build: converting from Docker -> Nix

Author: DeveloperC286

.cargo/config.toml

@@ -12,3 +12,9 @@ rustflags = [
   "-C", "target-feature=+crt-static",
   "-C", "link-self-contained=yes",
 ]
+
+[target.aarch64-unknown-linux-musl]
+rustflags = [
+  "-C", "target-feature=+crt-static",
+  "-C", "link-self-contained=yes",
+]

.copier-answers.yml

@@ -0,0 +1,5 @@
+# Changes here will be overwritten by Copier
+_commit: v1.6.1
+_src_path: https://github.com/DeveloperC286/template
+project_name: conventional_commits_next_version
+uses_git: true

.envrc

@@ -0,0 +1 @@
+use flake

.github/renovate.json5

@@ -4,23 +4,18 @@
     "config:best-practices"
   ],
   "automerge": true,
-  "dockerfile": {
-    "managerFilePatterns": [
-      "/(^|/|\\.)Dockerfile$/",
-      "/(^|/)Dockerfile[^/]*$/"
-    ]
+  "github-actions": {
+    "enabled": false
+  },
+  "nix": {
+    "enabled": true,
+    "lockFileMaintenance": {
+      "enabled": true,
+      "commitMessageAction": "update",
+      "commitMessageTopic": "Nix flake lock"
+    }
   },
   "customManagers": [
-    {
-      "customType": "regex",
-      "managerFilePatterns": [
-        "/(^|/|\\.)Dockerfile$/",
-        "/(^|/)Dockerfile[^/]*$/"
-      ],
-      "matchStrings": [
-        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.+_VERSION=\"(?<currentValue>.*?)\"\\s"
-      ]
-    },
     {
       "customType": "regex",
       "managerFilePatterns": [
@@ -36,18 +31,6 @@
       "datasourceTemplate": "repology",
       "depNameTemplate": "alpine_{{alpineMajor}}_{{alpineMinor}}/{{name}}",
       "versioningTemplate": "loose"
-    },
-    {
-      "customType": "regex",
-      "managerFilePatterns": [
-        "/(^|/|\\.)Makefile$/",
-        "/(^|/)Makefile[^/]*$/"
-      ],
-      "matchStrings": [
-        "# renovate: depName=(?<depName>.*?)\\s.+_VERSION=(?<currentValue>[a-z0-9.-]+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?"
-      ],
-      "datasourceTemplate": "docker",
-      "versioningTemplate": "docker"
     }
   ]
 }

.github/workflows/continuous-delivery.yml

@@ -12,39 +12,78 @@ permissions:
 jobs:
   publish-binary:
     name: Publish Binary
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Publish binary.
-        run: make publish-binary RELEASE="${GITHUB_REF_NAME}"
+        run: nix develop -c make publish-binary RELEASE="${GITHUB_REF_NAME}"
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by GitHub Actions.
 
   publish-crate:
     name: Publish Crate
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Publish crate.
-        run: make publish-crate
+        run: nix develop -c make publish-crate
         env:
           CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
 
-  publish-docker:
-    name: Publish Docker Image
-    runs-on: ubuntu-latest
+  publish-docker-image:
+    name: Publish Docker Image (${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    needs: [publish-binary]
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-24.04
+            target: x86_64-unknown-linux-musl
+            suffix: amd64
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+            target: aarch64-unknown-linux-musl
+            suffix: arm64
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Publish Docker Image
-        run: make publish-docker RELEASE="${GITHUB_REF_NAME}"
+        run: make publish-docker-image RELEASE="${GITHUB_REF_NAME}" PLATFORM="${{ matrix.platform }}" TARGET="${{ matrix.target }}" SUFFIX="${{ matrix.suffix }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish-docker-manifest:
+    name: Publish Docker Manifest
+    runs-on: ubuntu-24.04
+    needs: [publish-docker-image]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Publish Docker Manifest
+        run: make publish-docker-manifest RELEASE="${GITHUB_REF_NAME}"

.github/workflows/continuous-integration.yml

@@ -8,47 +8,84 @@ permissions:
 jobs:
   formatting:
     name: Formatting
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
     strategy:
       matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
         language: [rust, shell, python]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Check formatting.
-        run: make check-${{ matrix.language }}-formatting
+        run: nix develop -c make check-${{ matrix.language }}-formatting
+
   linting:
     name: Linting
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
     strategy:
       matrix:
-        language: [rust]
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+        language: [rust, shell]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Check linting.
-        run: make check-${{ matrix.language }}-linting
+        run: nix develop -c make check-${{ matrix.language }}-linting
+
+  scripts-permissions:
+    name: Scripts Permissions
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Check scripts permissions.
+        run: make check-scripts-permissions
+
   compile:
     name: Compile
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Compile.
-        run: make compile
+        run: nix develop -c make compile
+
   unit-test:
     name: Unit Test
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Unit test.
-        run: make unit-test
+        run: nix develop -c make unit-test
+
   end-to-end-test:
     name: End to End Test
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: End to End test.
-        run: make end-to-end-test
+        run: nix develop -c make end-to-end-test

.github/workflows/conventional-commits.yml

@@ -8,12 +8,14 @@ permissions:
 jobs:
   linting:
     name: Linting
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/developerc286/conventional_commits_linter:0.17.0@sha256:d6fb0dfd79c2e06897692bc3f0dc62bcb7ce90a92030c81a3137935516d525d7
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
       - name: Check Conventional Commits linting.
-        run: make check-conventional-commits-linting FROM="origin/${{ github.base_ref }}"
+        run: conventional_commits_linter --type angular "origin/${{ github.base_ref }}"

.github/workflows/dogfood.yml

@@ -8,12 +8,17 @@ permissions:
 jobs:
   docker:
     name: Docker
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
-      - name: Dogfooding Docker
-        run: make dogfood-docker FROM="origin/${{ github.base_ref }}"
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
+      - name: Dogfooding Docker.
+        run: nix develop -c make dogfood-docker FROM="origin/${{ github.base_ref }}"

.github/workflows/git-history.yml

@@ -8,12 +8,14 @@ permissions:
 jobs:
   clean:
     name: Clean
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/developerc286/clean_git_history:1.1.5@sha256:b1374591d48393f6b5fcc888f6bc7da05f7d218961f7850112130b1cad78186a
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
       - name: Check clean Git history.
-        run: make check-clean-git-history FROM="origin/${{ github.base_ref }}"
+        run: clean_git_history "origin/${{ github.base_ref }}"

.github/workflows/github-actions-workflows.yml

@@ -6,19 +6,30 @@ permissions:
   contents: read
 
 jobs:
-  linting:
-    name: Linting
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code.
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - name: Check GitHub Actions workflows linting.
-        run: make check-github-actions-workflows-linting
   formatting:
     name: Formatting
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Check formatting.
-        run: make check-yaml-formatting
+        run: nix develop -c make check-yaml-formatting
+
+  linting:
+    name: Linting
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
+      - name: Check GitHub Actions workflows linting.
+        run: nix develop -c make check-github-actions-workflows-linting