The Nix pipelines

.cargo/audit.toml

@@ -0,0 +1,4 @@
+# Doesn't work in the sandbox
+[yanked]
+enabled = false      # Warn for yanked crates in Cargo.lock (default: true)
+update_index = false # Auto-update the crates.io index (default: true)

.envrc

@@ -0,0 +1 @@
+use flake

.github/flake.yml

@@ -0,0 +1,24 @@
+name: update-flake-lock
+
+on:
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00
+
+jobs:
+  lockfile:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+      - name: Install Determinate Nix
+        uses: DeterminateSystems/nix-installer-action@main
+        with:
+          determinate: true
+      - name: Update flake.lock
+        uses: DeterminateSystems/update-flake-lock@main
+        with:
+          pr-title: "Update flake.lock" # Title of PR to be created
+          pr-labels: |                  # Labels to be set on the PR
+            dependencies
+            automated

.gitignore

@@ -3,6 +3,7 @@
 /stage
 /parts
 /prime
+.direnv
 .gitignore.swp
 .DS_Store
 result

deny.toml

@@ -0,0 +1,2 @@
+[licenses]
+allow = ["MIT"]

flake.nix

@@ -0,0 +1,139 @@
+{
+  description = "Git repository summary on your terminal";
+
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
+
+    crane.url = "github:ipetkov/crane";
+
+    flake-utils.url = "github:numtide/flake-utils";
+
+    advisory-db = {
+      url = "github:rustsec/advisory-db";
+      flake = false;
+    };
+  };
+
+  outputs = { self, nixpkgs, crane, flake-utils, advisory-db, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+
+        inherit (pkgs) lib;
+
+        craneLib = crane.mkLib pkgs;
+        src = ./.;
+
+        # Common arguments can be set here to avoid repeating them later
+        commonArgs = {
+          inherit src;
+          strictDeps = true;
+
+          buildInputs = with pkgs;
+            [
+              # package dependencies
+              zstd
+            ] ++ lib.optionals pkgs.stdenv.isDarwin (with pkgs; [
+              # additional dependencies on Darwin systems
+              CoreFoundation
+              libresolv
+              Security
+            ]);
+          nativeBuildInputs = with pkgs; [ cmake pkg-config ];
+          nativeCheckInputs = with pkgs; [ git ];
+
+          # Additional environment variables can be set directly
+          # MY_CUSTOM_VAR = "some value";
+        };
+
+        # Build *just* the cargo dependencies, so we can reuse
+        # all of that work (e.g. via cachix) when running in CI
+        cargoArtifacts = craneLib.buildDepsOnly commonArgs;
+
+        # Build the actual crate itself, reusing the dependency
+        # artifacts from above.
+        onefetch =
+          craneLib.buildPackage (commonArgs // { inherit cargoArtifacts; });
+      in {
+        checks = {
+          # Build the crate as part of `nix flake check` for convenience
+          inherit onefetch;
+
+          # Run clippy (and deny all warnings) on the crate source,
+          # again, reusing the dependency artifacts from above.
+          #
+          # Note that this is done as a separate derivation so that
+          # we can block the CI if there are issues here, but not
+          # prevent downstream consumers from building our crate by itself.
+          onefetch-clippy = craneLib.cargoClippy (commonArgs // {
+            inherit cargoArtifacts;
+            cargoClippyExtraArgs = "--all-targets -- --deny warnings";
+          });
+
+          onefetch-doc =
+            craneLib.cargoDoc (commonArgs // { inherit cargoArtifacts; });
+
+          # Check formatting
+          onefetch-fmt = craneLib.cargoFmt { inherit src; };
+
+          onefetch-toml-fmt = craneLib.taploFmt {
+            src = pkgs.lib.sources.sourceFilesBySuffices src [ ".toml" ];
+            # taplo arguments can be further customized below as needed
+            # taploExtraArgs = "--config ./taplo.toml";
+          };
+
+          # Audit dependencies
+          onefetch-audit = craneLib.cargoAudit { inherit src advisory-db; };
+
+          # Audit licenses
+          onefetch-deny = craneLib.cargoDeny { inherit src; };
+
+          # Run tests with cargo-nextest
+          # Consider setting `doCheck = false` on `my-crate` if you do not want
+          # the tests to run twice
+          onefetch-nextest = craneLib.cargoNextest (commonArgs // {
+            inherit cargoArtifacts;
+            partitions = 1;
+            partitionType = "count";
+            cargoNextestPartitionsExtraArgs = "--no-tests=pass";
+          });
+        };
+
+        packages = rec {
+          onefetch-debug = onefetch // {
+            cargoExtraArgs = lib.concatStringsSep " " [
+              # Just to get more human-readable look
+              "--profile dev"
+            ];
+          };
+          inherit onefetch;
+          default = onefetch-debug;
+        };
+
+        apps.default = flake-utils.lib.mkApp { drv = onefetch; };
+
+        devShells.default = craneLib.devShell {
+          # Inherit inputs from checks.
+          checks = self.checks.${system};
+
+          # Additional dev-shell environment variables can be set directly
+          # MY_CUSTOM_DEVELOPMENT_VAR = "something else";
+
+          # Extra inputs can be added here; cargo and rustc are provided by default.
+          packages = with pkgs; [
+            # pkgs.ripgrep
+            nixd
+            nixfmt
+          ];
+        };
+      });
+  # Sets substituters to avoid locally building something already built
+  nixConfig = {
+    extra-substituters =
+      [ "https://crane.cachix.org" "https://cache.garnix.io" ];
+    extra-trusted-public-keys = [
+      "crane.cachix.org-1:8Scfpmn9w+hGdXH/Q9tTLiYAE/2dnJYRJP7kl80GuRk="
+      "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+    ];
+  };
+}

taplo.toml

@@ -0,0 +1,13 @@
+# Sorts `Cargo.toml` dependencies. All other `.toml` files are formatted with the default config.
+#
+# https://taplo.tamasfe.dev/configuration/file.html#configuration-file
+
+[formatting]
+reorder_keys = false
+
+[[rule]]
+include = ["**/Cargo.toml"]
+keys = ["dependencies"]
+
+[rule.formatting]
+reorder_keys = true