Traewelling · NyCodeGHG · Sep 2, 2023 · Sep 2, 2023 · Sep 2, 2023 · Sep 2, 2023
diff --git a/.github/allowed-nix-update-users.nix b/.github/allowed-nix-update-users.nix
@@ -0,0 +1,20 @@
+github:
+let
+  commenter = github.event.sender;
+  allowlist = {
+    # See id on https://api.github.com/users/<username>
+    "HerrLevin" = 1267894;
+    "jeyemwey" = 2796271;
+    "MrKrisKrisu" = 4103693;
+    "NyCodeGHG" = 37078297;
+    "xanderio" = 6298052;
+  };
+  isAllowedUser = builtins.elem commenter.id (
+    (builtins.attrValues allowlist) ++ [github.event.issue.user.id]
+  );
+in
+  if isAllowedUser then
+    builtins.trace "The user '${commenter.login}' is allowed to run the command. ✅"
+    true
+  else
+    builtins.throw "The user '${commenter.login}' is not allowed to run the command. ❌"
diff --git a/.github/workflows/nix-ci.yml b/.github/workflows/nix-ci.yml
@@ -0,0 +1,48 @@
+name: Nix CI
+on:
+  push:
+  pull_request:
+jobs:
+  check-hashes:
+    name: Ensure Nix Hashes are up-to-date
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install nix
+        uses: cachix/install-nix-action@v22
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      # - uses: cachix/cachix-action@v12
+      #   with:
+      #     name: trawelling
+      #     authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+
+      - name: Update generated files
+        run: nix develop --impure .#ci --command "update-nix-package-deps"
+
+      - name: Check if up-to-date
+        shell: bash
+        run: |
+          if [ "$(git status --porcelain=v1 2>/dev/null | wc -l)" = "1" ]; then
+            git status
+            echo "Nix hashes are not up to date. Update them with the `update-nix-package-dep` command in the nix devshell. or run `/nix-update`"
+            exit 1
+          fi
+
+  build:
+    name: Build Package
+    runs-on: ubuntu-latest
+    needs:
+      - check-hashes
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install nix
+        uses: cachix/install-nix-action@v22
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      # - uses: cachix/cachix-action@v12
+      #   with:
+      #     name: trawelling
+      #     authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - name: Build with nix
+        run: nix build
diff --git a/.github/workflows/nix-update-command.yml b/.github/workflows/nix-update-command.yml
@@ -0,0 +1,104 @@
+name: Nix Update Command
+on:
+  issue_comment:
+    types:
+      - created
+      - edited
+
+concurrency: nix-update-${{ github.event.issue.number }}
+
+jobs:
+  command:
+    if: "github.event.comment.body == '/nix-update' && github.event.issue.pull_request"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Install Nix
+        uses: cachix/install-nix-action@v22
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+
+      - name: Checkout Self
+        uses: actions/checkout@v3
+        with:
+          repository: ${{ github.repository }}
+          ref: refs/heads/${{ github.event.repository.default_branch }}
+
+      - name: Check if user is allowed to run the command
+        shell: bash
+        id: perms
+        run: |
+          echo '${{ toJSON(github) }}' > /tmp/context.json
+          if nix eval --expr 'import ./.github/allowed-nix-update-users.nix (builtins.fromJSON (builtins.readFile /tmp/context.json))' --impure; then
+            echo "allowed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "allowed=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Add no permission reacton
+        if: "${{ steps.perms.outputs.allowed == false }}"
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: ${{ github.event.comment.id }}
+          reactions: '-1'
+
+      - name: Add okay reaction
+        if: "${{ steps.perms.outputs.allowed }}"
+        uses: peter-evans/create-or-update-comment@v3
+        with:
+          comment-id: ${{ github.event.comment.id }}
+          reactions: '+1'
+
+      - id: get-branch
+        if: "${{ steps.perms.outputs.allowed }}"
+        name: Get PR branch
+        run: echo "branch=$(gh pr view $PR_NO --repo $REPO --json headRefName --jq '.headRefName')" >> "$GITHUB_OUTPUT"
+        env:
+          REPO: ${{ github.repository }}
+          PR_NO: ${{ github.event.issue.number }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Checkout PR
+        if: "${{ steps.perms.outputs.allowed }}"
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ steps.get-branch.outputs.branch }}
+
+      - name: Update Nix Files
+        if: "${{ steps.perms.outputs.allowed }}"
+        run: nix develop --impure .#ci --command "update-nix-package-deps"
+
+      - name: Commit and Push changes
+        if: "${{ steps.perms.outputs.allowed }}"
+        shell: bash
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          # Configure git user
+          git config user.name "GitHub Actions"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+
+          # Check if any changes were made
+          if [[ ! -z $(git status -s) ]]; then
+            git commit -a -F - <<EOF
+          nix: Update generated files
+
+          This commit was automatically generated by [this workflow run](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}).
+          EOF
+
+            git push
+            gh pr comment ${{ github.event.issue.number }} -F - <<EOF
+          Successfully updated generated nix files! 🚀
+
+          Run triggered by @${{ github.event.sender.login }} (${{ github.event.comment.html_url }})
+          EOF
+          else
+            gh pr comment ${{ github.event.issue.number }} -F - <<EOF
+          Generated files are up to date! 👌
+
+          Run triggered by @${{ github.event.sender.login }} (${{ github.event.comment.html_url }})
+          EOF
+          fi
diff --git a/composer.json b/composer.json
@@ -31,6 +31,7 @@
         "laravel/socialite": "^5.0",
         "laravel/tinker": "^2.0",
         "laravel/ui": "^4.0",
+        "predis/predis": "^2.2",
         "revolution/laravel-mastodon-api": "^3.0",
         "romanzipp/laravel-queue-monitor": "^4.0",
         "spatie/icalendar-generator": "^2.0",

diff --git a/composer.lock b/composer.lock
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -4,90 +4,24 @@
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     flake-parts.url = "github:hercules-ci/flake-parts";
     devenv.url = "github:cachix/devenv";
+    composer2nix = {
+      url = "github:svanderburg/composer2nix";
+      flake = false;
+    };
   };
   outputs = inputs @ {flake-parts, ...}:
     flake-parts.lib.mkFlake {inherit inputs;} {
       imports = [
         inputs.devenv.flakeModule
+        ./nix/flake-module.nix
       ];
       systems = [
         "x86_64-linux"
         "aarch64-linux"
         "x86_64-darwin"
         "aarch64-darwin"
       ];
-      perSystem = {
-        pkgs,
-        lib,
-        ...
-      }: {
-        devenv.shells.default = {config, ...}: {
-          languages = {
-            php.enable = true;
-            javascript.enable = true;
-          };
-          dotenv.enable = true;
-          services.mysql = {
-            enable = true;
-            ensureUsers = [
-              {
-                name = config.env.DB_USERNAME;
-                password = config.env.DB_PASSWORD;
-                ensurePermissions = {
-                  "*.*" = "ALL PRIVILEGES";
-                };
-              }
-            ];
-            initialDatabases = [
-              {
-                name = config.env.DB_DATABASE;
-              }
-            ];
-          };
-          scripts = let
-            composer = "${config.languages.php.packages.composer}/bin/composer";
-            php = "${config.languages.php.package}/bin/php";
-            npm = "${config.languages.javascript.package}/bin/npm";
-            mysql = config.services.mysql.package;
-          in {
-            setup-devenv.exec = ''
-              set -eo pipefail
-              if [ ! -f .env ]
-              then
-                echo "Copying .env.example to .env"
-                cp .env.example .env
-              fi
-              set -a; source .env; set +a
-              echo "Installing composer packages"
-              ${composer} install > /dev/null
-              echo "Installing npm packages"
-              ${npm} ci > /dev/null
-
-              if [[ "$DB_CONNECTION" == "mysql" ]];
-              then
-                echo "Waiting for MySQL Database to be ready."
-                echo "  Make sure to run 'devenv up' in another terminal to start the MySQL server."
-                while ! ${mysql}/bin/mysqladmin ping -h "$DB_HOST" -P "$DB_PORT" -u "$DB_USERNAME" -p="$DB_PASSWORD" --silent; do
-                  sleep 1
-                done
-
-                echo "Migrating database"
-                ${php} artisan migrate:fresh --seed
-              else
-                echo "You seem to be not using mysql. Skipping migrations."
-              fi
-
-              echo "Generating Keys"
-              ${php} artisan key:generate > /dev/null
-              echo "Initializing Passport"
-              ${php} artisan passport:install > /dev/null
-            '';
-            serve.exec = ''
-              ${npm} run watch &
-              ${php} artisan serve
-            '';
-          };
-        };
+      perSystem = {pkgs, ...}: {
         formatter = pkgs.alejandra;
       };
     };

diff --git a/nix/flake-module.nix b/nix/flake-module.nix
@@ -0,0 +1,9 @@
+{...}: {
+  imports = [
+    ./shell.nix
+  ];
+
+  perSystem = {pkgs, ...}: {
+    packages.default = pkgs.callPackage ./package {};
+  };
+}