flake/actions: replace some crane checks with pre-commit

5 files changed, 20 insertions, 58 deletions

diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
deleted file mode 100644
index ebf88d0..0000000
--- a/.github/workflows/audit.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: audit crates
-# this checks our dependencies for
-# security advisories every saturday
-
-on:
-  schedule:
-    - cron: "0 0 * * 6"
-  workflow_dispatch:
-
-jobs:
-  audit:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-
-      - name: run audit
-        run: |
-          nix build --accept-flake-config -L .#checks.x86_64-linux.audit
diff --git a/.github/workflows/clippy.yaml b/.github/workflows/clippy.yaml
index 48b1bd6..cb35d14 100644
--- a/.github/workflows/clippy.yaml
+++ b/.github/workflows/clippy.yaml
@@ -11,6 +11,10 @@ jobs:
   clippy:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      security-events: write
+
     steps:
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/nix-installer-action@main
@@ -23,6 +27,7 @@ jobs:
 
       - name: run clippy
         run: |
+          mkdir -p /tmp
           cargo clippy --all --all-targets --message-format=json | clippy-sarif > /tmp/clippy.sarif
 
       - name: upload results
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-lock.yaml
index 7e0d992..9e3301d 100644
--- a/.github/workflows/update-flake.yaml
+++ b/.github/workflows/update-lock.yaml
@@ -1,9 +1,8 @@
-name: update nix flake
-# this is to make sure we can build against a
-# recent version of nixos-unstable
+name: update flake lock
 
 on:
   schedule:
+    # run every saturday
     - cron: "0 0 * * 6"
   workflow_dispatch:
 
@@ -12,20 +11,22 @@ permissions:
   pull-requests: write
 
 jobs:
-  update-flake:
+  update:
     runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/nix-installer-action@main
 
-      - uses: DeterminateSystems/update-flake-lock@v20
+      - name: update lockfile
+        uses: DeterminateSystems/update-flake-lock@v20
         id: update
         with:
-          commit-msg: "deps(flake): update inputs"
-          pr-title: "deps(flake): update inputs"
+          commit-msg: "flake: update inputs"
+          pr-title: "flake: update inputs"
+          token: ${{ github.token }}
 
-      - name: auto-merge pull request
+      - name: enable auto-merge
         shell: bash
         run: gh pr merge --auto --rebase "$PR_ID"
         env:
diff --git a/garnix.yaml b/garnix.yaml
index 9458456..64bee81 100644
--- a/garnix.yaml
+++ b/garnix.yaml
@@ -1,6 +1,5 @@
 builds:
-  exclude:
-    - "packages.x86_64-linux.container"
+  exclude: []
   include:
     - "checks.x86_64-linux.*"
     - "packages.x86_64-linux.*"
diff --git a/parts/dev.nix b/parts/dev.nix
index fbd319b..556e3b6 100644
--- a/parts/dev.nix
+++ b/parts/dev.nix
@@ -1,14 +1,7 @@
 {
-  inputs,
-  self,
-  ...
-}: {
   perSystem = {
     config,
-    craneLib,
     pkgs,
-    system,
-    toolchain,
     ...
   }: {
     pre-commit = {
@@ -17,30 +10,11 @@
         alejandra.enable = true;
         deadnix.enable = true;
         nil.enable = true;
+        rustfmt.enable = true;
         statix.enable = true;
       };
     };
 
-    checks = let
-      inherit (craneLib) cargoAudit cargoClippy cleanCargoSource cargoFmt;
-
-      commonArgs = {
-        src = cleanCargoSource self;
-      };
-    in {
-      inherit (self.packages.${system}) teawiebot;
-
-      audit = cargoAudit (commonArgs // {inherit (inputs) advisory-db;});
-
-      clippy = cargoClippy (commonArgs
-        // {
-          inherit (self.packages.${system}) cargoArtifacts;
-          cargoClippyExtraArgs = "--all-targets";
-        });
-
-      fmt = cargoFmt commonArgs;
-    };
-
     devShells = {
       default = pkgs.mkShell {
         shellHook = config.pre-commit.installationScript;
@@ -51,7 +25,10 @@
           nil
           statix
 
-          toolchain
+          rustc
+          cargo
+          rustfmt
+          clippy
         ];
       };
     };