Make dependabot update nix hashes

.github/workflows/dependabot-nix-update.yml

@@ -0,0 +1,44 @@
+name: Dependabot-nix-update
+
+on:
+  push:
+    branches:
+      - "dependabot/npm_and_yarn/*"
+
+jobs:
+  update_npm_deps_hash:
+    name: Update NPM dependencies hash
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
+    permissions:
+      contents: write
+    steps:
+      - name: Check Out Code
+        uses: actions/checkout@v3
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Configure Cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Update Hash
+        run: nix run .#update-nix
+
+      - name: Set up Git Config
+        run: |
+          # Configure author metadata to look like commits are made by Dependabot
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Commit changes
+        run: |
+          git add .
+          # Skip committing or pushing if there are no changes
+          if [[ $(git status -s) ]]; then
+            git commit -m "build(deps): update npm dependencies hash [dependabot skip]" --no-verify
+            git push
+            echo "Pushed an update to npm dependencies hash"
+          else
+            echo "Npm dependencies hash was not changed"
+          fi

.husky/pre-commit

@@ -18,7 +18,7 @@ if [ -x "$(/usr/bin/env which nix-shell 2>/dev/null)" ]; then
     elif [ ! -n "$(git status --porcelain=v1 2>/dev/null | grep -E '^M package-lock.json')" ]; then
       echo "package-lock.json has no changes. Skipping update of nix dependencies."
     else
-      ./nix-update.sh || exit $?
+      nix run .#nix-update || exit $?
     fi
   fi
 else

flake.nix

@@ -21,69 +21,69 @@
         hashesFile = builtins.fromJSON (builtins.readFile ./hashes.json);
         lib = pkgs.lib;
       in
-      rec {
-        packages.default = pkgs.buildNpmPackage {
-          pname = "spacebar-server-ts";
-          name = "spacebar-server-ts";
+      {
+        packages = {
+          default = pkgs.buildNpmPackage {
+            pname = "spacebar-server-ts";
+            name = "spacebar-server-ts";
 
-          meta = with lib; {
-            description = "Spacebar server, a FOSS reimplementation of the Discord backend.";
-            homepage = "https://github.com/spacebarchat/server";
-            license = licenses.agpl3Plus;
-            platforms = platforms.all;
-            mainProgram = "start-bundle";
+            meta = with lib; {
+              description = "Spacebar server, a FOSS reimplementation of the Discord backend.";
+              homepage = "https://github.com/spacebarchat/server";
+              license = licenses.agpl3Plus;
+              platforms = platforms.all;
+              mainProgram = "start-bundle";
+            };
+
+            src = ./.;
+            nativeBuildInputs = with pkgs; [ python3 ];
+            npmDepsHash = hashesFile.npmDepsHash;
+            makeCacheWritable = true;
+            postPatch = ''
+              substituteInPlace package.json --replace 'npx patch-package' '${pkgs.nodePackages.patch-package}/bin/patch-package'
+            '';
+            installPhase = ''
+              runHook preInstall
+              set -x
+              #remove packages not needed for production, or at least try to...
+              npm prune --omit dev --no-save $npmInstallFlags "''${npmInstallFlagsArray[@]}" $npmFlags "''${npmFlagsArray[@]}"
+              find node_modules -maxdepth 1 -type d -empty -delete
+
+              mkdir -p $out
+              cp -r assets dist node_modules package.json $out/
+              for i in dist/**/start.js
+              do
+                makeWrapper ${pkgs.nodejs}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/$i
+              done
+
+              set +x
+              runHook postInstall
+            '';
           };
 
-          src = ./.;
-          nativeBuildInputs = with pkgs; [ python3 ];
-          npmDepsHash = hashesFile.npmDepsHash;
-          makeCacheWritable = true;
-          postPatch = ''
-            substituteInPlace package.json --replace 'npx patch-package' '${pkgs.nodePackages.patch-package}/bin/patch-package'
-          '';
-          installPhase = ''
-            runHook preInstall
-            set -x
-            #remove packages not needed for production, or at least try to...
-            npm prune --omit dev --no-save $npmInstallFlags "''${npmInstallFlagsArray[@]}" $npmFlags "''${npmFlagsArray[@]}"
-            find node_modules -maxdepth 1 -type d -empty -delete
+          update-nix = pkgs.writeShellApplication {
+            name = "update-nix";
+            runtimeInputs = with pkgs; [
+              prefetch-npm-deps
+              nix
+              bash
+              jq
+              git
+              nix-output-monitor
+            ];
+            text = ''
+              nix flake update --extra-experimental-features 'nix-command flakes'
+              DEPS_HASH=$(prefetch-npm-deps package-lock.json)
+              TMPFILE=$(mktemp)
+              jq '.npmDepsHash = "'"$DEPS_HASH"'"' hashes.json > "$TMPFILE"
+              mv -- "$TMPFILE" hashes.json
 
-
-            #mkdir -p $out/node_modules/
-            #cp -r node_modules/* $out/node_modules/
-            #cp -r dist/ $out/node_modules/@spacebar
-            #for i in dist/**/start.js
-            #do
-            #  makeWrapper ${pkgs.nodejs-slim}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/node_modules/@spacebar`dirname ''${i/dist/}`/start.js
-            #done
-            #set +x
-            #substituteInPlace package.json --replace 'dist/' 'node_modules/@spacebar/'
-            #find $out/node_modules/@spacebar/ -type f -name "*.js" | while read srcFile; do
-            #  echo Patching imports in ''${srcFile/$out\/node_modules\/@spacebar//}...
-            #  substituteInPlace $srcFile --replace 'require("./' 'require(__dirname + "/'
-            #  substituteInPlace $srcFile --replace 'require("../' 'require(__dirname + "/../'
-            #  substituteInPlace $srcFile --replace ', "assets"' ', "..", "assets"'
-            #  #substituteInPlace $srcFile --replace 'require("@spacebar/' 'require("
-            #done
-            #set -x
-            #cp -r assets/ $out/
-            #cp package.json $out/
-            #rm -v $out/assets/openapi.json
-            ##rm -v $out/assets/schemas.json
-
-            mkdir -p $out
-            cp -r assets dist node_modules package.json $out/
-            for i in dist/**/start.js
-            do
-              makeWrapper ${pkgs.nodejs-slim}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/$i
-            done
-
-            #debug utils:
-            #cp $out/node_modules/@spacebar/ $out/build_output -r
-            set +x
-            runHook postInstall
-          '';
+              nom build .# --extra-experimental-features 'nix-command flakes' || exit $?
+              git add hashes.json flake.lock flake.nix
+            '';
+          };
         };
+
         devShell = pkgs.mkShell {
           buildInputs = with pkgs; [
             nodejs

nix-update.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i "bash -x" -p bash prefetch-npm-deps jq git nix-output-monitor
-nix flake update --extra-experimental-features 'nix-command flakes'
-DEPS_HASH=`prefetch-npm-deps package-lock.json`
-TMPFILE=$(mktemp)
-jq '.npmDepsHash = "'$DEPS_HASH'"' hashes.json > $TMPFILE
-mv -- "$TMPFILE" hashes.json
-
-nom build .# --extra-experimental-features 'nix-command flakes' || exit $?
-git add hashes.json flake.lock flake.nix