From 25274205236296d59b23ae681fe33c090fce5e52 Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Thu, 19 Oct 2023 18:29:59 -0700 Subject: [PATCH 01/12] chore: Create dependabot.yml --- .github/dependabot.yml | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5ace460 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" From 253e364265a9025681c1d5537886dc067ee6be57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 20 Oct 2023 01:30:51 +0000 Subject: [PATCH 02/12] chore(deps): bump cachix/install-nix-action from 22 to 23 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 22 to 23. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v22...v23) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index df53e4e..6daebbf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ matrix.runs-on }} steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v23 - uses: ./ - run: actionlint - run: shellcheck nix-develop-gha.sh From 297b769f73306e27b7b036dd692242f1e3586460 Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Sat, 28 Oct 2023 09:01:36 -0700 Subject: [PATCH 03/12] chore: Document --- README.md | 85 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ action.yml | 5 ++-- 2 files changed, 88 insertions(+), 2 deletions(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..35e8dec --- /dev/null +++ b/README.md @@ -0,0 +1,85 @@ +# nix-develop (for GitHub Actions) + +This is the most explicit and compatible way I know of to load a nix shell environment into a GitHub Actions job. + +## Why? + +Why would you load a nix shell environment into a GitHub Actions job? + +If you haven't heard about nix, I highly recommend reading [a good introduction for it elsewhere](https://zero-to-nix.com/), but its relevant feature for our purposes right now is that you can use it to write succint and reliably reproducible cross-platform shell environments, and this can help you [manage build dependencies very well](https://determinate.systems/posts/nix-github-actions). Currently this action cannot help you, so I wish you luck on your journey of discovery. + +If you have heard about nix, and you already have all your builds and tests expressed as derivations, then you do not need this action! Your GitHub CI workflows are just checking out the code and running `nix-build` or `nix flake check`, and they benefit from result caching and build-skipping that the rest of us can only dream of! Currently this action cannot help you, so only keep reading if you're curious. + +But finally, for the rest of us who already know the value of specifying shell environments in nix and using `nix develop`, and need to run commands in GitHub actions other _besides_ `nix-build` and `nix flake check`, this action is a better + + +## How? + +How can you use this action usefully, and how does it interact with the rest of your system? + +Think of it like running `nix develop` in a way that works exactly like any other `setup-*` action: + +- In the step where you `use:` this action, it will run `nix develop`, which evaluates and build the `devShells.default` attribute of your repository's `flake.nix` file (or its `packages.default` attribute, or any other flake reference you like, (see below)). This will download any needed packages. +- In all subsequent steps in that job, **including ones that `use:` third-party actions**, dependencies in that flake output will be added to PATH, and all environment variables in it will be present. + +(I bolded that last part because it isn't a feature I've seen in any other approach, and it's a feature I needed to install yarn via nix and then `use: actions/setup-node` to handle yarn caching. Thanks for reading!) + +In other words, rather than [this](https://github.com/DeterminateSystems/nix-github-actions/blob/main/.github/workflows/nix.yml)... +```yaml + - run: | + nix develop --command \ + cargo fmt --check + - run: | + nix develop --command \ + cargo-deny check + - run: | + nix develop --command \ + eclint \ + -exclude "Cargo.lock" + - run: | + nix develop --command \ + codespell \ + --skip target,.git \ + --ignore-words-list crate +``` + +...or even this: +```yaml + - run: cargo fmt --check + shell: nix develop --command bash -e {0} + - run: cargo-deny check + shell: nix develop --command bash -e {0} + - run: eclint \ + -exclude "Cargo.lock" + shell: nix develop --command bash -e {0} + - run: codespell \ + --skip target,.git \ + --ignore-words-list crate + shell: nix develop --command bash -e {0} +``` + +...you can do this: +```yaml + - uses: nicknovitski/nix-develop@1 + - run: cargo fmt --check + - run: cargo-deny check + - run: eclint \ + -exclude "Cargo.lock" + - run: codespell \ + --skip target,.git \ + --ignore-words-list crate +``` + +You can also pass arbitrary arguments, like using another flake reference: + +```yaml + - uses: nicknovitski/nix-develop@1 + with: + arguments: "github:DeterminateSystems/zero-to-nix#multi" +``` + +## Contributing + +Feel free! The script can be run locally with any arguments you want to test, and unsurprisingly, running `nix develop` will give you the same dependencies used to test changes in CI. + +If you use [direnv](https://direnv.net), you can also bring those dependencies into your own shell with `nix-direnv-reload`. diff --git a/action.yml b/action.yml index 3bbf3b0..f059fef 100644 --- a/action.yml +++ b/action.yml @@ -1,5 +1,6 @@ -name: nix-develop-action -description: Use nix development environments correctly with GitHub Actions +name: Nix Develop Action +description: Nix shell environments brought to GitHub Actions +author: nick novitski inputs: arguments: description: Additional arguments to pass to the `nix develop` command From 7e687c24bc21627b110f6d5285b525fd29ece4d2 Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Sat, 28 Oct 2023 09:09:50 -0700 Subject: [PATCH 04/12] chore: consistent naming in action.yml --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index f059fef..41a7a8f 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: Nix Develop Action +name: Nix Develop description: Nix shell environments brought to GitHub Actions author: nick novitski inputs: From db9709622d5fee3d77145ec81f74c64db7546398 Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Sat, 28 Oct 2023 09:16:17 -0700 Subject: [PATCH 05/12] Revert name change --- action.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/action.yml b/action.yml index 41a7a8f..f059fef 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: Nix Develop +name: Nix Develop Action description: Nix shell environments brought to GitHub Actions author: nick novitski inputs: From b01c276b7e75d26ec9f02a863d4fb17503c4589a Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Mon, 30 Oct 2023 18:27:13 -0700 Subject: [PATCH 06/12] fix: add missing "v"s in readme --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 35e8dec..002394e 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ In other words, rather than [this](https://github.com/DeterminateSystems/nix-git ...you can do this: ```yaml - - uses: nicknovitski/nix-develop@1 + - uses: nicknovitski/nix-develop@v1 - run: cargo fmt --check - run: cargo-deny check - run: eclint \ @@ -73,7 +73,7 @@ In other words, rather than [this](https://github.com/DeterminateSystems/nix-git You can also pass arbitrary arguments, like using another flake reference: ```yaml - - uses: nicknovitski/nix-develop@1 + - uses: nicknovitski/nix-develop@v1 with: arguments: "github:DeterminateSystems/zero-to-nix#multi" ``` From 66628a83dbf0cb7ef8bfb85dcc7d690cc9e98955 Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Tue, 31 Oct 2023 08:19:08 -0700 Subject: [PATCH 07/12] chore: Add workflow to keep major tags up-to-date --- .github/workflows/new-release.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 .github/workflows/new-release.yml diff --git a/.github/workflows/new-release.yml b/.github/workflows/new-release.yml new file mode 100644 index 0000000..adc2794 --- /dev/null +++ b/.github/workflows/new-release.yml @@ -0,0 +1,13 @@ +name: Release new version +on: + release: + types: [released] +permissions: + contents: write +jobs: + update-major-tag: + runs-on: ubuntu-latest + steps: + - uses: actions/publish-action@v0.2.2 + with: + source-tag: ${{ github.event.release.tag_name }} From a2060d116a50b36dfab02280af558e73ab52427d Mon Sep 17 00:00:00 2001 From: Nick Novitski Date: Tue, 7 Nov 2023 20:40:01 -0800 Subject: [PATCH 08/12] Don't --ignore-environment This leads to some surprising behavior, and I don't think it gives the benefits I thought it would. --- nix-develop-gha.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix-develop-gha.sh b/nix-develop-gha.sh index 762cb81..82d8bf5 100755 --- a/nix-develop-gha.sh +++ b/nix-develop-gha.sh @@ -6,7 +6,7 @@ set -euo pipefail IFS=" " read -r -a arguments <<<"${@:-./#default}" with_nix_develop() { - nix develop --ignore-environment "${arguments[@]}" --command "$@" + nix develop "${arguments[@]}" --command "$@" } with_nix_develop true # Exit immediately if build fails From a02cd6078eeac5dd06714d2ee9cb992d5c6e923b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Dec 2023 15:59:00 +0000 Subject: [PATCH 09/12] chore(deps): bump cachix/install-nix-action from 23 to 24 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 23 to 24. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v23...v24) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6daebbf..44a6a69 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ matrix.runs-on }} steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v23 + - uses: cachix/install-nix-action@v24 - uses: ./ - run: actionlint - run: shellcheck nix-develop-gha.sh From 4f4a58bfb220b2dd0caf5fb619f6886f814d1b08 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Dec 2023 15:37:15 +0000 Subject: [PATCH 10/12] chore(deps): bump actions/publish-action from 0.2.2 to 0.3.0 Bumps [actions/publish-action](https://github.com/actions/publish-action) from 0.2.2 to 0.3.0. - [Commits](https://github.com/actions/publish-action/compare/v0.2.2...v0.3.0) --- updated-dependencies: - dependency-name: actions/publish-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/new-release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/new-release.yml b/.github/workflows/new-release.yml index adc2794..cef7065 100644 --- a/.github/workflows/new-release.yml +++ b/.github/workflows/new-release.yml @@ -8,6 +8,6 @@ jobs: update-major-tag: runs-on: ubuntu-latest steps: - - uses: actions/publish-action@v0.2.2 + - uses: actions/publish-action@v0.3.0 with: source-tag: ${{ github.event.release.tag_name }} From 984f5bf6bc7a3e2f9d6a6243446dd5496679d914 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jan 2024 15:24:09 +0000 Subject: [PATCH 11/12] chore(deps): bump cachix/install-nix-action from 24 to 25 Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action) from 24 to 25. - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Commits](https://github.com/cachix/install-nix-action/compare/v24...v25) --- updated-dependencies: - dependency-name: cachix/install-nix-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 44a6a69..af3e503 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -14,7 +14,7 @@ jobs: runs-on: ${{ matrix.runs-on }} steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v24 + - uses: cachix/install-nix-action@v25 - uses: ./ - run: actionlint - run: shellcheck nix-develop-gha.sh From 993e93af9e171efd2be76dd614373bd559cc716d Mon Sep 17 00:00:00 2001 From: xin Date: Fri, 5 Apr 2024 04:47:05 +0000 Subject: [PATCH 12/12] Update nix-develop-gha.sh --- nix-develop-gha.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix-develop-gha.sh b/nix-develop-gha.sh index 82d8bf5..5d30db8 100755 --- a/nix-develop-gha.sh +++ b/nix-develop-gha.sh @@ -26,7 +26,7 @@ while IFS='=' read -r -d '' n v; do continue fi if (("$(wc -l <<<"$v")" > 1)); then - delimiter=$(openssl rand -base64 18) + delimiter=BzcqNQnW6x7hfGlLbvCyDlvD if contains "$delimiter" "$v"; then echo "Environment variable $n contains randomly generated string $delimiter, file an issue and buy a lottery ticket." exit 1