From c6bfaca2b1438ebdd1be8a9bc179d2e398b013ae Mon Sep 17 00:00:00 2001 From: Ryan Mulligan Date: Tue, 24 Aug 2021 20:23:54 -0700 Subject: [PATCH] remove flake-utils; add mmdoc docs --- .github/workflows/doc.yaml | 31 ++++ README.md | 280 +--------------------------------- doc/batch-updates.md | 53 +++++++ doc/contributing.md | 41 +++++ doc/details.md | 74 +++++++++ doc/installation.md | 49 ++++++ doc/interactive-updates.md | 27 ++++ doc/introduction.md | 21 +++ doc/nixpkgs-maintainer-faq.md | 2 +- doc/nixpkgs-update.md | 0 doc/toc.md | 8 + flake.lock | 86 +++++++---- flake.nix | 67 ++------ pkgs/default.nix | 72 +++++++++ 14 files changed, 448 insertions(+), 363 deletions(-) create mode 100644 .github/workflows/doc.yaml create mode 100644 doc/batch-updates.md create mode 100644 doc/contributing.md create mode 100644 doc/details.md create mode 100644 doc/installation.md create mode 100644 doc/interactive-updates.md create mode 100644 doc/introduction.md create mode 100644 doc/nixpkgs-update.md create mode 100644 doc/toc.md create mode 100644 pkgs/default.nix diff --git a/.github/workflows/doc.yaml b/.github/workflows/doc.yaml new file mode 100644 index 0000000..2a98c85 --- /dev/null +++ b/.github/workflows/doc.yaml @@ -0,0 +1,31 @@ +name: doc + +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + publish: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + # Nix Flakes doesn't work on shallow clones + fetch-depth: 0 + - uses: cachix/install-nix-action@v13 + with: + install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install + install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve' + extra_nix_config: | + experimental-features = nix-command flakes + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + - run: nix run .#nixpkgs-update-doc + - if: success() + uses: crazy-max/ghaction-github-pages@v2 + with: + target_branch: gh-pages + build_dir: result/multi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index 1ee491e..0569aed 100644 --- a/README.md +++ b/README.md @@ -3,282 +3,4 @@ [![Build Status](https://github.com/ryantm/nixpkgs-update/workflows/CI/badge.svg)](https://github.com/ryantm/nixpkgs-update/actions) [![Patreon](https://img.shields.io/badge/patreon-donate-blue.svg)](https://www.patreon.com/nixpkgsupdate) -> The future is here; let's evenly distribute it! - -# Contents - -* [Introduction](#introduction) -* [Interactive updates](#interactive-updates) -* [Batch updates](#batch-updates) -* [Details](#details) -* [Development](#development) - -# Introduction - -The [nixpkgs-update](https://github.com/ryantm/nixpkgs-update) mission -is to make [nixpkgs](https://github.com/nixos/nixpkgs) the most -up-to-date repository of software in the world by the most ridiculous -margin possible. [Here's how we are doing so far](https://repology.org/repositories/graphs). - -It provides an interactive tool for automating single package -updates. Given a package name, old version, and new version, it -updates the version, and fetcher hashes, makes a commit, and -optionally a pull request. Along the way, it does checks to make sure -the update has a baseline quality. - -It is the code used by the GitHub bot -[@r-ryantm](https://github.com/r-ryantm) to automatically update -nixpkgs. It uses package repository information from -[Repology.org](https://repology.org/repository/nix_unstable), the -GitHub releases API, and PyPI to generate a lists of outdated -packages. - -# Installation - -For the Cachix cache to work, your user must be in the trusted-users -list or you can use sudo since root is effectively trusted. - -Run without installing: - -```bash -nix run \ - --option extra-substituters 'https://nixpkgs-update.cachix.org/' \ - --option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \ - -f https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz \ - -c nixpkgs-update --help -``` - -Install into your Nix profile: - -```bash -nix-env \ - --option extra-substituters 'https://nixpkgs-update.cachix.org/' \ - --option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \ - -if https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz -``` - -Declaratively with [niv](https://github.com/nmattia/niv): - -```bash -niv add ryantm/nixpkgs-update -``` - -NixOS config with Niv: - -```nix -let - sources = import ./nix/sources.nix; - nixpkgs-update = import sources.nixpkgs-update {}; -in - environment.systemPackages = [ nixpkgs-update ]; -``` - -home-manager config with Niv: - -```nix -let - sources = import ./nix/sources.nix; - nixpkgs-update = import sources.nixpkgs-update {}; -in - home.packages = [ nixpkgs-update ]; -``` - -# Interactive updates - -nixpkgs-update supports interactive, single package updates via the -`update` subcommand. - -# Update tutorial - -1. Setup [hub](https://github.com/github/hub) and give it your GitHub - credentials, so it saves an oauth token. This allows nixpkgs-update - to query the GitHub API. -2. Go to your local checkout of nixpkgs, and **make sure the working - directory is clean**. Be on a branch you are okay committing to. -3. Run it like: `nixpkgs-update update "postman 7.20.0 7.21.2"` - which mean update the package "postman" from version 7.20.0 - to version 7.21.2. -4. It will run the updater, and, if the update builds, it will commit - the update and output a message you could use for a pull request. - -# Flags - -* `--cve`—adds CVE vulnerability reporting to the PR message. On - first invocation with this option, a CVE database is - built. Subsequent invocations will be much faster. -* `--nixpkgs-review`—runs - [nixpkgs-review](https://github.com/Mic92/nixpkgs-review), which - tries to build all the packages that depend on the one being updated - and adds a report. - -# Batch updates - -nixpkgs-update supports batch updates via the `update-list` -subcommand. - -## Update-List tutorial - -1. Setup [hub](https://github.com/github/hub) and give it your GitHub - credentials, so it saves an oauth token. This allows nixpkgs-update - to query the GitHub API. - -2. Clone this repository and build `nixpkgs-update`: - ```bash - git clone https://github.com/ryantm/nixpkgs-update && cd nixpkgs-update - nix-build - ``` - -3. To test your config, try to update a single package, like this: - - ```bash - ./result/bin/nixpkgs-update update "pkg oldVer newVer update-page"` - - # Example: - ./result/bin/nixpkgs-update update "tflint 0.15.0 0.15.1 repology.org"` - ``` - - replacing `tflint` with the attribute name of the package you actually want - to update, and the old version and new version accordingly. - - If this works, you are now setup to hack on `nixpkgs-update`! If - you run it with `--pr`, it will actually send a pull request, which - looks like this: https://github.com/NixOS/nixpkgs/pull/82465 - - -4. If you'd like to send a batch of updates, get a list of outdated packages and - place them in a `packages-to-update.txt` file: - - ```bash - ./result/bin/nixpkgs-update fetch-repology > packages-to-update.txt - ``` - - There also exist alternative sources of updates, these include: - - - PyPI, the Python Package Index: - [nixpkgs-update-pypi-releases](https://github.com/jonringer/nixpkgs-update-pypi-releases) - - GitHub releases: - [nixpkgs-update-github-releases](https://github.com/synthetica9/nixpkgs-update-github-releases) - -5. Run the tool in batch mode with `update-list`: - - ```bash - ./result/bin/nixpkgs-update update-list - ``` - -# Details - -Some of these features only apply to the update-list sub-command or to -features only available to the @r-ryantm bot. - -## Checks - -A number of checks are performed to help nixpkgs maintainers gauge the -likelihood that an update was successful. All the binaries are run with -various flags to see if they have a zero exit code and output the new -version number. The outpath directory tree is searched for files -containing the new version number. A directory tree and disk usage -listing is provided. - - -## Security report - -Information from the National Vulnerability Database maintained by -NIST is compared against the current and updated package version. The -nixpkgs package name is matched with the Common Platform Enumeration -vendor, product, edition, software edition, and target software fields -to find candidate Common Vulnerabilities and Exposures (CVEs). The -CVEs are filtered by the matching the current and updated versions -with the CVE version ranges. - -The general philosophy of the CVE search is to avoid false negatives, -which means we expect to generate many false positives. The false -positives can be carefully removed by manually created rules -implemented in the filter function in the NVDRules module. - -If there are no CVE matches, the report is not shown. The report has -three parts: CVEs resolved by this update, CVEs introduced by this -update, and CVEs present in both version. - -If you would like to report a problem with the security report, please -use the [nixpkgs-update GitHub -issues](https://github.com/ryantm/nixpkgs-update/issues). - -The initial development of the security report was made possible by a -partnership with [Serokell](https://serokell.io/) and the [NLNet -Foundation](https://nlnet.nl/) through their [Next Generation Internet -Zero Discovery initiative](https://nlnet.nl/discovery/) (NGI0 -Discovery). NGI0 Discovery is made possible with financial support -from the [European Commission](https://ec.europa.eu/). - - -## Rebuild report - -The PRs made by nixpkgs-update say what packages need to be rebuilt if -the pull request is merged. This uses the same mechanism -[OfBorg](https://github.com/NixOS/ofborg) uses to put rebuild labels -on PRs. Not limited by labels, it can report the exact number of -rebuilds and list some of the attrpaths that would need to be rebuilt. - - -## PRs against staging - -If a PR merge would cause more than 100 packages to be rebuilt, the PR -is made against staging. - - -## Logs - -[Logs from r-ryantm's runs](https://r.ryantm.com/log/) are -available online. There are a lot of packages `nixpkgs-update` -currently has no hope of updating. Please dredge the logs to find out -why your pet package is not receiving updates. - - -## Cachix - -By uploading the build outputs to -[Cachix](https://nix-community.cachix.org/), nixpkgs-update allows you to -test a package with one command. - - -# Development - -Incremental development: - -```bash -nix-shell --run "cabal v2-repl" -``` - -Run the tests: - -```bash -nix-shell --run "cabal v2-test" -``` - -Run a type checker in the background for quicker type checking feedback: - -```bash -nix-shell --run "ghcid" -``` - -Run a type checker for the app code: - -```bash -nix-shell --run 'ghcid -c "cabal v2-repl exe:nixpkgs-update"' -``` - -Run a type checker for the test code: - -```bash -nix-shell --run 'ghcid -c "cabal v2-repl tests"' -``` - -Updating the Cabal file when adding new dependencies or options: - -```bash -nix run nixpkgs.haskellPackages.hpack -c hpack -``` - -Source files are formatted with [Ormolu](https://github.com/tweag/ormolu). - -There is also a [Cachix cache](https://nixpkgs-update.cachix.org/) available for the dependencies of this program. +Please read the [documentation](https://ryantm.github.io/nixpkgs-update/). diff --git a/doc/batch-updates.md b/doc/batch-updates.md new file mode 100644 index 0000000..756f81b --- /dev/null +++ b/doc/batch-updates.md @@ -0,0 +1,53 @@ +# Batch updates {#batch-updates} + +nixpkgs-update supports batch updates via the `update-list` +subcommand. + +## Update-List tutorial + +1. Setup [hub](https://github.com/github/hub) and give it your GitHub + credentials, so it saves an oauth token. This allows nixpkgs-update + to query the GitHub API. + +2. Clone this repository and build `nixpkgs-update`: + ```bash + git clone https://github.com/ryantm/nixpkgs-update && cd nixpkgs-update + nix-build + ``` + +3. To test your config, try to update a single package, like this: + + ```bash + ./result/bin/nixpkgs-update update "pkg oldVer newVer update-page"` + + # Example: + ./result/bin/nixpkgs-update update "tflint 0.15.0 0.15.1 repology.org"` + ``` + + replacing `tflint` with the attribute name of the package you actually want + to update, and the old version and new version accordingly. + + If this works, you are now setup to hack on `nixpkgs-update`! If + you run it with `--pr`, it will actually send a pull request, which + looks like this: https://github.com/NixOS/nixpkgs/pull/82465 + + +4. If you'd like to send a batch of updates, get a list of outdated packages and + place them in a `packages-to-update.txt` file: + + ```bash + ./result/bin/nixpkgs-update fetch-repology > packages-to-update.txt + ``` + + There also exist alternative sources of updates, these include: + + - PyPI, the Python Package Index: + [nixpkgs-update-pypi-releases](https://github.com/jonringer/nixpkgs-update-pypi-releases) + - GitHub releases: + [nixpkgs-update-github-releases](https://github.com/synthetica9/nixpkgs-update-github-releases) + +5. Run the tool in batch mode with `update-list`: + + ```bash + ./result/bin/nixpkgs-update update-list + ``` diff --git a/doc/contributing.md b/doc/contributing.md new file mode 100644 index 0000000..fb7a9c5 --- /dev/null +++ b/doc/contributing.md @@ -0,0 +1,41 @@ +# Contributing {#contributing} + +Incremental development: + +```bash +nix-shell --run "cabal v2-repl" +``` + +Run the tests: + +```bash +nix-shell --run "cabal v2-test" +``` + +Run a type checker in the background for quicker type checking feedback: + +```bash +nix-shell --run "ghcid" +``` + +Run a type checker for the app code: + +```bash +nix-shell --run 'ghcid -c "cabal v2-repl exe:nixpkgs-update"' +``` + +Run a type checker for the test code: + +```bash +nix-shell --run 'ghcid -c "cabal v2-repl tests"' +``` + +Updating the Cabal file when adding new dependencies or options: + +```bash +nix run nixpkgs.haskellPackages.hpack -c hpack +``` + +Source files are formatted with [Ormolu](https://github.com/tweag/ormolu). + +There is also a [Cachix cache](https://nixpkgs-update.cachix.org/) available for the dependencies of this program. diff --git a/doc/details.md b/doc/details.md new file mode 100644 index 0000000..463874c --- /dev/null +++ b/doc/details.md @@ -0,0 +1,74 @@ +# Details {#details} + +Some of these features only apply to the update-list sub-command or to +features only available to the @r-ryantm bot. + +## Checks + +A number of checks are performed to help nixpkgs maintainers gauge the +likelihood that an update was successful. All the binaries are run with +various flags to see if they have a zero exit code and output the new +version number. The outpath directory tree is searched for files +containing the new version number. A directory tree and disk usage +listing is provided. + + +## Security report + +Information from the National Vulnerability Database maintained by +NIST is compared against the current and updated package version. The +nixpkgs package name is matched with the Common Platform Enumeration +vendor, product, edition, software edition, and target software fields +to find candidate Common Vulnerabilities and Exposures (CVEs). The +CVEs are filtered by the matching the current and updated versions +with the CVE version ranges. + +The general philosophy of the CVE search is to avoid false negatives, +which means we expect to generate many false positives. The false +positives can be carefully removed by manually created rules +implemented in the filter function in the NVDRules module. + +If there are no CVE matches, the report is not shown. The report has +three parts: CVEs resolved by this update, CVEs introduced by this +update, and CVEs present in both version. + +If you would like to report a problem with the security report, please +use the [nixpkgs-update GitHub +issues](https://github.com/ryantm/nixpkgs-update/issues). + +The initial development of the security report was made possible by a +partnership with [Serokell](https://serokell.io/) and the [NLNet +Foundation](https://nlnet.nl/) through their [Next Generation Internet +Zero Discovery initiative](https://nlnet.nl/discovery/) (NGI0 +Discovery). NGI0 Discovery is made possible with financial support +from the [European Commission](https://ec.europa.eu/). + + +## Rebuild report + +The PRs made by nixpkgs-update say what packages need to be rebuilt if +the pull request is merged. This uses the same mechanism +[OfBorg](https://github.com/NixOS/ofborg) uses to put rebuild labels +on PRs. Not limited by labels, it can report the exact number of +rebuilds and list some of the attrpaths that would need to be rebuilt. + + +## PRs against staging + +If a PR merge would cause more than 100 packages to be rebuilt, the PR +is made against staging. + + +## Logs + +[Logs from r-ryantm's runs](https://r.ryantm.com/log/) are +available online. There are a lot of packages `nixpkgs-update` +currently has no hope of updating. Please dredge the logs to find out +why your pet package is not receiving updates. + + +## Cachix + +By uploading the build outputs to +[Cachix](https://nix-community.cachix.org/), nixpkgs-update allows you to +test a package with one command. diff --git a/doc/installation.md b/doc/installation.md new file mode 100644 index 0000000..8a35808 --- /dev/null +++ b/doc/installation.md @@ -0,0 +1,49 @@ +# Installation {#installation} + +For the Cachix cache to work, your user must be in the trusted-users +list or you can use sudo since root is effectively trusted. + +Run without installing: + +```bash +nix run \ + --option extra-substituters 'https://nixpkgs-update.cachix.org/' \ + --option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \ + -f https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz \ + -c nixpkgs-update --help +``` + +Install into your Nix profile: + +```bash +nix-env \ + --option extra-substituters 'https://nixpkgs-update.cachix.org/' \ + --option trusted-public-keys 'nixpkgs-update.cachix.org-1:6y6Z2JdoL3APdu6/+Iy8eZX2ajf09e4EE9SnxSML1W8=' \ + -if https://github.com/ryantm/nixpkgs-update/archive/master.tar.gz +``` + +Declaratively with [niv](https://github.com/nmattia/niv): + +```bash +niv add ryantm/nixpkgs-update +``` + +NixOS config with Niv: + +```nix +let + sources = import ./nix/sources.nix; + nixpkgs-update = import sources.nixpkgs-update {}; +in + environment.systemPackages = [ nixpkgs-update ]; +``` + +home-manager config with Niv: + +```nix +let + sources = import ./nix/sources.nix; + nixpkgs-update = import sources.nixpkgs-update {}; +in + home.packages = [ nixpkgs-update ]; +``` diff --git a/doc/interactive-updates.md b/doc/interactive-updates.md new file mode 100644 index 0000000..a1e7140 --- /dev/null +++ b/doc/interactive-updates.md @@ -0,0 +1,27 @@ +# Interactive updates {#interactive-updates} + +nixpkgs-update supports interactive, single package updates via the +`update` subcommand. + +# Update tutorial + +1. Setup [hub](https://github.com/github/hub) and give it your GitHub + credentials, so it saves an oauth token. This allows nixpkgs-update + to query the GitHub API. +2. Go to your local checkout of nixpkgs, and **make sure the working + directory is clean**. Be on a branch you are okay committing to. +3. Run it like: `nixpkgs-update update "postman 7.20.0 7.21.2"` + which mean update the package "postman" from version 7.20.0 + to version 7.21.2. +4. It will run the updater, and, if the update builds, it will commit + the update and output a message you could use for a pull request. + +# Flags + +* `--cve`—adds CVE vulnerability reporting to the PR message. On + first invocation with this option, a CVE database is + built. Subsequent invocations will be much faster. +* `--nixpkgs-review`—runs + [nixpkgs-review](https://github.com/Mic92/nixpkgs-review), which + tries to build all the packages that depend on the one being updated + and adds a report. diff --git a/doc/introduction.md b/doc/introduction.md new file mode 100644 index 0000000..75f90b9 --- /dev/null +++ b/doc/introduction.md @@ -0,0 +1,21 @@ +# nixpkgs-update {#introduction} + +> The future is here; let's evenly distribute it! + +The [nixpkgs-update](https://github.com/ryantm/nixpkgs-update) mission +is to make [nixpkgs](https://github.com/nixos/nixpkgs) the most +up-to-date repository of software in the world by the most ridiculous +margin possible. [Here's how we are doing so far](https://repology.org/repositories/graphs). + +It provides an interactive tool for automating single package +updates. Given a package name, old version, and new version, it +updates the version, and fetcher hashes, makes a commit, and +optionally a pull request. Along the way, it does checks to make sure +the update has a baseline quality. + +It is the code used by the GitHub bot +[@r-ryantm](https://github.com/r-ryantm) to automatically update +nixpkgs. It uses package repository information from +[Repology.org](https://repology.org/repository/nix_unstable), the +GitHub releases API, and PyPI to generate a lists of outdated +packages. diff --git a/doc/nixpkgs-maintainer-faq.md b/doc/nixpkgs-maintainer-faq.md index 23544d5..6cf4199 100644 --- a/doc/nixpkgs-maintainer-faq.md +++ b/doc/nixpkgs-maintainer-faq.md @@ -1,4 +1,4 @@ -# Nixpkgs Maintainer FAQ +# Nixpkgs Maintainer FAQ {#nixpkgs-maintainer-faq} ## @r-ryantm opened a PR for my package, what do I do? diff --git a/doc/nixpkgs-update.md b/doc/nixpkgs-update.md new file mode 100644 index 0000000..e69de29 diff --git a/doc/toc.md b/doc/toc.md new file mode 100644 index 0000000..f3fc53d --- /dev/null +++ b/doc/toc.md @@ -0,0 +1,8 @@ +# nixpkgs-update + +* [Introduction](#introduction) +* [Interactive updates](#interactive-updates) +* [Batch updates](#batch-updates) +* [Details](#details) +* [Contributing](#contributing) +* [Nixpkgs Maintainer FAQ](#nixpkgs-maintainer-faq) diff --git a/flake.lock b/flake.lock index a44c826..2b6ee08 100644 --- a/flake.lock +++ b/flake.lock @@ -17,21 +17,6 @@ } }, "flake-utils": { - "locked": { - "lastModified": 1629481132, - "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "997f7efcb746a9c140ce1f13c72263189225f482", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_2": { "locked": { "lastModified": 1610051610, "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=", @@ -46,25 +31,59 @@ "type": "github" } }, - "nixpkgs": { + "mmdoc": { + "inputs": { + "nixpkgs": "nixpkgs", + "nixpkgs-for-manual": "nixpkgs-for-manual" + }, "locked": { - "lastModified": 1629853352, - "narHash": "sha256-NivLQ6qGhQxTYqinZ3r2hA01WcHRhhaS9VFXPYwJ07w=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "0cc67d775fba1af56eea9420c81e524f94376564", + "lastModified": 1626736992, + "narHash": "sha256-pgD5wGNKPrAO5ThfQjmdyezpc0RIXUeXyU/oFJRBfa0=", + "owner": "ryantm", + "repo": "mmdoc", + "rev": "9793387e2d7c04fe8e35209de6da0b3b6e551fea", "type": "github" }, "original": { - "owner": "nixos", + "owner": "ryantm", + "repo": "mmdoc", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1620788202, + "narHash": "sha256-MupOww6wQHG2LiF7ALeT+TxvgzS1ROQy7dChZX5ohiA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "c8750770c4f59b0825bf2b7b914c343543958a80", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs-for-manual": { + "locked": { + "lastModified": 1617080427, + "narHash": "sha256-4en5vjUto7I3FBWKU+NjhS33K0Z5yk+zxCtGcIgaRjs=", + "owner": "ryantm", + "repo": "nixpkgs", + "rev": "46fd6f0a282fdcebfeba221dba45adf12503afad", + "type": "github" + }, + "original": { + "owner": "ryantm", + "ref": "minman", "repo": "nixpkgs", "type": "github" } }, "nixpkgs-review": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1629814514, @@ -81,6 +100,21 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1629859457, + "narHash": "sha256-JlAU1EboVCOJeMXNLJusf+0vnx++xK1Y4DW5y80zMfY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "12613bf6d91543db59de89e231eafab72f4dc2e8", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1613848021, "narHash": "sha256-9JICogf6yTscjE3bmeX13vks+omv8408I3B7gWIau5U=", @@ -97,8 +131,8 @@ "root": { "inputs": { "flake-compat": "flake-compat", - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "mmdoc": "mmdoc", + "nixpkgs": "nixpkgs_2", "nixpkgs-review": "nixpkgs-review" } } diff --git a/flake.nix b/flake.nix index 2adcfaf..8b90340 100644 --- a/flake.nix +++ b/flake.nix @@ -1,67 +1,20 @@ { description = "A flake for nixpkgs-update"; - inputs.flake-utils.url = "github:numtide/flake-utils"; inputs.nixpkgs-review.url = "github:mic92/nixpkgs-review"; inputs.flake-compat = { url = "github:edolstra/flake-compat"; flake = false; }; inputs.nixpkgs = { type = "github"; owner = "nixos"; repo = "nixpkgs"; }; + inputs.mmdoc.url = "github:ryantm/mmdoc"; - outputs = { self, flake-utils, flake-compat, nixpkgs, nixpkgs-review }: - flake-utils.lib.eachSystem [ "x86_64-linux" "x86_64-darwin" ] (system: - let - pkgs = import nixpkgs { inherit system; config = { allowBroken = true; }; }; + outputs = { self, flake-compat, nixpkgs, nixpkgs-review, mmdoc } @ args: + { + packages."x86_64-linux" = import ./pkgs/default.nix (args // { system = "x86_64-linux"; }); + defaultPackage."x86_64-linux" = self.packages."x86_64-linux".nixpkgs-update; + devShell."x86_64-linux" = self.packages."x86_64-linux".devShell; - developPackageAttrs = { - name = "nixpkgs-update"; - root = self; - returnShellEnv = false; - }; + packages."x86_64-darwin" = import ./pkgs/default.nix (args // { system = "x86_64-darwin"; }); + defaultPackage."x86_64-darwin" = self.packages."x86_64-darwin".nixpkgs-update; + devShell."x86_64-darwin" = self.packages."x86_64-darwin".devShell; - drvAttrs = attrs: with pkgs; { - NIX = nix; - GIT = git; - HUB = gitAndTools.hub; - JQ = jq; - TREE = tree; - GIST = gist; - # TODO: are there more coreutils paths that need locking down? - TIMEOUT = coreutils; - NIXPKGSREVIEW = (import nixpkgs-review { inherit pkgs; }); - }; - - haskellPackages = pkgs.haskellPackages.override { - overrides = _: haskellPackages: { - polysemy-plugin = pkgs.haskell.lib.dontCheck haskellPackages.polysemy-plugin; - polysemy = pkgs.haskell.lib.dontCheck haskellPackages.polysemy; - nixpkgs-update = - pkgs.haskell.lib.justStaticExecutables ( - pkgs.haskell.lib.failOnAllWarnings ( - pkgs.haskell.lib.disableExecutableProfiling ( - pkgs.haskell.lib.disableLibraryProfiling ( - pkgs.haskell.lib.generateOptparseApplicativeCompletion "nixpkgs-update" ( - (haskellPackages.developPackage developPackageAttrs).overrideAttrs drvAttrs - ) - ) - ) - ) - ); - }; - }; - - shell = haskellPackages.shellFor { - nativeBuildInputs = with pkgs; [ - cabal-install - ghcid - ]; - packages = ps: [ ps.nixpkgs-update ]; - shellHook = '' - ''; - }; - - in - { - devShell = shell; - packages.nixpkgs-update = haskellPackages.nixpkgs-update; - defaultPackage = haskellPackages.nixpkgs-update; - }); + }; } diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..790afe3 --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,72 @@ +{ nixpkgs +, nixpkgs-review +, mmdoc +, system +, self +, ... +}: + +let + + pkgs = import nixpkgs { inherit system; config = { allowBroken = true; }; }; + + developPackageAttrs = { + name = "nixpkgs-update"; + root = self; + returnShellEnv = false; + }; + + drvAttrs = attrs: with pkgs; { + NIX = nix; + GIT = git; + HUB = gitAndTools.hub; + JQ = jq; + TREE = tree; + GIST = gist; + # TODO: are there more coreutils paths that need locking down? + TIMEOUT = coreutils; + NIXPKGSREVIEW = (import nixpkgs-review { inherit pkgs; }); + }; + + haskellPackages = pkgs.haskellPackages.override { + overrides = _: haskellPackages: { + polysemy-plugin = pkgs.haskell.lib.dontCheck haskellPackages.polysemy-plugin; + polysemy = pkgs.haskell.lib.dontCheck haskellPackages.polysemy; + nixpkgs-update = + pkgs.haskell.lib.justStaticExecutables ( + pkgs.haskell.lib.failOnAllWarnings ( + pkgs.haskell.lib.disableExecutableProfiling ( + pkgs.haskell.lib.disableLibraryProfiling ( + pkgs.haskell.lib.generateOptparseApplicativeCompletion "nixpkgs-update" ( + (haskellPackages.developPackage developPackageAttrs).overrideAttrs drvAttrs + ) + ) + ) + ) + ); + }; + }; + + shell = haskellPackages.shellFor { + nativeBuildInputs = with pkgs; [ + cabal-install + ghcid + ]; + packages = ps: [ ps.nixpkgs-update ]; + shellHook = '' + ''; + }; + + doc = pkgs.stdenvNoCC.mkDerivation rec { + name = "nixpkgs-update-doc"; + src = self; + phases = [ "mmdocPhase" ]; + mmdocPhase = "${mmdoc.packages.${system}.mmdoc}/bin/mmdoc nixpkgs-update $src/doc $out"; + }; + +in +{ + nixpkgs-update = haskellPackages.nixpkgs-update; + nixpkgs-update-doc = doc; + devShell = shell; +}