Make dependabot update nix hashes

.github/workflows/dependabot-nix-update.yml

@@ -0,0 +1,44 @@
+name: Dependabot-nix-update
+
+on:
+  push:
+    branches:
+      - "dependabot/npm_and_yarn/*"
+
+jobs:
+  update_npm_deps_hash:
+    name: Update NPM dependencies hash
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]' || github.actor == 'dependabot-preview[bot]'
+    permissions:
+      contents: write
+    steps:
+      - name: Check Out Code
+        uses: actions/checkout@v3
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Configure Cache
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Update Hash
+        run: nix run .#update-nix
+
+      - name: Set up Git Config
+        run: |
+          # Configure author metadata to look like commits are made by Dependabot
+          git config user.name "${GITHUB_ACTOR}"
+          git config user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Commit changes
+        run: |
+          git add .
+          # Skip committing or pushing if there are no changes
+          if [[ $(git status -s) ]]; then
+            git commit -m "build(deps): update npm dependencies hash [dependabot skip]" --no-verify
+            git push
+            echo "Pushed an update to npm dependencies hash"
+          else
+            echo "Npm dependencies hash was not changed"
+          fi

.husky/pre-commit

@@ -18,7 +18,7 @@ if [ -x "$(/usr/bin/env which nix-shell 2>/dev/null)" ]; then
     elif [ ! -n "$(git status --porcelain=v1 2>/dev/null | grep -E '^M package-lock.json')" ]; then
       echo "package-lock.json has no changes. Skipping update of nix dependencies."
     else
-      ./nix-update.sh || exit $?
+      nix run .#nix-update || exit $?
     fi
   fi
 else

flake.nix

@@ -21,8 +21,9 @@
         hashesFile = builtins.fromJSON (builtins.readFile ./hashes.json);
         lib = pkgs.lib;
       in
-      rec {
-        packages.default = pkgs.buildNpmPackage {
+      {
+        packages = {
+          default = pkgs.buildNpmPackage {
             pname = "spacebar-server-ts";
             name = "spacebar-server-ts";
 
@@ -48,42 +49,41 @@
               npm prune --omit dev --no-save $npmInstallFlags "''${npmInstallFlagsArray[@]}" $npmFlags "''${npmFlagsArray[@]}"
               find node_modules -maxdepth 1 -type d -empty -delete
 
-
-            #mkdir -p $out/node_modules/
-            #cp -r node_modules/* $out/node_modules/
-            #cp -r dist/ $out/node_modules/@spacebar
-            #for i in dist/**/start.js
-            #do
-            #  makeWrapper ${pkgs.nodejs-slim}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/node_modules/@spacebar`dirname ''${i/dist/}`/start.js
-            #done
-            #set +x
-            #substituteInPlace package.json --replace 'dist/' 'node_modules/@spacebar/'
-            #find $out/node_modules/@spacebar/ -type f -name "*.js" | while read srcFile; do
-            #  echo Patching imports in ''${srcFile/$out\/node_modules\/@spacebar//}...
-            #  substituteInPlace $srcFile --replace 'require("./' 'require(__dirname + "/'
-            #  substituteInPlace $srcFile --replace 'require("../' 'require(__dirname + "/../'
-            #  substituteInPlace $srcFile --replace ', "assets"' ', "..", "assets"'
-            #  #substituteInPlace $srcFile --replace 'require("@spacebar/' 'require("
-            #done
-            #set -x
-            #cp -r assets/ $out/
-            #cp package.json $out/
-            #rm -v $out/assets/openapi.json
-            ##rm -v $out/assets/schemas.json
-
               mkdir -p $out
               cp -r assets dist node_modules package.json $out/
               for i in dist/**/start.js
               do
-              makeWrapper ${pkgs.nodejs-slim}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/$i
+                makeWrapper ${pkgs.nodejs}/bin/node $out/bin/start-`dirname ''${i/dist\//}` --prefix NODE_PATH : $out/node_modules --add-flags $out/$i
               done
 
-            #debug utils:
-            #cp $out/node_modules/@spacebar/ $out/build_output -r
               set +x
               runHook postInstall
             '';
           };
+
+          update-nix = pkgs.writeShellApplication {
+            name = "update-nix";
+            runtimeInputs = with pkgs; [
+              prefetch-npm-deps
+              nix
+              bash
+              jq
+              git
+              nix-output-monitor
+            ];
+            text = ''
+              nix flake update --extra-experimental-features 'nix-command flakes'
+              DEPS_HASH=$(prefetch-npm-deps package-lock.json)
+              TMPFILE=$(mktemp)
+              jq '.npmDepsHash = "'"$DEPS_HASH"'"' hashes.json > "$TMPFILE"
+              mv -- "$TMPFILE" hashes.json
+
+              nom build .# --extra-experimental-features 'nix-command flakes' || exit $?
+              git add hashes.json flake.lock flake.nix
+            '';
+          };
+        };
+
         devShell = pkgs.mkShell {
           buildInputs = with pkgs; [
             nodejs

nix-update.sh

@@ -1,10 +0,0 @@
-#!/usr/bin/env nix-shell
-#!nix-shell -i "bash -x" -p bash prefetch-npm-deps jq git nix-output-monitor
-nix flake update --extra-experimental-features 'nix-command flakes'
-DEPS_HASH=`prefetch-npm-deps package-lock.json`
-TMPFILE=$(mktemp)
-jq '.npmDepsHash = "'$DEPS_HASH'"' hashes.json > $TMPFILE
-mv -- "$TMPFILE" hashes.json
-
-nom build .# --extra-experimental-features 'nix-command flakes' || exit $?
-git add hashes.json flake.lock flake.nix