Update GitHub Actions and Nix Configurations (#62)

* feat: update GitHub workflows and justfile configurations

- Add `CACHIX_BINARY_CACHE` environment variable to GitHub workflows for dynamic cache name usage
- Upgrade `cachix/cachix-action` from v12 to v14 in all workflows
- Update `actions/checkout` from v3 to v4 in all workflows
- Remove `cache-build`, `cache-inputs`, and `cache-shell` recipes from justfile
- Update flake.lock with new revisions and narHashes for `flake-parts` and `nixpkgs` dependencies
- Simplify `nix develop` commands in workflows by removing explicit cache usage and recipe calls

* chore: add renovate configuration file for dependency management

* chore: replace DeterminateSystems/nix-installer-action with cachix/install-nix-action

- Updated .github/workflows/flake-home-manager.yml to use cachix/install-nix-action@v27 with nix_path set to nixpkgs=channel:nixos-unstable.
- Updated .github/workflows/flake-language.yml to use cachix/install-nix-action@v27 with nix_path set to nixpkgs=channel:nixos-unstable.
- Updated .github/workflows/flake-system.yml to use cachix/install-nix-action@v27 with nix_path set to nixpkgs=channel:nixos-unstable.
- Updated .github/workflows/flake.yml to use cachix/install-nix-action@v27 with nix_path set to nixpkgs=channel:nixos-unstable.

* refactor: update build scripts and flake configurations

- Removed `temp_dir` variable and cleaned up build scripts in `justfile`.
- Updated `build-template` to use `mktemp` for temporary directories.
- Added `set -euxo pipefail` to ensure scripts fail on errors.
- Modified `build-darwin`, `build-home-manager`, `build-language`, `build-nixos-desktop`, and `build-nixos-minimal` to use the new `build-template` logic.
- Reordered fields in `template/haskell/flake.nix` for consistency.
- Removed `nodejs` inheritance in `template/vite-react/flake.nix` and cleaned up package definition.

* chore: add bash shebang and strict mode to build profile in justfile

- Added `#!/usr/bin/env bash` to specify the script interpreter.
- Enabled strict mode with `set -euxo pipefail` for better error handling.

* refactor: update workflows to use temporary directories

- Updated flake-home-manager.yml to create and use a temporary directory for the build process.
- Updated flake-system.yml to create and use a temporary directory for the build process.
- Modified justfile to accept a temporary directory parameter for build-template, build-darwin, and build-home-manager tasks.
- Ensured temporary directories are created and used consistently across scripts to improve build isolation and reliability.

* refactor(workflows): remove temporary directory creation

- Removed the creation of temporary directories in flake-home-manager.yml and flake-system.yml workflows.
- Updated justfile to eliminate the temp_dir parameter from build-darwin and build-home-manager recipes.
- Simplified the build-template invocation in the justfile.

* fix(workflows): update build commands to include temporary directory

- Updated `flake-home-manager.yml` to pass `${{ runner.temp }}` to the `build-home-manager` command.
- Updated `flake-system.yml` to pass `${{ runner.temp }}` to the `build-darwin` command.
- Modified `justfile` to include `temp_dir` parameter in `build-darwin` and `build-home-manager` commands.
- Moved `check` command in `justfile` for better organization.

* fix(workflows): create build directory before running nix commands

- Ensure the build directory is created in the runner's temporary directory before executing nix develop commands in both flake-home-manager.yml and flake-system.yml workflows.
- This change addresses potential issues with missing directories during the build process.

* refactor(workflows): use environment variable for temporary build directory

- Added TEMP_DIR environment variable to GitHub Actions workflows for flake-home-manager, flake-language, and flake-system.
- Updated job steps to use the TEMP_DIR environment variable instead of hardcoding the temporary directory path.
- Modified justfile to accept temp_dir as a parameter for build-home-manager, build-language, build-nixos-desktop, and build-nixos-minimal tasks.
- Ensured consistency in passing the temporary directory to the build-template function across all tasks.

* refactor(workflows): remove TEMP_DIR environment variable

- Removed the TEMP_DIR environment variable from flake-home-manager.yml, flake-language.yml, and flake-system.yml workflows.
- Updated the mkdir and nix develop commands to use runner.temp directly instead of TEMP_DIR.
- Ensured consistency across all workflow files by directly referencing runner.temp for temporary build directories.

* chore(deps): update base dependency version to 4.18.2.1 in example.cabal

.github/renovate.json

@@ -0,0 +1,16 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:base",
+    ":semanticCommitTypeAll(chore)"
+  ],
+  "lockFileMaintenance": {
+    "enabled": true,
+    "extends": [
+      "schedule:weekly"
+    ]
+  },
+  "nix": {
+    "enabled": true
+  }
+}

.github/workflows/flake-home-manager.yml

@@ -6,27 +6,34 @@ on:
     branches:
       - main
 
+env:
+  CACHIX_BINARY_CACHE: altf4llc-os
+
 jobs:
   darwin:
     runs-on: macos-latest
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-home-manager "x86_64-darwin"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-home-manager "x86_64-darwin" "${{ runner.temp }}/build"
 
   linux:
     runs-on: ubuntu-latest
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-home-manager "x86_64-linux"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-home-manager "x86_64-linux" "${{ runner.temp }}/build"

.github/workflows/flake-language.yml

@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+env:
+  CACHIX_BINARY_CACHE: altf4llc-os
+
 jobs:
   default:
     runs-on: ubuntu-latest
@@ -31,14 +34,16 @@ jobs:
           - zig
           - vite-react
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-language "${{ matrix.template }}" "default"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-language "${{ matrix.template }}" "default" "${{ runner.temp }}/build"
 
   docker:
     runs-on: ubuntu-latest
@@ -61,11 +66,13 @@ jobs:
           - swiftpm
           - zig
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-language "${{ matrix.template }}" "docker"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-language "${{ matrix.template }}" "docker" "${{ runner.temp }}/build"

.github/workflows/flake-system.yml

@@ -6,18 +6,23 @@ on:
     branches:
       - main
 
+env:
+  CACHIX_BINARY_CACHE: altf4llc-os
+
 jobs:
   darwin:
     runs-on: macos-latest
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-darwin "x86_64"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-darwin "x86_64" "${{ runner.temp }}/build"
 
   nixos-desktop:
     strategy:
@@ -27,23 +32,27 @@ jobs:
           - plasma5
     runs-on: ubuntu-latest
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-nixos-desktop "x86_64" "${{ matrix.desktop }}"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-nixos-desktop "x86_64" "${{ matrix.desktop }}" "${{ runner.temp }}/build"
 
   nixos-minimal:
     runs-on: ubuntu-latest
     steps:
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: cachix/cachix-action@v12
+      - uses: cachix/install-nix-action@v27
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+      - uses: cachix/cachix-action@v14
         with:
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-          name: altf4llc-os
-      - uses: actions/checkout@v3
-      - run: cachix use "altf4llc-os"
-      - run: nix develop -c just cache-build 'build-nixos-minimal "x86_64"'
+          name: ${{ env.CACHIX_BINARY_CACHE }}
+      - uses: actions/checkout@v4
+      - run: mkdir -p "${{ runner.temp }}/build"
+      - run: nix develop -c just build-nixos-minimal "x86_64" "${{ runner.temp }}/build"

.github/workflows/flake.yml

@@ -6,17 +6,19 @@ on:
     branches:
       - main
 
+env:
+  CACHIX_BINARY_CACHE: altf4llc-os
+
 jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-    - uses: DeterminateSystems/nix-installer-action@main
-    - uses: cachix/cachix-action@v12
+    - uses: cachix/install-nix-action@v27
+      with:
+        nix_path: nixpkgs=channel:nixos-unstable
+    - uses: cachix/cachix-action@v14
       with:
         authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
-        name: altf4llc-os
-    - uses: actions/checkout@v3
-    - run: cachix use "altf4llc-os"
+        name: ${{ env.CACHIX_BINARY_CACHE }}
+    - uses: actions/checkout@v4
     - run: nix develop -c just check
-    - run: nix develop -c just cache-inputs
-    - run: nix develop -c just cache-shell

justfile

@@ -1,47 +1,54 @@
-temp_dir := "/tmp/kickstart.nix"
-
 _default:
     just --list
 
-build profile:
-    nix build --json --no-link --print-build-logs "{{ profile }}"
-
-cache-build recipe cache_name="altf4llc-os":
-    just {{ recipe }} | jq -r '.[].outputs | to_entries[].value' | cachix push {{ cache_name }}
-
-cache-inputs cache_name="altf4llc-os":
-    nix flake archive --json \
-      | jq -r '.path,(.inputs|to_entries[].value.path)' \
-      | cachix push "{{ cache_name }}"
-
-cache-shell cache_name="altf4llc-os":
-    nix develop --profile "dev-profile" -c true
-    cachix push "{{ cache_name }}" "dev-profile"
-
 check:
     nix flake check
 
-clean-template template:
-    rm -rf {{ temp_dir }}/{{ template }}
-    mkdir -p {{ temp_dir }}/{{ template }}
+build profile:
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    nix build --json --no-link --print-build-logs "{{ profile }}" \
+    | jq -r ".[0].outputs.out"
 
-build-template template: (clean-template template)
+build-template template temp_dir="$(mktemp -d)":
     #!/usr/bin/env bash
-    DERIVATION=$(just build ".#example-{{ template }}")
-    OUTPUT=$(echo $DERIVATION | jq -r ".[0].outputs.out")
-    cp --no-preserve=mode -r $OUTPUT/* {{ temp_dir }}/{{ template }}
+    set -euxo pipefail
+    OUTPUT_DIR=$(just build "$PWD#example-{{ template }}")
+    TEMP_DIR={{ temp_dir }}
+    cp --no-preserve=mode -r $OUTPUT_DIR/* $TEMP_DIR/.
+    echo $TEMP_DIR
 
-build-darwin system="x86_64": (build-template "darwin")
-    just build "{{ temp_dir }}/darwin#darwinConfigurations.{{ system }}.config.system.build.toplevel"
+build-darwin system="x86_64" temp_dir="$(mktemp -d)":
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    TEMP_DIR=$(just build-template "darwin" "{{ temp_dir }}")
+    ls -alh $TEMP_DIR
+    just build "$TEMP_DIR#darwinConfigurations.{{ system }}.config.system.build.toplevel"
 
-build-home-manager system="x86_64-linux": (build-template "home-manager")
-    just build "{{ temp_dir }}/home-manager#homeConfigurations.{{ system }}.activationPackage"
+build-home-manager system="x86_64-linux" temp_dir="$(mktemp -d)":
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    TEMP_DIR=$(just build-template "home-manager" "{{ temp_dir }}")
+    ls -alh $TEMP_DIR
+    just build "$TEMP_DIR#homeConfigurations.{{ system }}.activationPackage"
 
-build-language template profile="default": (build-template template)
-    just build "{{ temp_dir }}/{{ template }}#{{ profile }}"
+build-language language profile="default" temp_dir="$(mktemp -d)":
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    TEMP_DIR=$(just build-template "{{ language }}" "{{ temp_dir }}")
+    ls -alh $TEMP_DIR
+    just build "$TEMP_DIR"
 
-build-nixos-desktop system="x86_64" desktop="gnome": (build-template 'nixos-desktop-'+desktop)
-    just build "{{ temp_dir }}/nixos-desktop-{{ desktop }}#nixosConfigurations.{{ system }}.config.system.build.toplevel"
+build-nixos-desktop system="x86_64" desktop="gnome" temp_dir="$(mktemp -d)":
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    TEMP_DIR=$(just build-template "nixos-desktop-{{ desktop }}" "{{ temp_dir }}")
+    ls -alh $TEMP_DIR
+    just build "$TEMP_DIR#nixosConfigurations.{{ system }}.config.system.build.toplevel"
 
-build-nixos-minimal system="x86_64": (build-template "nixos-minimal")
-    just build "{{ temp_dir }}/nixos-minimal#nixosConfigurations.{{ system }}.config.system.build.toplevel"
+build-nixos-minimal system="x86_64" temp_dir="$(mktemp -d)":
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    TEMP_DIR=$(just build-template "nixos-minimal" "{{ temp_dir }}")
+    ls -alh $TEMP_DIR
+    just build "$TEMP_DIR#nixosConfigurations.{{ system }}.config.system.build.toplevel"

template/haskell/example.cabal

@@ -67,7 +67,7 @@ executable example
     -- other-extensions:
 
     -- Other library packages from which modules are imported.
-    build-depends:    base ^>=4.17.2.1
+    build-depends:    base ^>=4.18.2.1
 
     -- Directories containing source files.
     hs-source-dirs:   app

template/haskell/flake.nix

@@ -29,11 +29,11 @@
         };
         packages = {
           default = mkDerivation {
-            pname = name;
             inherit version;
-            src = ./.;
-            license = "";
             description = "";
+            license = "";
+            pname = name;
+            src = ./.;
           };
 
           docker = buildImage {

template/vite-react/flake.nix

@@ -17,7 +17,6 @@
       }: let
         name = "example";
         version = "0.1.0";
-        nodejs = pkgs.nodejs_21;
       in {
         devShells = {
           default = pkgs.mkShell {
@@ -28,7 +27,7 @@
 
         packages = {
           default = pkgs.buildNpmPackage {
-            inherit version nodejs;
+            inherit version;
             pname = name;
             src = ./.;
             npmDepsHash = "sha256-KeXRIp4qNywb1sy5lXTagoUsW6EeK1kF5OWJ97w9Vfk=";