eric/rules_bun
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: update nix flake

Browse Source
This commit is contained in:
Eric
2026-03-04 08:26:46 +01:00
parent 2da15f90f6
commit 317f6ed6c0
5 changed files with 187 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.envrc Normal file
View File

@@ -0,0 +1 @@
use flake

6
.gitignore vendored
View File

@@ -6,6 +6,12 @@
# based on the name of the directory bazel is cloned into. # based on the name of the directory bazel is cloned into.
/bazel-* /bazel-*
.direnv/
.pre-commit-config.yaml
build/
dist/
node_modules/
# Directories for the Bazel IntelliJ plugin containing the generated # Directories for the Bazel IntelliJ plugin containing the generated
# IntelliJ project files and plugin configuration. Seperate directories are # IntelliJ project files and plugin configuration. Seperate directories are
# for the IntelliJ, Android Studio and CLion versions of the plugin. # for the IntelliJ, Android Studio and CLion versions of the plugin.

45
.gitleaks.toml Normal file
View File

@@ -0,0 +1,45 @@
# .gitleaks.toml
title = "gitleaks config"
[extend]
# extend the default ruleset rather than replacing it
useDefault = true
[allowlist]
description = "Global allowlist"
paths = [
# lock files often contain hashes that trip up gitleaks
'''flake\.lock''',
'''package-lock\.json''',
'''yarn\.lock''',
'''bun\.lockb''',
]
regexes = [
# nix store hashes
'''/nix/store/[a-z0-9]{32}-''',
]
[[rules]]
id = "generic-api-key-extended"
description = "Extended generic API key detection"
regex = '''(?i)(api[_-]?key|api[_-]?secret|access[_-]?token|auth[_-]?token)\s*[:=]\s*['"]?[a-zA-Z0-9_\-]{16,}['"]?'''
entropy = 3.5
tags = ["api", "key", "token"]
[[rules]]
id = "private-key-file"
description = "Private key files"
regex = '''-----BEGIN (RSA|EC|DSA|OPENSSH|PGP) PRIVATE KEY'''
tags = ["key", "private"]
[[rules]]
id = "environment-file"
description = "Committed .env files"
path = '''(^|/)\.env(\.[a-z]+)?$'''
regex = '''.+'''
tags = ["env"]
[rules.allowlist]
paths = [
# allow .env.example and .env.template
'''\.env\.(example|template|sample)$''',
]

63
flake.lock generated
View File

@@ -1,5 +1,28 @@
{ {
"nodes": { "nodes": {
"devshell-lib": {
"inputs": {
"git-hooks": "git-hooks",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1772609129,
"narHash": "sha256-ha7H2OhxoLhkDVgKtgkJc8yO3f0rKlPZZTJYyc+rfLI=",
"ref": "v1.0.3",
"rev": "cdc9e180353b1a1105bbcdad18dc3938ea3e88a3",
"revCount": 31,
"type": "git",
"url": "https://git.dgren.dev/eric/nix-flake-lib"
},
"original": {
"ref": "v1.0.3",
"type": "git",
"url": "https://git.dgren.dev/eric/nix-flake-lib"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -39,6 +62,7 @@
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"devshell-lib",
"git-hooks", "git-hooks",
"nixpkgs" "nixpkgs"
] ]
@@ -74,22 +98,6 @@
} }
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": {
"lastModified": 1772542754,
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1770107345, "lastModified": 1770107345,
"narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=", "narHash": "sha256-tbS0Ebx2PiA1FRW8mt8oejR0qMXmziJmPaU1d4kYY9g=",
@@ -105,16 +113,31 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1772542754,
"narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"git-hooks": "git-hooks", "devshell-lib": "devshell-lib",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_3"
"treefmt-nix": "treefmt-nix"
} }
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1770228511, "lastModified": 1770228511,

211
flake.nix
View File

@@ -3,17 +3,16 @@
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
git-hooks.url = "github:cachix/git-hooks.nix"; devshell-lib.url = "git+https://git.dgren.dev/eric/nix-flake-lib?ref=v1.0.3";
treefmt-nix.url = "github:numtide/treefmt-nix"; devshell-lib.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
{ {
self,
nixpkgs, nixpkgs,
treefmt-nix, devshell-lib,
... ...
}@inputs: }:
let let
supportedSystems = [ supportedSystems = [
"x86_64-linux" "x86_64-linux"
@@ -22,147 +21,121 @@
"aarch64-darwin" "aarch64-darwin"
]; ];
forAllSystems = nixpkgs.lib.genAttrs supportedSystems; forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
treefmtEvalFor =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
in
treefmt-nix.lib.evalModule pkgs {
projectRootFile = "flake.nix";
programs = {
nixfmt.enable = true;
shfmt.enable = true;
oxfmt.enable = true;
};
settings = {
formatter = {
shfmt = {
options = [
"-i"
"2"
"-s"
"-w"
];
};
oxfmt = {
includes = [
"*.md"
"*.yaml"
"*.yml"
"*.json"
"*.html"
"*.css"
"*.js"
"*.ts"
"*.tsx"
"*.svelte"
];
};
};
};
};
in in
{ {
formatter = forAllSystems (system: (treefmtEvalFor system).config.build.wrapper);
checks = forAllSystems (
system:
let
pkgs = import nixpkgs { inherit system; };
in
{
pre-commit-check = inputs.git-hooks.lib.${system}.run {
src = ./.;
hooks = {
treefmt = {
enable = true;
entry = "${(treefmtEvalFor system).config.build.wrapper}/bin/treefmt";
pass_filenames = true;
};
gitlint.enable = true;
gitleaks = {
enable = true;
entry = "${pkgs.gitleaks}/bin/gitleaks protect --staged";
pass_filenames = false;
};
tests = {
enable = true;
entry = "echo 'No tests defined yet.'";
pass_filenames = false;
stages = [
"pre-push"
];
};
};
};
}
);
devShells = forAllSystems ( devShells = forAllSystems (
system: system:
let let
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
inherit (self.checks.${system}.pre-commit-check) shellHook enabledPackages;
customShellHook = shellHook + "";
bazel9 = pkgs.writeShellScriptBin "bazel" '' bazel9 = pkgs.writeShellScriptBin "bazel" ''
export USE_BAZEL_VERSION="''${USE_BAZEL_VERSION:-9.0.0}" export USE_BAZEL_VERSION="''${USE_BAZEL_VERSION:-9.0.0}"
exec ${pkgs.bazelisk}/bin/bazelisk "$@" exec ${pkgs.bazelisk}/bin/bazelisk "$@"
''; '';
env = devshell-lib.lib.mkDevShell {
inherit system;
in extraPackages = with pkgs; [
{
default = pkgs.mkShell {
packages = with pkgs; [
go go
gopls gopls
gotools gotools
bun bun
gitlint
bazel9 bazel9
bazel-buildtools bazel-buildtools
]; ];
shellHook = '' features = {
${customShellHook} oxfmt = true;
export USE_BAZEL_VERSION="''${USE_BAZEL_VERSION:-9.0.0}" };
export BUN_INSTALL="''${BUN_INSTALL:-$HOME/.bun}"
export PATH="$BUN_INSTALL/bin:$PATH"
if ! command -v oxfmt >/dev/null 2>&1; then formatters = {
bun add --global oxfmt shfmt.enable = true;
fi };
if ! command -v oxlint >/dev/null 2>&1; then formatterSettings = {
bun add --global oxlint shfmt.options = [
fi "-i"
"2"
"-s"
"-w"
];
};
if [ -t 1 ]; then additionalHooks = {
if command -v tput >/dev/null 2>&1; then tests = {
tput clear enable = true;
else entry = "echo 'No tests defined yet.'";
printf '\033c' pass_filenames = false;
fi stages = [ "pre-push" ];
fi };
};
GREEN='\033[1;32m' tools = [
CYAN='\033[1;36m' {
YELLOW='\033[1;33m' name = "Bun";
BLUE='\033[1;34m' bin = "${pkgs.bun}/bin/bun";
RESET='\033[0m' versionCmd = "--version";
color = "YELLOW";
}
{
name = "Go";
bin = "${pkgs.go}/bin/go";
versionCmd = "version";
color = "CYAN";
}
{
name = "Bazel";
bin = "${bazel9}/bin/bazel";
versionCmd = "--version";
color = "BLUE";
}
];
printf "\n$GREEN 🚀 Monorepo dev shell ready$RESET\n\n" extraShellHook = ''
printf " $CYAN Bun:$RESET $YELLOW%s$RESET\n" "$(bun --version)" export USE_BAZEL_VERSION="''${USE_BAZEL_VERSION:-9.0.0}"
printf " $CYAN Go:$RESET $YELLOW%s$RESET\n" "$(go version)" export BUN_INSTALL="''${BUN_INSTALL:-$HOME/.bun}"
printf " $CYAN Bazel:$RESET $BLUE%s$RESET\n\n" "$(bazel --version)" export PATH="$BUN_INSTALL/bin:$PATH"
''; '';
buildInputs = enabledPackages;
}; };
in
{
default = env.shell;
} }
); );
checks = forAllSystems (
system:
let
env = devshell-lib.lib.mkDevShell { inherit system; };
in
{
inherit (env) pre-commit-check;
}
);
formatter = forAllSystems (system: (devshell-lib.lib.mkDevShell { inherit system; }).formatter);
# Optional: release command (`release`)
#
# The release script always updates VERSION first, then:
# 1) runs release steps in order (file writes and scripts)
# 2) runs postVersion hook
# 3) formats, stages, commits, tags, and pushes
#
# Runtime env vars available in release.run/postVersion:
# BASE_VERSION, CHANNEL, PRERELEASE_NUM, FULL_VERSION, FULL_TAG
#
packages = forAllSystems (system: {
release = devshell-lib.lib.mkRelease {
inherit system;
release = [ ];
postVersion = ''
echo "Released $FULL_TAG"
'';
};
});
}; };
} }