build: converting from Docker -> Nix

Author: DeveloperC286

.cargo/config.toml

@@ -0,0 +1,20 @@
+# From https://github.com/BurntSushi/ripgrep/blob/master/.cargo/config.toml
+
+# Do the same for MUSL targets. At the time of writing (2023-10-23), this is
+# the default. But the plan is for the default to change to dynamic linking.
+# The whole point of MUSL with respect to ripgrep is to create a fully
+# statically linked executable.
+#
+# See: https://github.com/rust-lang/compiler-team/issues/422
+# See: https://github.com/rust-lang/compiler-team/issues/422#issuecomment-812135847
+[target.x86_64-unknown-linux-musl]
+rustflags = [
+  "-C", "target-feature=+crt-static",
+  "-C", "link-self-contained=yes",
+]
+
+[target.aarch64-unknown-linux-musl]
+rustflags = [
+  "-C", "target-feature=+crt-static",
+  "-C", "link-self-contained=yes",
+]

.envrc

@@ -0,0 +1 @@
+use flake

.github/renovate.json5

@@ -4,23 +4,18 @@
     "config:best-practices"
   ],
   "automerge": true,
-  "dockerfile": {
-    "managerFilePatterns": [
-      "/(^|/|\\.)Dockerfile$/",
-      "/(^|/)Dockerfile[^/]*$/"
-    ]
+  "github-actions": {
+    "enabled": false
+  },
+  "nix": {
+    "enabled": true,
+    "lockFileMaintenance": {
+      "enabled": true,
+      "commitMessageAction": "update",
+      "commitMessageTopic": "Nix flake lock"
+    }
   },
   "customManagers": [
-    {
-      "customType": "regex",
-      "managerFilePatterns": [
-        "/(^|/|\\.)Dockerfile$/",
-        "/(^|/)Dockerfile[^/]*$/"
-      ],
-      "matchStrings": [
-        "# renovate: datasource=(?<datasource>.*?) depName=(?<depName>.*?)( versioning=(?<versioning>.*?))?\\s.+_VERSION=\"(?<currentValue>.*?)\"\\s"
-      ]
-    },
     {
       "customType": "regex",
       "managerFilePatterns": [
@@ -36,18 +31,6 @@
       "datasourceTemplate": "repology",
       "depNameTemplate": "alpine_{{alpineMajor}}_{{alpineMinor}}/{{name}}",
       "versioningTemplate": "loose"
-    },
-    {
-      "customType": "regex",
-      "managerFilePatterns": [
-        "/(^|/|\\.)Makefile$/",
-        "/(^|/)Makefile[^/]*$/"
-      ],
-      "matchStrings": [
-        "# renovate: depName=(?<depName>.*?)\\s.+_VERSION=(?<currentValue>[a-z0-9.-]+)(?:@(?<currentDigest>sha256:[a-f0-9]+))?"
-      ],
-      "datasourceTemplate": "docker",
-      "versioningTemplate": "docker"
     }
   ]
 }

.github/workflows/continuous-delivery.yml

@@ -0,0 +1,76 @@
+name: Continuous Delivery (CD)
+
+on:
+  release:
+    types: [published]
+
+# https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs
+permissions:
+  contents: write
+  packages: write
+
+jobs:
+  publish-binary:
+    name: Publish Binary
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
+      - name: Publish binary.
+        run: nix develop -c make publish-binary RELEASE="${GITHUB_REF_NAME}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by GitHub Actions.
+
+  publish-docker-image:
+    name: Publish Docker Image (${{ matrix.platform }})
+    runs-on: ${{ matrix.runner }}
+    needs: [publish-binary]
+    strategy:
+      matrix:
+        include:
+          - platform: linux/amd64
+            runner: ubuntu-24.04
+            target: x86_64-unknown-linux-musl
+            suffix: amd64
+          - platform: linux/arm64
+            runner: ubuntu-24.04-arm
+            target: aarch64-unknown-linux-musl
+            suffix: arm64
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Publish Docker Image
+        run: make publish-docker-image RELEASE="${GITHUB_REF_NAME}" PLATFORM="${{ matrix.platform }}" TARGET="${{ matrix.target }}" SUFFIX="${{ matrix.suffix }}"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  publish-docker-manifest:
+    name: Publish Docker Manifest
+    runs-on: ubuntu-24.04
+    needs: [publish-docker-image]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Publish Docker Manifest
+        run: make publish-docker-manifest RELEASE="${GITHUB_REF_NAME}"

.github/workflows/continuous-integration.yml

@@ -8,39 +8,70 @@ permissions:
 jobs:
   formatting:
     name: Formatting
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
     strategy:
       matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
         language: [rust, shell]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Check formatting.
-        run: make check-${{ matrix.language }}-formatting
+        run: nix develop -c make check-${{ matrix.language }}-formatting
+
   linting:
     name: Linting
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
     strategy:
       matrix:
-        language: [rust]
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+        language: [rust, shell]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Check linting.
-        run: make check-${{ matrix.language }}-linting
+        run: nix develop -c make check-${{ matrix.language }}-linting
+
+  scripts-permissions:
+    name: Scripts Permissions
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Check scripts permissions.
+        run: make check-scripts-permissions
+
   compile:
     name: Compile
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Compile.
-        run: make compile
+        run: nix develop -c make compile
+
   unit-test:
     name: Unit Test
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Unit test.
-        run: make unit-test
+        run: nix develop -c make unit-test

.github/workflows/conventional-commits.yml

@@ -8,12 +8,14 @@ permissions:
 jobs:
   linting:
     name: Linting
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/developerc286/conventional_commits_linter:0.17.0@sha256:d6fb0dfd79c2e06897692bc3f0dc62bcb7ce90a92030c81a3137935516d525d7
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
       - name: Check Conventional Commits linting.
-        run: make check-conventional-commits-linting FROM="origin/${{ github.base_ref }}"
+        run: conventional_commits_linter --type angular "origin/${{ github.base_ref }}"

.github/workflows/dogfood.yml

@@ -0,0 +1,21 @@
+name: Dogfood
+
+on: pull_request
+
+permissions:
+  contents: read
+
+jobs:
+  docker:
+    name: Docker
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
+      - name: Dogfooding Docker.
+        run: nix develop -c make dogfood-docker

.github/workflows/git-history.yml

@@ -8,12 +8,14 @@ permissions:
 jobs:
   clean:
     name: Clean
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
+    container:
+      image: ghcr.io/developerc286/clean_git_history:1.1.5@sha256:b1374591d48393f6b5fcc888f6bc7da05f7d218961f7850112130b1cad78186a
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0
       - name: Check clean Git history.
-        run: make check-clean-git-history FROM="origin/${{ github.base_ref }}"
+        run: clean_git_history "origin/${{ github.base_ref }}"

.github/workflows/github-actions-workflows.yml

@@ -6,19 +6,30 @@ permissions:
   contents: read
 
 jobs:
-  linting:
-    name: Linting
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code.
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
-      - name: Check GitHub Actions workflows linting.
-        run: make check-github-actions-workflows-linting
   formatting:
     name: Formatting
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
     steps:
       - name: Checkout code.
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
       - name: Check formatting.
-        run: make check-yaml-formatting
+        run: nix develop -c make check-yaml-formatting
+
+  linting:
+    name: Linting
+    runs-on: ${{ matrix.architecture }}
+    strategy:
+      matrix:
+        architecture: [ubuntu-24.04, ubuntu-24.04-arm]
+    steps:
+      - name: Checkout code.
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - name: Setup Nix.
+        uses: cachix/install-nix-action@4e002c8ec80594ecd40e759629461e26c8abed15 # v31.9.0
+      - name: Check GitHub Actions workflows linting.
+        run: nix develop -c make check-github-actions-workflows-linting

.github/workflows/mirroring.yml

@@ -9,8 +9,9 @@ concurrency:
   group: ${{ github.workflow }}
 
 jobs:
-  GitLab:
-    runs-on: ubuntu-latest
+  gitlab:
+    name: GitLab
+    runs-on: ubuntu-24.04
     steps:
       - name: Checkout code.
         run: git clone --mirror "https://github.com/${GITHUB_REPOSITORY}.git" "${GITHUB_WORKSPACE}"