a/Cargo.toml -+++ b/Cargo.toml -@@ -32,6 +32,8 @@ futures = "0.3.31" - clap = { version = "4.5", features = [ "derive", "env" ], optional = true } - crossterm = { version = "0.28.1", default-features = false, optional = true } - env_logger = { version = "^0.11.0", features = ["color", "auto-color", "regex"], default-features = false, optional = true } -+nix-compat = { git = "https://git.snix.dev/snix/snix", version = "0.1.0" } -+data-encoding = "2.9.0" - - [dev-dependencies] - env_logger = { version = "^0.11.0", features = ["color", "auto-color", "regex"], default-features = false } -diff --git a/npins.nix b/npins.nix -index 912d431..dfdcda8 100644 ---- a/npins.nix -+++ b/npins.nix -@@ -51,6 +51,10 @@ let - version = cargoToml.package.version; - cargoLock = { - lockFile = src + "/Cargo.lock"; -+ -+ outputHashes = { -+ "nix-compat-0.1.0" = "sha256-U9pAde6R2yoP8ivnoNX/1rve+ALrDk8+4R2BKoGzg24="; -+ }; - }; - - inherit src; -diff --git a/src/default.nix b/src/default.nix -index 6592476..fc9ebc5 100644 ---- a/src/default.nix -+++ b/src/default.nix -@@ -82,7 +82,7 @@ let - if url != null && !submodules then - builtins.fetchTarball { - inherit url; -- sha256 = hash; # FIXME: check nix version & use SRI hashes -+ sha256 = hash; - } - else - let -@@ -109,9 +109,9 @@ let - in - builtins.fetchGit { - rev = revision; -- inherit name; -- # hash = hash; -- inherit url submodules; -+ narHash = hash; -+ -+ inherit name submodules url; - }; - - mkPyPiSource = -@@ -140,7 +140,7 @@ let - sha256 = hash; - }; - in --if version == 5 then -+if version == 6 then - builtins.mapAttrs mkSource data.pins - else - throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`" -diff --git a/src/git.rs b/src/git.rs -index 334e9d1..c7c5241 100644 ---- a/src/git.rs -+++ b/src/git.rs -@@ -852,7 +852,7 @@ mod test { - pin.fetch(&version).await?, - OptionalUrlHashes { - url: None, -- hash: "17giznxp84h53jsm334dkp1fz6x9ff2yqfkq34ihq0ray1x3yhyd".into(), -+ hash: "sha256-zUM/evAqAwwjGXg67IVzqZvvwp2NjFG1HAUSdLv98Z0=".into(), - } - ); - Ok(()) -@@ -880,7 +880,7 @@ mod test { - pin.fetch(&version).await?, - ReleasePinHashes { - url: None, -- hash: "0q06gjh6129bfs0x072xicmq0q2psnq6ckf05p1jfdxwl7jljg06".into(), -+ hash: "sha256-BjxJ5aG8NyfDLcBNZrDVV2CAK4tdHNCBdiuJYKB8BmA=".into(), - revision: "35be5b2b2c3431de1100996487d53134f658b866".into(), - } - ); -@@ -908,7 +908,7 @@ mod test { - pin.fetch(&version).await?, - OptionalUrlHashes { - url: Some("https://github.com/oliverwatkins/swing_library/archive/1edb0a9cebe046cc915a218c57dbf7f40739aeee.tar.gz".parse().unwrap()), -- hash: "17giznxp84h53jsm334dkp1fz6x9ff2yqfkq34ihq0ray1x3yhyd".into(), -+ hash: "sha256-zUM/evAqAwwjGXg67IVzqZvvwp2NjFG1HAUSdLv98Z0=".into(), - } - ); - Ok(()) -@@ -942,7 +942,7 @@ mod test { - .parse() - .unwrap() - ), -- hash: "0q06gjh6129bfs0x072xicmq0q2psnq6ckf05p1jfdxwl7jljg06".into(), -+ hash: "sha256-BjxJ5aG8NyfDLcBNZrDVV2CAK4tdHNCBdiuJYKB8BmA=".into(), - } - ); - Ok(()) -@@ -976,7 +976,7 @@ mod test { - .parse() - .unwrap() - ), -- hash: "0arqpja90n3yy767x0ckwg4biqm4igcpa0vznvx3daaywjkb1v7v".into(), -+ hash: "sha256-++ywpuReqTb6tn8DddmLpOK4yOOTgX7M8X5YkJS8OCs=".into(), - } - ); - Ok(()) -@@ -1004,7 +1004,7 @@ mod test { - pin.fetch(&version).await?, - OptionalUrlHashes { - url: Some("https://git.lix.systems/lix-project/lix/archive/4bbdb2f5564b9b42bcaf0e1eec28325300f31c72.tar.gz".parse().unwrap()), -- hash: "03rygh7i9wzl6mhha6cv5q26iyzwy8l59d5cq4r6j5kpss9l1hn3".into(), -+ hash: "sha256-w8JAk9Z3Fmkyway0VCjy/PtoBC6bGQVhNfTzFA98Pg8=".into(), - } - ); - Ok(()) -@@ -1039,7 +1039,7 @@ mod test { - .parse() - .unwrap() - ), -- hash: "1iyylsiv1n6mf6rbi4k4fm5nv24a940cwfz92gk9fx6axh2kxjbz".into(), -+ hash: "sha256-f8k+BezKdJfmE+k7zgBJiohtS3VkkriycdXYsKOm3sc=".into(), - } - ); - Ok(()) -@@ -1067,7 +1067,7 @@ mod test { - pin.fetch(&version).await?, - OptionalUrlHashes { - url: Some("https://gitlab.com/api/v4/projects/maxigaz%2Fgitlab-dark/repository/archive.tar.gz?sha=e7145078163692697b843915a665d4f41139a65c".parse().unwrap()), -- hash: "0nmcr0g0cms4yx9wsgbyvxyvdlqwa9qdb8179g47rs0y04iylcsv".into(), -+ hash: "sha256-WzPqIwEe6HzISyeg1XBSHNO2fd9+Pc1T90RXBh7IrFo=".into(), - } - ); - Ok(()) -@@ -1100,7 +1100,7 @@ mod test { - url: Some("https://gitlab.com/api/v4/projects/maxigaz%2Fgitlab-dark/repository/archive.tar.gz?ref=v1.16.0" - .parse() - .unwrap()), -- hash: "0nmcr0g0cms4yx9wsgbyvxyvdlqwa9qdb8179g47rs0y04iylcsv".into(), -+ hash: "sha256-WzPqIwEe6HzISyeg1XBSHNO2fd9+Pc1T90RXBh7IrFo=".into(), - } - ); - Ok(()) -@@ -1128,7 +1128,7 @@ mod test { - pin.fetch(&version).await?, - OptionalUrlHashes { - url: Some("https://gitlab.gnome.org/api/v4/projects/Archive%2Fgnome-games/repository/archive.tar.gz?sha=bca2071b6923d45d9aabac27b3ea1e40f5fa3006".parse().unwrap()), -- hash: "0pn7mdj56flvvlhm96igx8g833sslzgypfb2a4zv7lj8z3kiikmg".into(), -+ hash: "sha256-r84Y5/hI0rM/UWK569+nWo+BHuovmlQh3Zs6U2Srx14=".into(), - } - ); - Ok(()) -@@ -1159,7 +1159,7 @@ mod test { - ReleasePinHashes { - revision: "2c89145d52d072a4ca5da900c2676d890bfab1ff".into(), - url: Some("https://gitlab.gnome.org/api/v4/projects/Archive%2Fgnome-games/repository/archive.tar.gz?ref=40.0".parse().unwrap()), -- hash: "0pn7mdj56flvvlhm96igx8g833sslzgypfb2a4zv7lj8z3kiikmg".into(), -+ hash: "sha256-r84Y5/hI0rM/UWK569+nWo+BHuovmlQh3Zs6U2Srx14=".into(), - } - ); - Ok(()) -diff --git a/src/nix.rs b/src/nix.rs -index 2248079..499e0e7 100644 ---- a/src/nix.rs -+++ b/src/nix.rs -@@ -1,5 +1,6 @@ - use crate::check_url; - use anyhow::{Context, Result}; -+use data_encoding::BASE64; - use log::debug; - - #[allow(unused)] -@@ -8,6 +9,16 @@ pub struct PrefetchInfo { - hash: String, - } - -+pub fn hash_to_sri(s: &str, algo: &str) -> Result { -+ let hash = nix_compat::nixhash::from_str(s, Some(algo))?; -+ -+ Ok(format!( -+ "{}-{}", -+ hash.algo(), -+ BASE64.encode(hash.digest_as_bytes()) -+ )) -+} -+ - pub async fn nix_prefetch_tarball(url: impl AsRef) -> Result { - let url = url.as_ref(); - check_url(url).await?; -@@ -37,8 +48,11 @@ pub async fn nix_prefetch_tarball(url: impl AsRef) -> Result { - } - - let stdout = String::from_utf8_lossy(&output.stdout); -- log::debug!("Got hash: {}", stdout); -- Ok(String::from(stdout.trim())) -+ let hash = stdout.trim(); -+ -+ log::debug!("Got sha256: {}", hash); -+ -+ hash_to_sri(&hash, "sha256") - } - - pub async fn nix_prefetch_git( -@@ -111,5 +125,5 @@ pub async fn nix_prefetch_git( - let info: NixPrefetchGitResponse = serde_json::from_slice(&output.stdout) - .context("Failed to deserialize nix-pfetch-git JSON response.")?; - -- Ok(info.sha256) -+ hash_to_sri(&info.sha256, "sha256") - } -diff --git a/src/pypi.rs b/src/pypi.rs -index 51191d2..5d744ef 100644 ---- a/src/pypi.rs -+++ b/src/pypi.rs -@@ -1,6 +1,6 @@ - //! Pin a PyPi package - --use crate::*; -+use crate::{nix::hash_to_sri, *}; - use anyhow::{Context, Result}; - use lenient_version::Version; - use serde::{Deserialize, Serialize}; -@@ -125,11 +125,15 @@ impl Updatable for Pin { - anyhow::format_err!("Unsupported package: must contain some \"source\" download",) - })?; - -- let hash = latest_source.digests.remove("sha256").ok_or_else(|| { -- anyhow::format_err!( -- "JSON metadata is invalid: must contain a `sha256` entry within `digests`", -- ) -- })?; -+ let hash = latest_source -+ .digests -+ .remove("sha256") -+ .ok_or_else(|| { -+ anyhow::format_err!( -+ "JSON metadata is invalid: must contain a `sha256` entry within `digests`", -+ ) -+ }) -+ .and_then(|s| hash_to_sri(&s, "sha256"))?; - - Ok(GenericUrlHashes { - hash, -@@ -190,7 +194,7 @@ mod test { - assert_eq!( - pin.fetch(&version).await?, - GenericUrlHashes { -- hash: "3953b158b7b690642d68cd6beb1d59f6e10526f2ee10a6fb4636a913cc95e718".into(), -+ hash: "sha256-OVOxWLe2kGQtaM1r6x1Z9uEFJvLuEKb7RjapE8yV5xg=".into(), - url: "https://files.pythonhosted.org/packages/d1/d5/0c270c22d61ff6b883d0f24956f13e904b131b5ac2829e0af1cda99d70b1/gaiatest-0.34.tar.gz".parse().unwrap(), - } - ); -@@ -216,7 +220,7 @@ mod test { - assert_eq!( - pin.fetch(&version).await?, - GenericUrlHashes { -- hash: "39d09c6627255fcf39c938937995665b6377799c4fa141f6b481bcb5e6a688ac".into(), -+ hash: "sha256-OdCcZiclX885yTiTeZVmW2N3eZxPoUH2tIG8teamiKw=".into(), - url: "https://files.pythonhosted.org/packages/fd/75/6e72889c3b154a179040b94963a50901966ff30b68600271df374b2ded7a/streamlit-0.89.0.tar.gz".parse().unwrap(), - } - ); -diff --git a/src/versions.rs b/src/versions.rs -index 003402f..a65c995 100644 ---- a/src/versions.rs -+++ b/src/versions.rs -@@ -1,11 +1,12 @@ - //! Versioning support for the save format - - use super::*; -+use crate::nix::hash_to_sri; - use anyhow::{Context, Result}; - use serde_json::{json, Map, Value}; - - /// The current format version --pub const LATEST: u64 = 5; -+pub const LATEST: u64 = 6; - - /// Custom manual deserialize wrapper that checks the version - pub fn from_value_versioned(value: Value) -> Result { -@@ -83,11 +84,18 @@ pub fn upgrade(mut pins_raw: Map) -> Result { - * They are omitted here; Only non-trivial upgrades should be inserted. - */ - type Upgrader = Box) -> Result<()>>; -- let version_upgraders: BTreeMap = [( -- 0, -- Box::new(|pins_raw: &mut Map| generic_upgrader(pins_raw, upgrade_v0_pin)) -- as Upgrader, -- )] -+ let version_upgraders: BTreeMap = [ -+ ( -+ 0, -+ Box::new(|pins_raw: &mut Map| generic_upgrader(pins_raw, upgrade_v0_pin)) -+ as Upgrader, -+ ), -+ ( -+ 5, -+ Box::new(|pins_raw: &mut Map| generic_upgrader(pins_raw, upgrade_v5_pin)) -+ as Upgrader, -+ ), -+ ] - .into_iter() - .collect(); - -@@ -224,6 +232,20 @@ fn upgrade_v0_pin(name: &str, raw_pin: &mut Map) -> Result<()> { - Ok(()) - } - -+/* v5→v6. This upgrade changes the hashes of git and git-release pins to use SRI hashes instead of -+ * raw sha256 hashes. -+ */ -+fn upgrade_v5_pin(name: &str, raw_pin: &mut Map) -> Result<()> { -+ log::debug!("Updating {} to v6", name); -+ -+ if let Some(raw_hash) = raw_pin.remove("hash") { -+ let hash: String = serde_json::from_value(raw_hash)?; -+ raw_pin.insert("hash".into(), hash_to_sri(&hash, "sha256")?.into()); -+ } -+ -+ Ok(()) -+} -+ - #[cfg(test)] - mod test { - use super::*; -@@ -301,19 +323,19 @@ mod test { - "nixos-mailserver".into() => Pin::Git { - input: git::GitPin::new(git::Repository::git("https://gitlab.com/simple-nixos-mailserver/nixos-mailserver.git".parse().unwrap()), "nixos-21.11".into(), false), - version: Some(git::GitRevision::new("6e3a7b2ea6f0d68b82027b988aa25d3423787303".into()).unwrap()), -- hashes: Some(git::OptionalUrlHashes { url: None, hash: "1i56llz037x416bw698v8j6arvv622qc0vsycd20lx3yx8n77n44".into() } ), -+ hashes: Some(git::OptionalUrlHashes { url: None, hash: "sha256-hNhzLOp+dApEY15vwLAQZu+sjEQbJcOXCaSfAT6lpsQ=".into() } ), - frozen: Frozen::default(), - }, - "nixpkgs".into() => Pin::Git { - input: git::GitPin::new(git::Repository::github("nixos", "nixpkgs"), "nixpkgs-unstable".into(), false), - version: Some(git::GitRevision::new("5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2".into()).unwrap()), -- hashes: Some(git::OptionalUrlHashes { url: Some("https://github.com/nixos/nixpkgs/archive/5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2.tar.gz".parse().unwrap()), hash: "1r74afnalgcbpv7b9sbdfbnx1kfj0kp1yfa60bbbv27n36vqdhbb".into() }), -+ hashes: Some(git::OptionalUrlHashes { url: Some("https://github.com/nixos/nixpkgs/archive/5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2.tar.gz".parse().unwrap()), hash: "sha256-a8GGtxn2iL3WAkY5H+4E0s3Q7XJt6bTOvos9qqxT5OQ=".into() }), - frozen: Frozen::default(), - }, - "streamlit".into() => Pin::PyPi { - input: pypi::Pin { name: "streamlit".into(), version_upper_bound: None }, - version: Some(GenericVersion { version: "1.3.1".into() }), -- hashes: Some(GenericUrlHashes { url: "https://files.pythonhosted.org/packages/c3/9d/ac871992617220442832af12c3808716f4349ab05ff939d695fe8b542f00/streamlit-1.3.1.tar.gz".parse().unwrap(), hash: "adec7935c9cf774b9115b2456cf2f48c4f49b9f67159a97db0fe228357c1afdf".into() } ), -+ hashes: Some(GenericUrlHashes { url: "https://files.pythonhosted.org/packages/c3/9d/ac871992617220442832af12c3808716f4349ab05ff939d695fe8b542f00/streamlit-1.3.1.tar.gz".parse().unwrap(), hash: "sha256-rex5NcnPd0uRFbJFbPL0jE9JufZxWal9sP4ig1fBr98=".into() } ), - frozen: Frozen::default(), - }, - "youtube-dl".into() => Pin::GitRelease { diff --git a/pkgs/default.nix b/pkgs/default.nix index 3c24791..4f164fd 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -3,7 +3,7 @@ # SPDX-License-Identifier: EUPL-1.2 { - sources ? import ../npins, + sources ? import ../lon.nix, pkgs ? import sources."nixos-unstable" { }, callPackage ? pkgs.callPackage, }: diff --git a/workflows/lon-update.nix b/workflows/lon-update.nix new file mode 100644 index 0000000..36d00ee --- /dev/null +++ b/workflows/lon-update.nix @@ -0,0 +1,43 @@ +# SPDX-FileCopyrightText: 2024 Tom Hubrecht +# +# SPDX-License-Identifier: EUPL-1.2 + +{ nix-actions, ... }: + +let + inherit (nix-actions.lib) nix-shell secret; +in + +{ + name = "Update dependencies"; + on.schedule = [ + # Run every 24h + { cron = "30 13 * * *"; } + ]; + + jobs = { + update = { + runs-on = "nix"; + steps = [ + { + uses = "actions/checkout@v4"; + "with".token = secret "TEA_DGNUM_CHORES_TOKEN"; + } + { + env = { + LON_TOKEN = secret "TEA_DGNUM_CHORES_TOKEN"; + LON_USER_NAME = "DGNum [bot]"; + LON_USER_EMAIL = "admins+lon-bot@dgnum.eu"; + # LON_LABELS = "bot"; + LON_LIST_COMMITS = true; + }; + + run = nix-shell { + script = "lon bot forgejo"; + shell = "lon-update"; + }; + } + ]; + }; + }; +} diff --git a/workflows/npins-update.nix b/workflows/npins-update.nix deleted file mode 100644 index 957a80a..0000000 --- a/workflows/npins-update.nix +++ /dev/null @@ -1,98 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Tom Hubrecht -# -# SPDX-License-Identifier: EUPL-1.2 - -{ lib, nix-actions, ... }: - -let - inherit (nix-actions.lib) secret; - - inherit (lib) genAttrs mapAttrs' nameValuePair; - - dependencies = builtins.attrNames (import ../npins); -in - -{ - name = "Update dependencies"; - on.schedule = [ - # Run every 24h - { cron = "30 13 * * *"; } - ]; - - # Global environment, necessary for rebases and commits - env = rec { - GIT_AUTHOR_NAME = "HT Chores"; - GIT_AUTHOR_EMAIL = "chores@mail.hubrecht.ovh"; - GIT_COMMITTER_NAME = GIT_AUTHOR_NAME; - GIT_COMMITTER_EMAIL = GIT_AUTHOR_EMAIL; - }; - - jobs = mapAttrs' (name: nameValuePair (builtins.replaceStrings [ "." ] [ "_" ] name)) ( - genAttrs dependencies (name: { - runs-on = "nix-infra"; - steps = [ - (nix-actions.lib.steps.checkout { - fetch-depth = 0; - token = secret "TEA_DGNUM_CHORES_TOKEN"; - }) - - { - env.GIT_UPDATE_BRANCH = "npins-updates/${name}"; - - name = "Switch to a new branch"; - run = # bash - '' - if git ls-remote --exit-code --heads origin "refs/heads/$GIT_UPDATE_BRANCH"; then - git switch "$GIT_UPDATE_BRANCH" - git rebase main - echo "EXISTING_BRANCH=1" >> $GITHUB_ENV - else - git switch -C "$GIT_UPDATE_BRANCH" - echo "EXISTING_BRANCH=" >> $GITHUB_ENV - fi - ''; - } - - { - env = { - GIT_UPDATE_BRANCH = "npins-updates/${name}"; - COMMIT_MESSAGE = "chore(npins): Update ${name}"; - }; - - name = "Open a PR if updates are present"; - run = nix-actions.lib.nix-shell { - shell = "npins-shell"; - script = '' - npins update ${name} - - if ! git diff --exit-code npins/sources.json > /dev/null; then - echo "[+] Changes detected, pushing updates." - - git add npins/sources.json - - if [ -n "$EXISTING_BRANCH" ]; then - git commit --amend --no-edit - git push --force - else - git commit --message "$COMMIT_MESSAGE" - git push -u origin "$GIT_UPDATE_BRANCH" - fi - - # Connect to the server with the cli - tea login add -n dgnum-chores -t ${secret "TEA_DGNUM_CHORES_TOKEN"} -u https://git.dgnum.eu - - # Create a pull request if needed - # i.e. no PR with the same title exists - if [ -z $(tea pr ls -f='head' -o simple | grep "$GIT_UPDATE_BRANCH") ]; then - tea pr create --description "Automatic npins update" --title "$COMMIT_MESSAGE" --head "$GIT_UPDATE_BRANCH" - fi - elif [ -n "$EXISTING_BRANCH" ]; then - git push --force - fi - ''; - }; - } - ]; - }) - ); -}