From 6ae55b82b05e15e6416151577e57a53a820ab19a Mon Sep 17 00:00:00 2001
From: winston <hey@winston.sh>
Date: Sat, 11 May 2024 03:00:26 +0200
Subject: [PATCH] ci: github-actions-dhall

---
 .github/workflows/check.dhall | 38 +++++++++++++++++++++++++++++++++++
 .github/workflows/check.yml   | 27 +++++++++++++++----------
 flake.nix                     | 11 +++++++---
 renovate.json                 | 24 ++++++++++++++++------
 4 files changed, 80 insertions(+), 20 deletions(-)
 create mode 100644 .github/workflows/check.dhall

diff --git a/.github/workflows/check.dhall b/.github/workflows/check.dhall
new file mode 100644
index 0000000..983d5f1
--- /dev/null
+++ b/.github/workflows/check.dhall
@@ -0,0 +1,38 @@
+let GithubActions =
+      https://github.com/regadas/github-actions-dhall/raw/master/package.dhall
+        sha256:9c1ae46a1d56f1c22dbc9006cbb3e569806e75d02fded38fa102935b34980395
+
+let NIX_CONFIG =
+      ''
+      accept-flake-config = true
+      extra-experimental-features = flakes nix-command
+      ''
+
+let check =
+      GithubActions.Job::{
+      , runs-on = GithubActions.RunsOn.Type.ubuntu-latest
+      , steps =
+        [ GithubActions.Step::{ uses = Some "actions/checkout@v4" }
+        , GithubActions.Step::{
+          , uses = Some "DeterminateSystems/flake-checker-action@v5"
+          }
+        , GithubActions.Step::{
+          , uses = Some "DeterminateSystems/nix-installer-action@v11"
+          }
+        , GithubActions.Step::{
+          , uses = Some "DeterminateSystems/magic-nix-cache-action@v6"
+          }
+        , GithubActions.Step::{
+          , env = Some (toMap { NIX_CONFIG })
+          , run = Some "nix flake check --show-trace"
+          }
+        ]
+      }
+
+in  GithubActions.Workflow::{
+    , name = "check"
+    , on = GithubActions.On::{
+      , push = Some GithubActions.Push::{ paths = Some [ "**.nix", "**.lock" ] }
+      }
+    , jobs = toMap { check }
+    }
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index 733acbb..a09a125 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -1,14 +1,19 @@
-on:
-  push:
-    paths: ["**.nix", "**.lock"]
-
 jobs:
   check:
-    runs-on: ubuntu-latest
-
+    "runs-on": "ubuntu-latest"
     steps:
-      - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4
-      - uses: DeterminateSystems/flake-checker-action@4b90f9fc724969ff153fe1803460917c84fe00a3 # v5
-      - uses: DeterminateSystems/nix-installer-action@main
-      - uses: DeterminateSystems/magic-nix-cache-action@main
-      - run: nix flake check --show-trace --accept-flake-config
+    - uses: "actions/checkout@v4"
+    - uses: "DeterminateSystems/flake-checker-action@v5"
+    - uses: "DeterminateSystems/nix-installer-action@v11"
+    - uses: "DeterminateSystems/magic-nix-cache-action@v6"
+    - env:
+        NIX_CONFIG: |
+          accept-flake-config = true
+          extra-experimental-features = flakes nix-command
+      run: "nix flake check --show-trace"
+name: check
+'on':
+  push:
+    paths:
+    - "**.nix"
+    - "**.lock"
diff --git a/flake.nix b/flake.nix
index be6731d..8f8b663 100644
--- a/flake.nix
+++ b/flake.nix
@@ -56,7 +56,7 @@
               luacheck.enable = true;
               nil.enable = true;
               nixfmt.enable = true;
-              nixfmt.package = pkgs.nixfmt-rfc-style;
+              nixfmt.package = self'.formatter;
               shellcheck.enable = true;
               stylua.enable = true;
             };
@@ -67,13 +67,18 @@
             RULES = "./home/secrets/secrets.nix";
             buildInputs =
               (with pkgs; [
+                dhall
+                dhall-lsp-server
+                dhall-yaml
                 just
                 nix-output-monitor
                 nixd
                 nvd
-                self'.formatter
               ])
-              ++ [ inputs'.agenix.packages.agenix ]
+              ++ [
+                inputs'.agenix.packages.agenix
+                self'.formatter
+              ]
               ++ lib.optionals pkgs.stdenv.isDarwin [ inputs'.darwin.packages.darwin-rebuild ];
           };
 
diff --git a/renovate.json b/renovate.json
index cb1e217..ca85279 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,11 +1,23 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "config:best-practices",
-    "schedule:weekly",
-    ":automergeAll"
-  ],
+  "extends": ["config:best-practices", "schedule:weekly", ":automergeAll"],
+  "github-actions": {
+    "enabled": false
+  },
   "nix": {
     "enabled": true
-  }
+  },
+  "customManagers": [
+    {
+      "customType": "regex",
+      "fileMatch": [
+        "(^|/)(workflow-templates|\\.(?:github|gitea|forgejo)/(?:workflows|actions))/.+\\.dhall$",
+        "(^|/)action\\.dhall$"
+      ],
+      "matchStrings": [
+        "GithubActions\\.Step::{[\\s,]*uses\\s?=\\s?Some\\s?\"(?<depName>.+)@(?<currentValue>.+)\""
+      ],
+      "datasourceTemplate": "github-tags"
+    }
+  ]
 }