.envrc

@@ -1,3 +1,3 @@
-source_url "https://raw.githubusercontent.com/cachix/devenv/d1f7b48e35e6dee421cfd0f51481d17f77586997/direnvrc" "sha256-YBzqskFZxmNb3kYVoKD9ZixoPXJh1C9ZvTLGFRkauZ0="
+source_url "https://raw.githubusercontent.com/cachix/devenv/82c0147677e510b247d8b9165c54f73d32dfd899/direnvrc" "sha256-7u4iDd1nZpxL4tCzmPG0dQgC5V+/44Ba+tHkPob1v2k="
 
-use devenv
+use devenv

.github/dependabot.yml

@@ -1,13 +1,12 @@
 version: 2
 updates:
-
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-    time: '00:00'
-    timezone: UTC
-  open-pull-requests-limit: 10
-  commit-message:
+  - package-ecosystem: github-actions
+    directory: "/"
+    schedule:
+      interval: daily
+      time: "00:00"
+      timezone: UTC
+    open-pull-requests-limit: 10
+    commit-message:
       prefix: "chore"
-      include: "scope"
+      include: "scope"

.github/workflows/test.yml

@@ -21,7 +21,7 @@ jobs:
       - run: yarn build
       # check if typescript generation was committed
       - run: git diff --exit-code
-      - uses: cachix/install-nix-action@V27
+      - uses: cachix/install-nix-action@v30
       - name: Test public cache
         uses: ./
         with:
@@ -40,7 +40,7 @@ jobs:
       - uses: actions/checkout@v4
       - run: yarn install --frozen-lockfile
       - run: yarn build
-      - uses: cachix/install-nix-action@V27
+      - uses: cachix/install-nix-action@v30
       - name: Test public cache no signing key
         uses: ./
         with:
@@ -59,7 +59,7 @@ jobs:
       - uses: actions/checkout@v4
       - run: yarn install --frozen-lockfile
       - run: yarn build
-      - uses: cachix/install-nix-action@V27
+      - uses: cachix/install-nix-action@v30
       - name: Test private cache
         uses: ./
         with:
@@ -78,7 +78,7 @@ jobs:
       - uses: actions/checkout@v4
       - run: yarn install --frozen-lockfile
       - run: yarn build
-      - uses: cachix/install-nix-action@V27
+      - uses: cachix/install-nix-action@v30
       - id: paths
         run: |
           paths=$(nix-instantiate test.nix | tr '\n' ' ')
@@ -99,7 +99,7 @@ jobs:
       - uses: actions/checkout@v4
       - run: yarn install --frozen-lockfile
       - run: yarn build
-      - uses: cachix/install-nix-action@V27
+      - uses: cachix/install-nix-action@v30
       - name: Test private cache
         uses: ./
         with:
@@ -127,7 +127,7 @@ jobs:
           curl --location https://github.com/sandydoo/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O
           ./nar-toolbox-${{ matrix.system }} serve &
 
-      - uses: cachix/install-nix-action@V27
+      - uses: cachix/install-nix-action@v30
         with:
           install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install
           install_options: "--tarball-url-prefix https://localhost:8080"

README.md

@@ -22,31 +22,33 @@ See [action.yml](action.yml) for all options.
 
 Cachix auth token and signing key need special care as they give read and write access to your caches.
 
-[As per GitHub Actions' security model](https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets#using-encrypted-secrets-in-a-workflow):
+[As per GitHub Actions' security model](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#accessing-your-secrets):
 
-> Anyone with write access to a repository can create, read, and use secrets.
+> You can use and read secrets in a workflow file if you have access to edit the file.
 
-Which means all developers with write/push access can read your secrets and write to your cache. 
+Which means all developers with write/push access can read your secrets and write to your cache.
 
-Pull requests do not have access to secrets so read access to a public binary cache will work,
+Pull requests from forks do not have access to secrets so read access to a public binary cache will work,
 but pushing will be disabled since there is no signing key.
 
-Note that malicious code submitted via a pull request can, once merged into `master`, reveal the tokens. 
-
+Note that malicious code submitted via forked pull request can, once merged into `master`, reveal tokens.
 
 ## Hacking
 
-Install the dependencies  
+Install the dependencies
+
 ```bash
 $ yarn install
 ```
 
 Build the typescript
+
 ```bash
 $ yarn build
 ```
 
-Run the tests :heavy_check_mark:  
+Run the tests :heavy_check_mark:
+
 ```bash
 $ yarn test
 ```

action.yml

@@ -1,39 +1,39 @@
-name: 'Cachix'
-description: 'nix-build with the help of caching to Cachix'
-author: 'Domen Kožar'
+name: "Cachix"
+description: "nix-build with the help of caching to Cachix"
+author: "Domen Kožar"
 inputs:
   name:
-    description: 'Name of a cachix cache to push and pull/substitute'
+    description: "Name of a cachix cache to push and pull/substitute"
     required: true
   extraPullNames:
-    description: 'Comma-separated list of names for extra cachix caches to pull/substitute'
+    description: "Comma-separated list of names for extra cachix caches to pull/substitute"
   authToken:
-    description: 'Authentication token for Cachix, needed for private cache access or to push using an Auth Token'
+    description: "Authentication token for Cachix, needed for private cache access or to push using an Auth Token"
   signingKey:
-    description: 'Signing key secret retrieved after creating binary cache on https://cachix.org'
+    description: "Signing key secret retrieved after creating binary cache on https://cachix.org"
   skipPush:
-    description: 'Set to true to disable pushing build results to the cache'
-    default: 'false'
+    description: "Set to true to disable pushing build results to the cache"
+    default: "false"
   pathsToPush:
-    description: 'Whitespace-separated list of paths to push. Leave empty to push every build result.'
+    description: "Whitespace-separated list of paths to push. Leave empty to push every build result."
   pushFilter:
     description: 'Ignored if pathsToPush is set. Regular expression to exclude derivations for the cache push, for example "(-source$|nixpkgs\.tar\.gz$)". Warning: this filter does not guarantee it will not get pushed in case the path is part of the closure of something that will get pushed.'
   cachixArgs:
-    description: 'Extra command-line arguments to pass to cachix. If empty, defaults to -j8'
+    description: "Extra command-line arguments to pass to cachix. If empty, defaults to -j8"
   skipAddingSubstituter:
-    description: 'Set to true to skip adding cachix cache as a substitute'
-    default: 'false'
+    description: "Set to true to skip adding cachix cache as a substitute"
+    default: "false"
   useDaemon:
     description: "Push store paths to the cache as they're built with the Cachix Daemon"
-    default: 'true'
+    default: "true"
   cachixBin:
-    description: 'Provide a custom path to the cachix binary'
+    description: "Provide a custom path to the cachix binary"
   installCommand:
-    description: 'Override the default cachix installation method'
+    description: "Override the default cachix installation method"
 branding:
-  color: 'blue'
-  icon: 'database'
+  color: "blue"
+  icon: "database"
 runs:
-  using: 'node20'
-  main: 'dist/main/index.js'
-  post: 'dist/main/index.js'
+  using: "node20"
+  main: "dist/main/index.js"
+  post: "dist/main/index.js"

devenv.lock

@@ -3,11 +3,10 @@
     "devenv": {
       "locked": {
         "dir": "src/modules",
-        "lastModified": 1692203620,
-        "narHash": "sha256-9SF/H8oCWv166q5o+JtV7tK+koydgFMu02HCB27UWpU=",
+        "lastModified": 1731679695,
         "owner": "cachix",
         "repo": "devenv",
-        "rev": "eee80243720b7f284128873a9694a520d9967b2f",
+        "rev": "9f6cadacb9db82f541bbadd67e0189a2b850937e",
         "type": "github"
       },
       "original": {
@@ -20,11 +19,10 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -33,24 +31,6 @@
         "type": "github"
       }
     },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems"
-      },
-      "locked": {
-        "lastModified": 1685518550,
-        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -59,11 +39,10 @@
         ]
       },
       "locked": {
-        "lastModified": 1660459072,
-        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "lastModified": 1709087332,
         "owner": "hercules-ci",
         "repo": "gitignore.nix",
-        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
         "type": "github"
       },
       "original": {
@@ -74,11 +53,10 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1692311226,
-        "narHash": "sha256-mRzNup0PIUD6YxbrYvjzL7f+1oaOGy9nmGCV3AZkQus=",
+        "lastModified": 1731531548,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "ef8288935ba859fc3b30632fa6e04705f81b9c2a",
+        "rev": "24f0d4acd634792badd6470134c387a3b039dace",
         "type": "github"
       },
       "original": {
@@ -90,36 +68,33 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1685801374,
-        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "lastModified": 1731386116,
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "rev": "689fed12a013f56d4c4d3f612489634267d86529",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-23.05",
+        "ref": "nixos-24.05",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat",
-        "flake-utils": "flake-utils",
         "gitignore": "gitignore",
         "nixpkgs": [
           "nixpkgs"
         ],
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1692274144,
-        "narHash": "sha256-BxTQuRUANQ81u8DJznQyPmRsg63t4Yc+0kcyq6OLz8s=",
+        "lastModified": 1731363552,
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "7e3517c03d46159fdbf8c0e5c97f82d5d4b0c8fa",
+        "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
         "type": "github"
       },
       "original": {
@@ -134,21 +109,6 @@
         "nixpkgs": "nixpkgs",
         "pre-commit-hooks": "pre-commit-hooks"
       }
-    },
-    "systems": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
     }
   },
   "root": "root",

devenv.nix

@@ -1,15 +1,38 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 let
-  node = pkgs.nodejs_20;
+  nodejs = pkgs.nodejs_20;
 in
 {
-  packages = [
-    pkgs.act
-    pkgs.yarn
-    node
-    node.pkgs.typescript-language-server
-  ];
+  packages =
+    let
+      nodePackages = config.languages.javascript.package.pkgs;
+    in
+    [
+      pkgs.act
+      nodePackages.typescript-language-server
+    ];
 
   languages.typescript.enable = true;
+
+  languages.javascript = {
+    enable = true;
+    package = nodejs;
+    yarn.enable = true;
+    yarn.install.enable = true;
+  };
+
+  git-hooks.hooks = {
+    prettier = {
+      enable = true;
+      excludes = [ "dist" ];
+    };
+    nixfmt-rfc-style.enable = true;
+    build-dist = {
+      enable = true;
+      files = "src/.*$";
+      pass_filenames = false;
+      entry = "devenv shell yarn build";
+    };
+  };
 }

devenv.yaml

@@ -3,4 +3,3 @@ inputs:
     url: github:NixOS/nixpkgs/nixpkgs-unstable
 permittedInsecurePackages:
   - nodejs-16.20.2
-