diff --git a/.github/workflows/release-please.yml b/.github/workflows/release-please.yml index 56137b4..1f0f833 100644 --- a/.github/workflows/release-please.yml +++ b/.github/workflows/release-please.yml @@ -17,7 +17,8 @@ jobs: - uses: googleapis/release-please-action@v4 id: release with: - release-type: go + config-file: release-please-config.json + manifest-file: .release-please-manifest.json - uses: actions/checkout@v4 with: diff --git a/.github/workflows/update-vendor-hash.yml b/.github/workflows/update-vendor-hash.yml new file mode 100644 index 0000000..b9329cf --- /dev/null +++ b/.github/workflows/update-vendor-hash.yml @@ -0,0 +1,52 @@ +name: update-vendor-hash + +on: + pull_request: + paths: + - go.sum + - flake.nix + +permissions: + contents: write + +jobs: + update-vendor-hash: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ github.head_ref }} + token: ${{ secrets.GITHUB_TOKEN }} + + - uses: DeterminateSystems/nix-installer-action@main + + - name: Update vendorHash if needed + run: | + # Try building — if vendorHash is correct, this succeeds and we're done + if nix build 2>/dev/null; then + echo "vendorHash is already correct" + exit 0 + fi + + # Extract correct hash from the error + correct_hash=$(nix build 2>&1 | grep "got:" | awk '{print $2}') + if [ -z "$correct_hash" ]; then + echo "Failed to extract correct hash" + nix build 2>&1 + exit 1 + fi + + echo "Updating vendorHash to $correct_hash" + sed -i "s|vendorHash = \".*\";|vendorHash = \"$correct_hash\";|" flake.nix + + # Verify it builds now + nix build + + - name: Commit if changed + run: | + git diff --quiet flake.nix && exit 0 + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add flake.nix + git commit -m "chore: update nix vendorHash" + git push diff --git a/.gitignore b/.gitignore index 60a20a1..ce293a8 100644 --- a/.gitignore +++ b/.gitignore @@ -31,3 +31,6 @@ go.work.sum dist/ *_string.go + +# Nix +result diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..2b6f978 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "1.9.1" +} diff --git a/flake.nix b/flake.nix index 3086c29..d3d6c45 100644 --- a/flake.nix +++ b/flake.nix @@ -6,31 +6,33 @@ outputs = { nixpkgs, ... }: let + # x-release-please-version + version = "1.9.1"; forAllSystems = f: nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ] (system: f nixpkgs.legacyPackages.${system}); in { packages = forAllSystems (pkgs: { - default = pkgs.buildGoModule rec { - name = "gsh"; - version = "v1.3.3"; - src = pkgs.fetchFromGitHub { - owner = "kunchenguid"; - repo = "gsh"; - rev = version; - hash = "sha256-kyEWFoBXuR23wM4Y17tcPmPLpcSKUXy8v857CYeyv0U="; - }; - vendorHash = "sha256-0ZzdlcI6ZdaWq9yutdrONMkshwfoiHxmLupNXo8Zjtc="; + default = pkgs.buildGoModule { + pname = "gsh"; + inherit version; + src = ./.; + # Run `nix build` with lib.fakeHash to get the correct hash + vendorHash = "sha256-Ov9D1D7lrS2JmreSJlxwVVsWCdQK0qoun9aCYXwYvL4="; + + subPackages = [ "cmd/gsh" ]; + + ldflags = [ + "-X main.BUILD_VERSION=${version}" + ]; nativeBuildInputs = with pkgs; [ which ]; # Skip tests that require network access or violate - # the filesystem sandboxing. Basically all tests tries - # to create a /homeless-shelter directory and errors with - # 'read-only file system'. + # the filesystem sandboxing. doCheck = false; }; }); diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..d83158d --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,13 @@ +{ + "packages": { + ".": { + "release-type": "go", + "extra-files": [ + { + "type": "generic", + "path": "flake.nix" + } + ] + } + } +}