Merge pull request #29 from jwillikers/nix

Use Nix, add more CI, and auto-update

.bundle/config

@@ -0,0 +1,2 @@
+---
+BUNDLE_FORCE_RUBY_PLATFORM: "true"

.envrc

@@ -0,0 +1,5 @@
+if ! has nix_direnv_version || ! nix_direnv_version 3.0.6; then
+  source_url "https://raw.githubusercontent.com/nix-community/nix-direnv/3.0.6/direnvrc" "sha256-RYcUJaRMf8oF5LznDrlCXbkOQrywm0HDv1VjYGaJGdM="
+fi
+
+use flake

.github/dependabot.yaml

@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/build.yaml

@@ -0,0 +1,34 @@
+name: Build Jekyll site
+
+"on":
+  pull_request:
+    branches: [main]
+    paths:
+      - .github/workflows/build.yaml
+      - default.nix
+      - flake.lock
+      - flake.nix
+      - Gemfile
+      - Gemfile.lock
+      - gemset.nix
+      - .bundle/config
+      - .ruby-version
+      - _data/
+      - _drafts/
+      - _includes/
+      - _pages/
+      - _posts/
+      - _config.yml
+      - index.adoc
+  workflow_dispatch:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      # todo Cache bundler stuff?
+      - name: Build with Jekyll
+        run: nix build

.github/workflows/bundler-update.yaml

@@ -0,0 +1,31 @@
+name: Bundler Update
+
+"on":
+  schedule:
+    # Once a month on the 22nd
+    - cron: "0 0 22 * *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  bundler-update:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - name: Update Gem lock file
+        run: nix develop --command bundle update
+      - name: Update the hashes in the gemset.nix file
+        run: nix develop --command bundix
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          assignees: ${{ github.repository_owner }}
+          branch: "update/bundler"
+          commit-message: "chore(deps): Update Gem lock file"
+          title: "chore(deps): Update Gem lock file"
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}

.github/workflows/flake-checker.yaml

@@ -0,0 +1,14 @@
+name: Check Nix Flake
+"on":
+  pull_request:
+    branches: ["main"]
+    paths:
+      - .github/workflows/flake-checker.yaml
+      - flake.lock
+
+jobs:
+  flake-checker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/flake-checker-action@v9

.github/workflows/flake-lock-updater.yaml

@@ -0,0 +1,26 @@
+name: Flake ❄️ Lock 🔒️ Updater ✨
+
+"on":
+  schedule:
+    # Pi o'clock
+    - cron: '3 14 * * 1,5'
+  workflow_dispatch:
+
+jobs:
+  flake-lock-updater:
+    name: Flake Lock Updater
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - uses: DeterminateSystems/update-flake-lock@v24
+        with:
+          pr-assignees: ${{ github.repository_owner }}
+          pr-labels: |
+            automated
+            dependencies
+          pr-title: "chore: update flake.lock"
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}

.github/workflows/format-just.yaml

@@ -0,0 +1,20 @@
+name: Format justfiles
+"on":
+  pull_request:
+    branches: ["main"]
+    paths:
+      - .github/workflows/format-just.yaml
+      - flake.lock
+      - '**/.justfile'
+      - '**/justfile'
+      - '**/*.just'
+
+jobs:
+  format-just:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - name: Format justfile
+        run: nix develop --command just --check --fmt --unstable

.github/workflows/github-pages.yml → .github/workflows/github-pages.yaml

@@ -1,8 +1,26 @@
 name: Deploy Jekyll site to Pages
 
-on:
+"on":
   push:
     branches: [main]
+    paths:
+      - .github/workflows/github-pages.yaml
+      - default.nix
+      - flake.lock
+      - flake.nix
+      - Gemfile
+      - Gemfile.lock
+      - gemset.nix
+      - .bundle/config
+      - .ruby-version
+      - _data/
+      - _drafts/
+      - _includes/
+      - _pages/
+      - _posts/
+      - _config.yml
+      - CNAME
+      - index.adoc
   workflow_dispatch:
 
 # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
@@ -21,22 +39,19 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v3
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@55283cc23133118229fd3f97f9336ee23a179fcf # v1.146.0
-        with:
-          bundler-cache: true
-          cache-version: 0 # Increment this number if you need to re-download cached gems
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      # todo Cache bundler stuff?
       - name: Setup Pages
         id: pages
         uses: actions/configure-pages@v3
       - name: Build with Jekyll
-        run: bundle exec jekyll build --baseurl "${{ steps.pages.outputs.base_path }}"
-        env:
-          JEKYLL_ENV: production
+        run: nix build
       - name: Upload artifact
         uses: actions/upload-pages-artifact@v1
+        with:
+          path: result/srv
 
   deploy:
     environment:
@@ -52,4 +67,3 @@ jobs:
     permissions:
       pages: write      # to deploy to Pages
       id-token: write   # to verify the deployment originates from an appropriate source
-

.github/workflows/pre-commit-autoupdate.yaml

@@ -0,0 +1,31 @@
+name: Pre-commit auto-update
+
+"on":
+  schedule:
+    # Once a month on the 2nd
+    - cron: "0 0 2 * *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  pre-commit-autoupdate:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - name: Update pre-commit hooks
+        run: nix develop --command pre-commit autoupdate
+      - name: Run pre-commit hooks
+        run: nix develop --command pre-commit run --all-files
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          assignees: ${{ github.repository_owner }}
+          branch: "update/pre-commit-hooks"
+          commit-message: "chore(deps): Update pre-commit hooks"
+          title: "chore(deps): Update pre-commit hooks"
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}

.github/workflows/test-nushell.yaml

@@ -0,0 +1,18 @@
+name: Test Nushell
+"on":
+  pull_request:
+    branches: ["main"]
+    paths:
+      - .github/workflows/test-nushell.yaml
+      - flake.lock
+      - '**/*.nu'
+
+jobs:
+  test-nushell:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - name: Run the Nushell tests
+        run: nix develop --command nu update-nixos-release-tests.nu

.github/workflows/update-nixos-release.yaml

@@ -0,0 +1,28 @@
+name: Update NixOS Release
+
+"on":
+  schedule:
+    - cron: "0 0 15 5,11 *"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-nixos-release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - name: Update the NixOS release in flake.nix to the latest
+        run: nix develop --command nu update-nixos-release.nu
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          assignees: ${{ github.repository_owner }}
+          branch: "update/nixos"
+          commit-message: "chore(deps): Update NixOS release"
+          title: "chore(deps): Update NixOS release"
+          token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}

.github/workflows/yamllint.yaml

@@ -0,0 +1,20 @@
+name: yamllint
+"on":
+  pull_request:
+    branches: ["main"]
+    paths:
+      - .github/workflows/yamllint.yaml
+      - .yamllint.yaml
+      - flake.lock
+      - '**.yaml'
+      - '**.yml'
+
+jobs:
+  yamllint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v14
+      - uses: DeterminateSystems/magic-nix-cache-action@v8
+      - name: Check YAML files
+        run: nix develop --command yamllint --format github .

.gitignore

@@ -52,7 +52,6 @@ build-iPhoneSimulator/
 /bin/
 
 ## Environment normalization:
-/.bundle/
 /vendor/bundle
 /lib/bundler/man/
 
@@ -66,4 +65,10 @@ build-iPhoneSimulator/
 .rvmrc
 
 # Used by RuboCop. Remote config files pulled in from inherit_from directive.
-# .rubocop-https?--*
+# .rubocop-https?--*
+
+# direnv
+.direnv/
+
+# Nix
+result

.justfile

@@ -0,0 +1,37 @@
+default: serve
+
+alias f := format
+alias fmt := format
+
+format:
+    just --fmt --unstable
+
+alias l := lint
+
+lint:
+    yamllint .
+
+alias b := build
+
+build:
+    jekyll build
+
+alias s := serve
+
+serve:
+    jekyll serve --open-url
+
+alias t := test
+
+test:
+    nu update-nixos-release-tests.nu
+
+alias u := update
+alias up := update
+
+update: && build test
+    nu update-nixos-release.nu
+    nix flake update
+    bundle update
+    bundix
+    pre-commit autoupdate