From 00b3956cf667762c6f2f23cbfaddb07fa656e2eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20M=C3=BCller?= Date: Wed, 25 Feb 2026 17:20:16 +0100 Subject: [PATCH 1/4] Add `devenv` --- .gitattributes | 3 ++ .gitignore | 18 ++++++++ devenv.lock | 123 +++++++++++++++++++++++++++++++++++++++++++++++++ devenv.nix | 18 ++++++++ devenv.yaml | 15 ++++++ 5 files changed, 177 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 devenv.lock create mode 100644 devenv.nix create mode 100644 devenv.yaml diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..1867c04 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,3 @@ +# devenv +.devenv.flake.nix -merge linguist-generated +devenv.lock -merge linguist-generated diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..3d40215 --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +# Environment configuration +Makefile.local +Makefile.win.local +.env +.env.* +.envrc +.envrc.* + +# Devenv +.devenv* +devenv.local.nix +devenv.local.yaml + +# direnv +.direnv + +# pre-commit +.pre-commit-config.yaml diff --git a/devenv.lock b/devenv.lock new file mode 100644 index 0000000..d705474 --- /dev/null +++ b/devenv.lock @@ -0,0 +1,123 @@ +{ + "nodes": { + "devenv": { + "locked": { + "dir": "src/modules", + "lastModified": 1772033931, + "owner": "cachix", + "repo": "devenv", + "rev": "8fc32ee73712778da975dc15383d5310b35d50ca", + "type": "github" + }, + "original": { + "dir": "src/modules", + "owner": "cachix", + "repo": "devenv", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772024342, + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1762808025, + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "nixpkgs": { + "inputs": { + "nixpkgs-src": "nixpkgs-src" + }, + "locked": { + "lastModified": 1770434727, + "owner": "cachix", + "repo": "devenv-nixpkgs", + "rev": "8430f16a39c27bdeef236f1eeb56f0b51b33d348", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "rolling", + "repo": "devenv-nixpkgs", + "type": "github" + } + }, + "nixpkgs-src": { + "flake": false, + "locked": { + "lastModified": 1769922788, + "narHash": "sha256-H3AfG4ObMDTkTJYkd8cz1/RbY9LatN5Mk4UF48VuSXc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "207d15f1a6603226e1e223dc79ac29c7846da32e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "devenv": "devenv", + "git-hooks": "git-hooks", + "nixpkgs": "nixpkgs", + "pre-commit-hooks": [ + "git-hooks" + ] + } + } + }, + "root": "root", + "version": 7 +} diff --git a/devenv.nix b/devenv.nix new file mode 100644 index 0000000..1dbe653 --- /dev/null +++ b/devenv.nix @@ -0,0 +1,18 @@ +{ pkgs, lib, config, inputs, ... }: + +{ + git-hooks.hooks = { + actionlint.enable = true; + check-toml.enable = true; + check-vcs-permalinks.enable = true; + markdownlint.enable = true; + shellcheck = { + enable = true; + excludes = [ + ".*\.zsh$" + ]; + }; + typos.enable = true; + zizmor.enable = true; + }; +} diff --git a/devenv.yaml b/devenv.yaml new file mode 100644 index 0000000..116a2ad --- /dev/null +++ b/devenv.yaml @@ -0,0 +1,15 @@ +# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json +inputs: + nixpkgs: + url: github:cachix/devenv-nixpkgs/rolling + +# If you're using non-OSS software, you can set allowUnfree to true. +# allowUnfree: true + +# If you're willing to use a package that's vulnerable +# permittedInsecurePackages: +# - "openssl-1.1.1w" + +# If you have more than one devenv you can merge them +#imports: +# - ./backend From 29729fd8de2b7819f1b4b905c6e4929d96395b9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20M=C3=BCller?= Date: Wed, 25 Feb 2026 17:50:23 +0100 Subject: [PATCH 2/4] [CI] Add `lint` workflow --- .github/workflows/lint.yml | 46 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 .github/workflows/lint.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..7bc1ff0 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,46 @@ +name: Lint +on: + push: + pull_request: + workflow_dispatch: + +permissions: {} + +jobs: + prek: + runs-on: ubuntu-latest + steps: + - name: Download source + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + with: + persist-credentials: false + fetch-depth: 0 + - uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31 + - uses: cachix/cachix-action@3ba601ff5bbb07c7220846facfa2cd81eeee15a1 # v16 + with: + name: devenv + - name: Install devenv.sh + run: nix profile install nixpkgs#devenv + - name: "Download target branch: ${{ github.base_ref || 'master' }}" + run: git fetch origin "${TARGET_BRANCH}" + - name: Check whether to run full test on all files + id: test_full_run + if: ${{ github.event_name != 'workflow_dispatch' }} + run: | + # Trigger full run if devenv.lock or this workflow file changed + if git diff --quiet "origin/${TARGET_BRANCH}" HEAD -- devenv.lock .github/workflows/lint.yml; then + echo "test_full_run=false" >> "$GITHUB_OUTPUT" + else + echo "test_full_run=true" >> "$GITHUB_OUTPUT" + fi + - name: Run prek on all files + id: run_full + run: prek run --all-files + shell: devenv shell bash -- -e {0} + if: ${{ github.event_name == 'workflow_dispatch' || steps.test_full_run.outputs.test_full_run == 'true' }} + - name: Run prek hooks for changes against target branch (${{ github.base_ref || 'master' }}) + run: prek run --from-ref "origin/${TARGET_BRANCH}" --to-ref HEAD + shell: devenv shell bash -- -e {0} + if: "${{ steps.run_full.outcome == 'skipped' }}" + env: + TARGET_BRANCH: "${{ github.base_ref || 'master' }}" From ff40cf4d731970487e7f429db169d0e3beb27623 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20M=C3=BCller?= Date: Thu, 5 Mar 2026 21:59:54 +0100 Subject: [PATCH 3/4] Add `git-hooks` to `devenv.yaml` --- devenv.yaml | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/devenv.yaml b/devenv.yaml index 116a2ad..658e484 100644 --- a/devenv.yaml +++ b/devenv.yaml @@ -1,15 +1,5 @@ -# yaml-language-server: $schema=https://devenv.sh/devenv.schema.json inputs: + git-hooks: + url: github:cachix/git-hooks.nix nixpkgs: url: github:cachix/devenv-nixpkgs/rolling - -# If you're using non-OSS software, you can set allowUnfree to true. -# allowUnfree: true - -# If you're willing to use a package that's vulnerable -# permittedInsecurePackages: -# - "openssl-1.1.1w" - -# If you have more than one devenv you can merge them -#imports: -# - ./backend From b3a2c5e88acac3ff5cec82388654db9e896a32e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Johannes=20M=C3=BCller?= Date: Thu, 5 Mar 2026 22:00:14 +0100 Subject: [PATCH 4/4] Update `devenv.lock` for devenv 2.0 --- devenv.lock | 64 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 24 deletions(-) diff --git a/devenv.lock b/devenv.lock index d705474..da7f443 100644 --- a/devenv.lock +++ b/devenv.lock @@ -3,10 +3,11 @@ "devenv": { "locked": { "dir": "src/modules", - "lastModified": 1772033931, + "lastModified": 1772738982, + "narHash": "sha256-9MN0FV0XeYJV7kFtUxY6uQMxbZmlrPQLUm3yLbEEJ7Q=", "owner": "cachix", "repo": "devenv", - "rev": "8fc32ee73712778da975dc15383d5310b35d50ca", + "rev": "22ec127af85396b04af045ec20d004d11a0675af", "type": "github" }, "original": { @@ -20,6 +21,7 @@ "flake": false, "locked": { "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "NixOS", "repo": "flake-compat", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", @@ -35,15 +37,14 @@ "inputs": { "flake-compat": "flake-compat", "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1772024342, + "lastModified": 1772665116, + "narHash": "sha256-XmjUDG/J8Z8lY5DVNVUf5aoZGc400FxcjsNCqHKiKtc=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", + "rev": "39f53203a8458c330f61cc0759fe243f0ac0d198", "type": "github" }, "original": { @@ -60,10 +61,11 @@ ] }, "locked": { - "lastModified": 1762808025, + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", "owner": "hercules-ci", "repo": "gitignore.nix", - "rev": "cb5e3fdca1de58ccbc3ef53de65bd372b48f567c", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", "type": "github" }, "original": { @@ -73,20 +75,18 @@ } }, "nixpkgs": { - "inputs": { - "nixpkgs-src": "nixpkgs-src" - }, "locked": { - "lastModified": 1770434727, - "owner": "cachix", - "repo": "devenv-nixpkgs", - "rev": "8430f16a39c27bdeef236f1eeb56f0b51b33d348", + "lastModified": 1770073757, + "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "47472570b1e607482890801aeaf29bfb749884f6", "type": "github" }, "original": { - "owner": "cachix", - "ref": "rolling", - "repo": "devenv-nixpkgs", + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", "type": "github" } }, @@ -107,17 +107,33 @@ "type": "github" } }, + "nixpkgs_2": { + "inputs": { + "nixpkgs-src": "nixpkgs-src" + }, + "locked": { + "lastModified": 1770434727, + "narHash": "sha256-YzOZRgiqIccnkkZvckQha7wvOfN2z50xEdPvfgu6sf8=", + "owner": "cachix", + "repo": "devenv-nixpkgs", + "rev": "8430f16a39c27bdeef236f1eeb56f0b51b33d348", + "type": "github" + }, + "original": { + "owner": "cachix", + "ref": "rolling", + "repo": "devenv-nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "devenv": "devenv", "git-hooks": "git-hooks", - "nixpkgs": "nixpkgs", - "pre-commit-hooks": [ - "git-hooks" - ] + "nixpkgs": "nixpkgs_2" } } }, "root": "root", "version": 7 -} +} \ No newline at end of file