From 2c7d612ca247de099933d0b2e560ad1fec4b51dc Mon Sep 17 00:00:00 2001 From: "Emma [it/its]@Rory&" Date: Sun, 17 Nov 2024 20:42:23 +0100 Subject: [PATCH] Make dependabot update nix hashes --- .github/workflows/dependabot-nix-update.yml | 44 ++++++++ .husky/pre-commit | 2 +- flake.nix | 116 ++++++++++---------- nix-update.sh | 10 -- 4 files changed, 103 insertions(+), 69 deletions(-) create mode 100644 .github/workflows/dependabot-nix-update.yml delete mode 100755 nix-update.sh diff --git a/.github/workflows/dependabot-nix-update.yml b/.github/workflows/dependabot-nix-update.yml new file mode 100644 index 00000000..13441c55 --- /dev/null +++ b/.github/workflows/dependabot-nix-update.yml @@ -0,0 +1,44 @@ +name: Dependabot-nix-update + +on: + push: + branches: + - "dependabot/npm_and_yarn/*" + +jobs: + update_npm_deps_hash: + name: Update NPM dependencies hash + runs-on: ubuntu-latest + if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]' + permissions: + contents: write + steps: + - name: Check Out Code + uses: actions/checkout@v3 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main + + - name: Configure Cache + uses: DeterminateSystems/magic-nix-cache-action@main + + - name: Update Hash + run: nix run .#update-nix + + - name: Set up Git Config + run: | + # Configure author metadata to look like commits are made by Dependabot + git config user.name "${GITHUB_ACTOR}" + git config user.email "${GITHUB_ACTOR}@users.noreply.github.com" + + - name: Commit changes + run: | + git add . + # Skip committing or pushing if there are no changes + if [[ $(git status -s) ]]; then + git commit -m "build(deps): update npm dependencies hash [dependabot skip]" --no-verify + git push + echo "Pushed an update to npm dependencies hash" + else + echo "Npm dependencies hash was not changed" + fi \ No newline at end of file diff --git a/.husky/pre-commit b/.husky/pre-commit index 702231b5..6d2e7f07 100755 --- a/.husky/pre-commit +++ b/.husky/pre-commit @@ -18,7 +18,7 @@ if [ -x "$(/usr/bin/env which nix-shell 2>/dev/null)" ]; then elif [ ! -n "$(git status --porcelain=v1 2>/dev/null | grep -E '^M package-lock.json')" ]; then echo "package-lock.json has no changes. Skipping update of nix dependencies." else - ./nix-update.sh || exit $? + nix run .#nix-update || exit $? fi fi else diff --git a/flake.nix b/flake.nix index 25251c02..fd50533d 100644 --- a/flake.nix +++ b/flake.nix @@ -21,69 +21,69 @@ hashesFile = builtins.fromJSON (builtins.readFile ./hashes.json); lib = pkgs.lib; in - rec { - packages.default = pkgs.buildNpmPackage { - pname = "spacebar-server-ts"; - name = "spacebar-server-ts"; + { + packages = { + default = pkgs.buildNpmPackage { + pname = "spacebar-server-ts"; + name = "spacebar-server-ts"; - meta = with lib; { - description = "Spacebar server, a FOSS reimplementation of the Discord backend."; - homepage = "https://github.com/spacebarchat/server"; - license = licenses.agpl3Plus; - platforms = platforms.all; - mainProgram = "start-bundle"; + meta = with lib; { + description = "Spacebar server, a FOSS reimplementation of the Discord backend."; + homepage = "https://github.com/spacebarchat/server"; + license = licenses.agpl3Plus; + platforms = platforms.all; + mainProgram = "start-bundle"; + }; + + src = ./.; + nativeBuildInputs = with pkgs; [ python3 ]; + npmDepsHash = hashesFile.npmDepsHash; + makeCacheWritable = true; + postPatch = '' + substituteInPlace package.json --replace 'npx patch-package' '${pkgs.nodePackages.patch-package}/bin/patch-package' + ''; + installPhase = '' + runHook preInstall + set -x + #remove packages not needed for production, or at least try to... + npm prune --omit dev --no-save $npmInstallFlags "''${npmInstallFlagsArray[@]}" $npmFlags "''${npmFlagsArray[@]}" + find node_modules -maxdepth 1 -type d -empty -delete + + mkdir -p $out + cp -r assets dist node_modules package.json $out/ + for i in dist/**/start.js + do + makeWrapper ${pkgs.nodejs}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/$i + done + + set +x + runHook postInstall + ''; }; - src = ./.; - nativeBuildInputs = with pkgs; [ python3 ]; - npmDepsHash = hashesFile.npmDepsHash; - makeCacheWritable = true; - postPatch = '' - substituteInPlace package.json --replace 'npx patch-package' '${pkgs.nodePackages.patch-package}/bin/patch-package' - ''; - installPhase = '' - runHook preInstall - set -x - #remove packages not needed for production, or at least try to... - npm prune --omit dev --no-save $npmInstallFlags "''${npmInstallFlagsArray[@]}" $npmFlags "''${npmFlagsArray[@]}" - find node_modules -maxdepth 1 -type d -empty -delete + update-nix = pkgs.writeShellApplication { + name = "update-nix"; + runtimeInputs = with pkgs; [ + prefetch-npm-deps + nix + bash + jq + git + nix-output-monitor + ]; + text = '' + nix flake update --extra-experimental-features 'nix-command flakes' + DEPS_HASH=$(prefetch-npm-deps package-lock.json) + TMPFILE=$(mktemp) + jq '.npmDepsHash = "'"$DEPS_HASH"'"' hashes.json > "$TMPFILE" + mv -- "$TMPFILE" hashes.json - - #mkdir -p $out/node_modules/ - #cp -r node_modules/* $out/node_modules/ - #cp -r dist/ $out/node_modules/@spacebar - #for i in dist/**/start.js - #do - # makeWrapper ${pkgs.nodejs-slim}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/node_modules/@spacebar`dirname ''${i/dist/}`/start.js - #done - #set +x - #substituteInPlace package.json --replace 'dist/' 'node_modules/@spacebar/' - #find $out/node_modules/@spacebar/ -type f -name "*.js" | while read srcFile; do - # echo Patching imports in ''${srcFile/$out\/node_modules\/@spacebar//}... - # substituteInPlace $srcFile --replace 'require("./' 'require(__dirname + "/' - # substituteInPlace $srcFile --replace 'require("../' 'require(__dirname + "/../' - # substituteInPlace $srcFile --replace ', "assets"' ', "..", "assets"' - # #substituteInPlace $srcFile --replace 'require("@spacebar/' 'require(" - #done - #set -x - #cp -r assets/ $out/ - #cp package.json $out/ - #rm -v $out/assets/openapi.json - ##rm -v $out/assets/schemas.json - - mkdir -p $out - cp -r assets dist node_modules package.json $out/ - for i in dist/**/start.js - do - makeWrapper ${pkgs.nodejs-slim}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/$i - done - - #debug utils: - #cp $out/node_modules/@spacebar/ $out/build_output -r - set +x - runHook postInstall - ''; + nom build .# --extra-experimental-features 'nix-command flakes' || exit $? + git add hashes.json flake.lock flake.nix + ''; + }; }; + devShell = pkgs.mkShell { buildInputs = with pkgs; [ nodejs diff --git a/nix-update.sh b/nix-update.sh deleted file mode 100755 index 05d6d3d7..00000000 --- a/nix-update.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env nix-shell -#!nix-shell -i "bash -x" -p bash prefetch-npm-deps jq git nix-output-monitor -nix flake update --extra-experimental-features 'nix-command flakes' -DEPS_HASH=`prefetch-npm-deps package-lock.json` -TMPFILE=$(mktemp) -jq '.npmDepsHash = "'$DEPS_HASH'"' hashes.json > $TMPFILE -mv -- "$TMPFILE" hashes.json - -nom build .# --extra-experimental-features 'nix-command flakes' || exit $? -git add hashes.json flake.lock flake.nix