From 9d4050465183f3629df65c39e76a59c14db9e607 Mon Sep 17 00:00:00 2001
From: Marie Ramlow <me@nycode.dev>
Date: Sat, 2 Sep 2023 22:25:05 +0200
Subject: [PATCH] add ensure hashes workflow

---
 .github/workflows/nix-ci.yml | 31 +++++++++++++++++++++++++++++++
 nix/shell.nix                |  4 +++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/nix-ci.yml

diff --git a/.github/workflows/nix-ci.yml b/.github/workflows/nix-ci.yml
new file mode 100644
index 000000000..d20f34f83
--- /dev/null
+++ b/.github/workflows/nix-ci.yml
@@ -0,0 +1,31 @@
+name: Nix CI
+on:
+  push:
+  pull_request:
+jobs:
+  check-hashes:
+    name: Ensure Nix Hashes are up-to-date
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install nix
+        uses: cachix/install-nix-action@v22
+
+      - name: Prepare Nix shell
+        run: nix develop --impure .#ci
+
+      - name: Update npm Hashes
+        working-directory: nix/package/web
+        run: nix develop --impure .#ci --command "./update.sh"
+
+      - name: Update Composer Hashes
+        working-directory: nix/package
+        run: nix develop --impure .#ci --command "./update.sh"
+
+      - name: Check if up-to-date
+        shell: bash
+        run: |
+          if [ "$(git status --porcelain=v1 2>/dev/null | wc -l)" = "1" ]; then
+            git status
+            echo "::error::Nix hashes are not up to date"
+          fi
diff --git a/nix/shell.nix b/nix/shell.nix
index afa038282..5e4c2646c 100644
--- a/nix/shell.nix
+++ b/nix/shell.nix
@@ -1,9 +1,11 @@
 {...}: {
   perSystem = {
+    config,
     pkgs,
     lib,
     ...
-  }: {
+  }: rec {
+    devenv.shells.ci = devenv.shells.default;
     devenv.shells.default = {
       config,
       inputs,