9 files changed, 352 insertions, 0 deletions

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..4c39a33
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "ci"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..c348932
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,33 @@
+name: CI
+
+on:
+  push:
+  workflow_dispatch:
+
+jobs:
+  test:
+    name: Run test
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write 
+      pull-requests: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # v27
+
+      - name: Install npins
+        run: |
+          nix profile install 'nixpkgs#npins'
+
+      - name: Update npins sources
+        uses: ./.
+        with:
+          sources: "nixpkgs"
+          npins-directory: ./test/npins
+          commit-message: "test: update npins sources"
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
new file mode 100644
index 0000000..a04230b
--- /dev/null
+++ b/.github/workflows/publish.yaml
@@ -0,0 +1,24 @@
+name: Publish
+
+on:
+  release:
+    types: [ released ]
+  workflow_dispatch:
+    inputs:
+      tag_name:
+        description: "Existing tag to publish"
+        required: true
+
+jobs:
+  publish:
+    name: Publish action
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - uses: actions/publish-action@f784495ce78a41bac4ed7e34a73f0034015764bb # v0.3.0
+        with:
+          source-tag: ${{ inputs.tag_name || github.event.release.tag_name }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 0000000..ac45bf3
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,34 @@
+name: Release
+
+on:
+  push:
+    tags: ["v*.*.*"]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Existing tag to draft a release for"
+        required: true
+
+jobs:
+  release:
+    name: Create release
+
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+
+      - name: Run `gh`
+        env:
+          GH_TOKEN: ${{ github.token }}
+          TAG: ${{ inputs.tag || github.ref_name }}
+        run: |
+          gh release create \
+            --draft \
+            --notes-from-tag \
+            --verify-tag \
+            "$TAG"
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..b3b1528
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,19 @@
+Copyright (c) 2024 seth
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..58b8fa1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,56 @@
+# update-npins
+
+Update your [npins](https://github.com/andir/npins) sources and create a PR
+
+## Usage
+
+Basic usage is as follows:
+
+> [!NOTE]
+> We don't require cachix/install-nix-action specifically, but you
+> must install Nix and/or npins yourself before using this action
+
+```yaml
+- name: Checkout repository
+  uses: actions/checkout@v4
+
+- name: Install Nix
+  uses: cachix/install-nix-action@v27
+
+- name: Install npins
+  run: nix profile install 'nixpkgs#npins'
+
+- name: Update npins sources
+  uses: getchoo/update-npins@v0
+```
+
+### Inputs
+
+| Name | Description | Default |
+| --- | --- | --- |
+| `sources` | A space separated list of sources to update | |
+| `npins-directory` | A directory where npins' sources.json and default.nix are located | |
+| `commit-message` | A message to use when committing changes (required) | `"npins: update sources"` |
+| `author` | The author to use when committing changes | `"github-actions[bot] <github-actions[bot]@users.noreply.github.com>"` |
+| `signoff` | Whether to signoff commits | `true` |
+| `token` | Token for creating PR (required) | `${{ github.token }}` |
+| `pr-branch` | The name of the PR branch created | `"npins-update"` |
+| `pr-target` | The target branch of the created PR | |
+| `pr-title` | The title of the created PR | `"npins: update sources"` |
+| `pr-body` | The body of the created PR | `Automated pull request created by [update-npins](https://github.com/getchoo/update-npins)` |
+| `pr-labels` | A comma or newline-separated list of labels to add to the created PR | |
+
+### Outputs
+
+These are re-exports of [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
+
+| Name | Description |
+| --- | --- |
+| `pr-number` | The number of the created PR |
+| `pr-url` | The URL of the created PR |
+| `pr-operation` | The operation performed on the created PR |
+| `pr-head-sha` | The HEAD commit SHA of the created PR |
+
+## Special Thanks
+
+Much of this is inspired by [Determinate Systems'](https://determinate.systems/) [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) action
diff --git a/action.yaml b/action.yaml
new file mode 100644
index 0000000..64a9201
--- /dev/null
+++ b/action.yaml
@@ -0,0 +1,87 @@
+name: "Update npins"
+description: "Update your npins sources and create a PR"
+
+inputs:
+  sources:
+    description: "A space separated list of sources to update"
+    required: false
+    default: ""
+  npins-directory:
+    description: "A directory where npins' sources.json and default.nix are located"
+    required: false
+    default: ""
+  commit-message:
+    description: "A message to use when committing changes"
+    required: true 
+    default: "npins: update sources"
+  author:
+    description: "The author to use when committing changes"
+    required:  false
+    default: "github-actions[bot] <github-actions[bot]@users.noreply.github.com>"
+  signoff:
+    description: "Whether to signoff commits"
+    required: false
+    default: true
+  token:
+    description: "Token for creating PR"
+    required: true
+    default: ${{ github.token }}
+  pr-branch:
+    description: "The name of the PR branch created"
+    required: false
+    default: "npins-update"
+  pr-target:
+    description: "The target branch of the created PR"
+    required: false
+  pr-title:
+    description: "The title of the created PR"
+    required: false
+    default: "npins: update sources"
+  pr-body:
+    description: "The body of the created PR"
+    required: false
+    default:
+      Automated pull request created by [update-npins](https://github.com/getchoo/update-npins)
+  pr-labels:
+    description: "A comma or newline-separated list of labels to add to the created PR"
+    required: false
+
+outputs:
+  pr-number:
+    description: "The number of the created PR"
+    value: ${{ steps.pr.outputs.pull-request-number }}
+  pr-url:
+    description: "The URL of the created PR"
+    value: ${{ steps.pr.outputs.pull-request-url }}
+  pr-operation:
+    description: "The operation performed on the created PR"
+    value: ${{ steps.pr.outputs.pull-request-operation }}
+  pr-head-sha:
+    description: "The HEAD commit SHA of the created PR"
+    value: ${{ steps.pr.outputs.pull-request-head-sha }}
+
+runs:
+  using: composite
+
+  steps:
+    - name: Run `npins update`
+      env:
+        SOURCES: ${{ inputs.sources }}
+        NPINS_DIRECTORY: ${{ inputs.npins-directory }}
+      shell: bash
+      run: |
+        npins update "${SOURCES[@]}"
+
+    - name: Create PR
+      id: pr
+      uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
+      with:
+        token: ${{ inputs.token }}
+        commit-message: ${{ inputs.commit-message }}
+        committer: ${{ inputs.author }}
+        signoff: ${{ inputs.signoff }}
+        branch: ${{ inputs.pr-branch }}
+        base: ${{ inputs.pr-target }}
+        title: ${{ inputs.pr-title }}
+        body: ${{ inputs.pr-body }}
+        labels: ${{ inputs.pr-labels }}
diff --git a/test/npins/default.nix b/test/npins/default.nix
new file mode 100644
index 0000000..5e7d086
--- /dev/null
+++ b/test/npins/default.nix
@@ -0,0 +1,80 @@
+# Generated by npins. Do not modify; will be overwritten regularly
+let
+  data = builtins.fromJSON (builtins.readFile ./sources.json);
+  version = data.version;
+
+  mkSource =
+    spec:
+    assert spec ? type;
+    let
+      path =
+        if spec.type == "Git" then
+          mkGitSource spec
+        else if spec.type == "GitRelease" then
+          mkGitSource spec
+        else if spec.type == "PyPi" then
+          mkPyPiSource spec
+        else if spec.type == "Channel" then
+          mkChannelSource spec
+        else
+          builtins.throw "Unknown source type ${spec.type}";
+    in
+    spec // { outPath = path; };
+
+  mkGitSource =
+    {
+      repository,
+      revision,
+      url ? null,
+      hash,
+      branch ? null,
+      ...
+    }:
+    assert repository ? type;
+    # At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
+    # In the latter case, there we will always be an url to the tarball
+    if url != null then
+      (builtins.fetchTarball {
+        inherit url;
+        sha256 = hash; # FIXME: check nix version & use SRI hashes
+      })
+    else
+      assert repository.type == "Git";
+      let
+        urlToName =
+          url: rev:
+          let
+            matched = builtins.match "^.*/([^/]*)(\\.git)?$" repository.url;
+
+            short = builtins.substring 0 7 rev;
+
+            appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
+          in
+          "${if matched == null then "source" else builtins.head matched}${appendShort}";
+        name = urlToName repository.url revision;
+      in
+      builtins.fetchGit {
+        url = repository.url;
+        rev = revision;
+        inherit name;
+        # hash = hash;
+      };
+
+  mkPyPiSource =
+    { url, hash, ... }:
+    builtins.fetchurl {
+      inherit url;
+      sha256 = hash;
+    };
+
+  mkChannelSource =
+    { url, hash, ... }:
+    builtins.fetchTarball {
+      inherit url;
+      sha256 = hash;
+    };
+in
+if version == 3 then
+  builtins.mapAttrs (_: mkSource) data.pins
+else
+  throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
diff --git a/test/npins/sources.json b/test/npins/sources.json
new file mode 100644
index 0000000..d2e254b
--- /dev/null
+++ b/test/npins/sources.json
@@ -0,0 +1,11 @@
+{
+  "pins": {
+    "nixpkgs": {
+      "type": "Channel",
+      "name": "nixpkgs-unstable",
+      "url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.05pre629405.e381a1288138/nixexprs.tar.xz",
+      "hash": "065zm61iiq6my6hd5ls6jhv7sxzay1cqz8jym5jbga7164b3q78c"
+    }
+  },
+  "version": 3
+}
\ No newline at end of file