From 9518d623730a362a2cf558cb77d020be8ce50bc8 Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Thu, 7 Sep 2023 16:19:07 -0400
Subject: flake/actions: replace some crane checks with pre-commit

---
 .github/workflows/audit.yaml        | 20 --------------------
 .github/workflows/clippy.yaml       |  5 +++++
 .github/workflows/update-flake.yaml | 33 ---------------------------------
 .github/workflows/update-lock.yaml  | 34 ++++++++++++++++++++++++++++++++++
 garnix.yaml                         |  3 +--
 parts/dev.nix                       | 33 +++++----------------------------
 6 files changed, 45 insertions(+), 83 deletions(-)
 delete mode 100644 .github/workflows/audit.yaml
 delete mode 100644 .github/workflows/update-flake.yaml
 create mode 100644 .github/workflows/update-lock.yaml

diff --git a/.github/workflows/audit.yaml b/.github/workflows/audit.yaml
deleted file mode 100644
index ebf88d0..0000000
--- a/.github/workflows/audit.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: audit crates
-# this checks our dependencies for
-# security advisories every saturday
-
-on:
-  schedule:
-    - cron: "0 0 * * 6"
-  workflow_dispatch:
-
-jobs:
-  audit:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-
-      - name: run audit
-        run: |
-          nix build --accept-flake-config -L .#checks.x86_64-linux.audit
diff --git a/.github/workflows/clippy.yaml b/.github/workflows/clippy.yaml
index 48b1bd6..cb35d14 100644
--- a/.github/workflows/clippy.yaml
+++ b/.github/workflows/clippy.yaml
@@ -11,6 +11,10 @@ jobs:
   clippy:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      security-events: write
+
     steps:
       - uses: actions/checkout@v4
       - uses: DeterminateSystems/nix-installer-action@main
@@ -23,6 +27,7 @@ jobs:
 
       - name: run clippy
         run: |
+          mkdir -p /tmp
           cargo clippy --all --all-targets --message-format=json | clippy-sarif > /tmp/clippy.sarif
 
       - name: upload results
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
deleted file mode 100644
index 7e0d992..0000000
--- a/.github/workflows/update-flake.yaml
+++ /dev/null
@@ -1,33 +0,0 @@
-name: update nix flake
-# this is to make sure we can build against a
-# recent version of nixos-unstable
-
-on:
-  schedule:
-    - cron: "0 0 * * 6"
-  workflow_dispatch:
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  update-flake:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-
-      - uses: DeterminateSystems/update-flake-lock@v20
-        id: update
-        with:
-          commit-msg: "deps(flake): update inputs"
-          pr-title: "deps(flake): update inputs"
-
-      - name: auto-merge pull request
-        shell: bash
-        run: gh pr merge --auto --rebase "$PR_ID"
-        env:
-          GITHUB_TOKEN: ${{ github.token }}
-          PR_ID: ${{ steps.update.outputs.pull-request-number }}
diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml
new file mode 100644
index 0000000..9e3301d
--- /dev/null
+++ b/.github/workflows/update-lock.yaml
@@ -0,0 +1,34 @@
+name: update flake lock
+
+on:
+  schedule:
+    # run every saturday
+    - cron: "0 0 * * 6"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+
+      - name: update lockfile
+        uses: DeterminateSystems/update-flake-lock@v20
+        id: update
+        with:
+          commit-msg: "flake: update inputs"
+          pr-title: "flake: update inputs"
+          token: ${{ github.token }}
+
+      - name: enable auto-merge
+        shell: bash
+        run: gh pr merge --auto --rebase "$PR_ID"
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          PR_ID: ${{ steps.update.outputs.pull-request-number }}
diff --git a/garnix.yaml b/garnix.yaml
index 9458456..64bee81 100644
--- a/garnix.yaml
+++ b/garnix.yaml
@@ -1,6 +1,5 @@
 builds:
-  exclude:
-    - "packages.x86_64-linux.container"
+  exclude: []
   include:
     - "checks.x86_64-linux.*"
     - "packages.x86_64-linux.*"
diff --git a/parts/dev.nix b/parts/dev.nix
index fbd319b..556e3b6 100644
--- a/parts/dev.nix
+++ b/parts/dev.nix
@@ -1,14 +1,7 @@
 {
-  inputs,
-  self,
-  ...
-}: {
   perSystem = {
     config,
-    craneLib,
     pkgs,
-    system,
-    toolchain,
     ...
   }: {
     pre-commit = {
@@ -17,30 +10,11 @@
         alejandra.enable = true;
         deadnix.enable = true;
         nil.enable = true;
+        rustfmt.enable = true;
         statix.enable = true;
       };
     };
 
-    checks = let
-      inherit (craneLib) cargoAudit cargoClippy cleanCargoSource cargoFmt;
-
-      commonArgs = {
-        src = cleanCargoSource self;
-      };
-    in {
-      inherit (self.packages.${system}) teawiebot;
-
-      audit = cargoAudit (commonArgs // {inherit (inputs) advisory-db;});
-
-      clippy = cargoClippy (commonArgs
-        // {
-          inherit (self.packages.${system}) cargoArtifacts;
-          cargoClippyExtraArgs = "--all-targets";
-        });
-
-      fmt = cargoFmt commonArgs;
-    };
-
     devShells = {
       default = pkgs.mkShell {
         shellHook = config.pre-commit.installationScript;
@@ -51,7 +25,10 @@
           nil
           statix
 
-          toolchain
+          rustc
+          cargo
+          rustfmt
+          clippy
         ];
       };
     };
-- 
cgit v1.2.3