chore(release): 1.2.0

.gitea/workflows/deploy.yaml

@@ -0,0 +1,107 @@
+name: Build and Deploy
+on:
+  push:
+    branches: [master]
+  # pull_request:
+  #  branches: [master]
+  tags:
+    - '*.*.*'
+jobs:
+  build-deploy-ubuntu:
+    # Is it a risk to Ouroboros this?
+    # Really want this to be able to run on ubuntu but it is a slow run.
+    runs-on: ubuntu-latest
+    # runs-on: nix-runner
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Fetch all history for tags
+      - name: Install Nix
+        uses: cachix/install-nix-action@7be5dee1421f63d07e71ce6e0a9f8a4b07c2a487
+      - name: "Cache Nix store"
+        uses: actions/cache@v4
+        id: nix-cache
+        with:
+          path: /tmp/nixcache
+          key: nix-${{ runner.os }}-nix-builder-image-${{ hashFiles('**/package.json', 'package-lock.json', '**/*.nix', '**/flake.lock') }}
+          restore-keys: |
+            nix-${{ runner.os }}-nix-builder-image
+      - name: Setup Attic Cache
+        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
+        with:
+          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+          cache: ${{ secrets.ATTIC_CACHE }}
+          token: ${{ secrets.ATTIC_TOKEN }}
+      - name: "Import Nix store cache"
+        continue-on-error: true
+        # if: "steps.nix-cache.outputs.cache-hit == 'true'"
+        run: bash scripts/restore_cache.sh
+      - name: Build container
+        run: nix build .#act-runner-image
+      - name: Check Nix flake
+        run: nix flake check
+        id: flake-check
+      - name: Build Docker image if flake check fails
+        if: steps.flake-check.outcome == 'failure'
+        run: |
+          just build
+          echo "::warning::Nix flake check failed, but Docker image build succeeded as fallback"
+      - name: Set deployment variables
+        id: vars
+        run: |
+          # Check if this is a tag build
+          if [[ ${{ github.ref_type }} == 'tag' ]]; then
+            echo "TAG=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+            echo "BRANCH=master" >> $GITHUB_OUTPUT
+          else
+            echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+          fi
+      - name: Deploy Docker image
+        env:
+          REGISTRY: gitea.deepak.science
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          REPOSITORY: ${{ github.repository }}
+          TAG: ${{ steps.vars.outputs.TAG }}
+          BRANCH: ${{ steps.vars.outputs.BRANCH }}
+        run: |
+          nix develop -c bash scripts/deploy.sh
+      - name: "Export Nix store cache"
+        if: always()
+        # if: "steps.nix-cache.outputs.cache-hit != 'true'"
+        run: bash scripts/populate_cache.sh
+  nix-check:
+    runs-on: nix-runner
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Fetch all history for tags
+      - name: "Cache Nix store"
+        uses: actions/cache@v4
+        id: nix-cache
+        with:
+          path: /tmp/nixcache
+          key: nix-${{ runner.os }}-nix-builder-image-${{ hashFiles('**/package.json', 'package-lock.json', '**/*.nix', '**/flake.lock') }}
+          restore-keys: |
+            nix-${{ runner.os }}-nix-builder-image
+      - name: Setup Attic Cache
+        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
+        with:
+          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+          cache: ${{ secrets.ATTIC_CACHE }}
+          token: ${{ secrets.ATTIC_TOKEN }}
+      - name: "Import Nix store cache"
+        continue-on-error: true
+        # if: "steps.nix-cache.outputs.cache-hit == 'true'"
+        run: bash scripts/restore_cache.sh
+      - name: Build container
+        run: nix build .#act-runner-image
+      - name: Check Nix flake
+        run: nix flake check
+        id: flake-check
+      - name: "Export Nix store cache"
+        if: always()
+        # if: "steps.nix-cache.outputs.cache-hit != 'true'"
+        run: bash scripts/populate_cache.sh

.gitea/workflows/test.yml

@@ -1,55 +0,0 @@
-name: Build and Deploy
-on:
-  push:
-    branches: [master]
-  # pull_request:
-  #  branches: [master]
-  tags:
-    - '*.*.*'
-jobs:
-  nix-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0 # Fetch all history for tags
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
-      - name: Setup Attic Cache
-        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
-        with:
-          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
-          cache: ${{ secrets.ATTIC_CACHE }}
-          token: ${{ secrets.ATTIC_TOKEN }}
-      - name: Build container
-        run: nix build .#act-runner-image
-      - name: Check Nix flake
-        run: nix flake check
-        continue-on-error: true
-        id: flake-check
-      - name: Build Docker image if flake check fails
-        if: steps.flake-check.outcome == 'failure'
-        run: |
-          just build
-          echo "::warning::Nix flake check failed, but Docker image build succeeded as fallback"
-      - name: Set deployment variables
-        id: vars
-        run: |
-          # Check if this is a tag build
-          if [[ ${{ github.ref_type }} == 'tag' ]]; then
-            echo "TAG=${{ github.ref_name }}" >> $GITHUB_OUTPUT
-            echo "BRANCH=master" >> $GITHUB_OUTPUT
-          else
-            echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT
-          fi
-      - name: Deploy Docker image
-        env:
-          REGISTRY: gitea.deepak.science
-          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-          REPOSITORY: ${{ github.repository }}
-          TAG: ${{ steps.vars.outputs.TAG }}
-          BRANCH: ${{ steps.vars.outputs.BRANCH }}
-        run: |
-          nix develop -c bash scripts/deploy.sh

CHANGELOG.md

@@ -2,6 +2,52 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [1.2.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/1.1.0...1.2.0) (2025-09-17)
+
+
+### Features
+
+* adds findutils ([0a4d71d](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/0a4d71da9ad96da975744b6598e341abddcc075b))
+* update flakes and fix dependencies with nixpkgs follows ([991e6dc](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/991e6dc2d3090f7cd07ec18fd2a7a72009f49d32))
+
+
+### Bug Fixes
+
+* try removing the always allow substitutes config ([9b412d6](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/9b412d6fe3c1a7b90e78a96b95e9910c047bf24c))
+
+## [1.1.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/1.0.0...1.1.0) (2025-03-25)
+
+
+### Features
+
+* Adds some default dockertools env setup guys ([aad15b8](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/aad15b8fd664061cba0cd0bf564edfbd411c656e))
+* adds ssh to our image ([ca5a032](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/ca5a03208862b4296b3fd9a4f89d9e62128bb5f4))
+* adds zstd for cache ([96266b8](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/96266b8c066d7265429493467bb4c2c5ed046254))
+
+## [1.0.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.2.0...1.0.0) (2025-03-22)
+
+
+### Features
+
+* adds attic-client to docker image ([a0bf7e3](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/a0bf7e332a1ec0aef658a4d6559831086a6e8b47))
+* adds more to nix.conf ([15d2307](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/15d230783910b794e9075b5b15817f8aebf0902d))
+* adds nix conf for experimental features into image ([1605f96](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/1605f960660c5bc32af82ccf9c3db6c47305ee17))
+
+
+### Bug Fixes
+
+* Better formatting for nix.conf ([f99f972](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/f99f9723f86ebf16aabd6f31093a6a795b5a8fa8))
+* whoops fixing invalid entry ([cec1960](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/cec19600630a28eef566c50216cdb21fc68f9221))
+
+## [0.2.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.1.0...0.2.0) (2025-03-22)
+
+
+### Features
+
+* adds node and uv as common tools ([41912b1](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/41912b100884d3c04e333beaf7cbebf58fb429be))
+
+## [0.1.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.0.4...0.1.0) (2025-03-22)
+
 ## [0.0.4](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.0.3...0.0.4) (2025-03-22)
 
 ## [0.0.3](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.0.2...0.0.3) (2025-03-22)

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742422364,
-        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
+        "lastModified": 1757745802,
+        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
+        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
         "type": "github"
       },
       "original": {
@@ -16,22 +16,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1735554305,
-        "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "nixpkgs": "nixpkgs",
@@ -40,14 +24,16 @@
     },
     "treefmt-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1742370146,
-        "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
+        "lastModified": 1756662192,
+        "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
+        "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
         "type": "github"
       },
       "original": {

flake.nix

@@ -3,7 +3,10 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    treefmt-nix.url = "github:numtide/treefmt-nix";
+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
@@ -12,8 +15,14 @@
       supportedSystems = [ "x86_64-linux" ];
       pkgsFor =
         system:
-        nixpkgs.legacyPackages.${system}.extend (
-          nixpkgs.lib.composeManyExtensions ([ dockerOverlay ])
+        let
+          pkgs = import nixpkgs {
+            inherit system;
+            config.allowUnfree = true;
+          };
+        in
+        pkgs.extend (
+          pkgs.lib.composeManyExtensions [ dockerOverlay ]
           # nixpkgs.lib.composeManyExtensions ([ ] ++ builtins.attrValues self.overlays)
         );
       eachSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f (pkgsFor system));
@@ -56,10 +65,25 @@
           # fromImage = "ghcr.io/catthehacker/ubuntu:runner-latest";
 
           contents = [
+
+            # some stuff that dockertools provides?
+            pkgs.dockerTools.usrBinEnv
+            pkgs.dockerTools.binSh
+            pkgs.dockerTools.caCertificates
+            pkgs.dockerTools.fakeNss
+
+            # Get nix in there
+            pkgs.nix
+            (pkgs.writeTextDir "etc/nix/nix.conf" ''
+              experimental-features = nix-command flakes
+              build-users-group =
+            '')
+
             # Base packages
             pkgs.bash
             pkgs.coreutils
-            pkgs.nix
+            # for the actions/cache need the find command
+            pkgs.findutils
             pkgs.cacert
             pkgs.curl
             pkgs.gitReallyMinimal
@@ -67,6 +91,14 @@
             pkgs.gzip
             pkgs.gnused
             pkgs.gnugrep
+            pkgs.attic-client
+            pkgs.openssh
+            # zstd needed for cache-nix-action I believe
+            pkgs.zstd
+
+            # Tools we need to get some common actions running
+            pkgs.nodejs
+            pkgs.uv
 
             # runner
             pkgs.gitea-actions-runner
@@ -75,6 +107,8 @@
             # pkgs.docker
             # pkgs.docker-compose
             pkgs.jq
+            pkgs.terraform
+            pkgs.awscli2
           ];
 
           config = {

justfile

@@ -56,3 +56,9 @@ release version="":
     else
     	./scripts/release.sh
     fi
+
+# Exec into the most recently built version
+exec:
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    docker run -it nix-gitea-act-runner /bin/bash

scripts/deploy.sh

@@ -15,6 +15,9 @@ banner() {
   echo "========================================================"
 }
 
+echo "List what we start with"
+ls -alh
+
 banner "Deploying Docker image to registry"
 
 # Check if result file exists

scripts/populate_cache.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -Eeuox pipefail
+
+CACHE_PATH=${CACHE_PATH:-"/tmp/nixcache"}
+
+banner() {
+  echo "========================================================"
+  echo "  $*"
+  echo "========================================================"
+}
+
+banner "List what we start with"
+
+nix-store --query --requisites --include-outputs "$(nix eval .\#devShells.x86_64-linux.default.drvPath --raw)" >dependencies.txt
+nix-store --query --requisites --include-outputs "$(nix eval .\#packages.x86_64-linux.default.drvPath --raw)" >>dependencies.txt
+# nix-store --query --requisites --include-outputs "$(nix eval .\#checks.x86_64-linux.formatting.drvPath --raw)" >>dependencies.txt
+# nix-store --query --requisites --include-outputs "$(nix eval .\#checks.x86_64-linux.test-check.drvPath --raw)" >>dependencies.txt
+nix-store --query --requisites --include-outputs "$(nix eval .\#formatter.x86_64-linux.drvPath --raw)" >>dependencies.txt
+
+sort -o dependencies.txt -u dependencies.txt
+
+banner "list obtained paths to cache"
+
+wc -l dependencies.txt
+
+banner "filter out our matches"
+
+echo "Using filter"
+cat scripts/populate_cache_exclude_patterns.txt
+
+grep -vf scripts/populate_cache_exclude_patterns.txt dependencies.txt >filtered_dependencies.txt
+
+echo "Count our filtered"
+wc -l filtered_dependencies.txt
+
+xargs <filtered_dependencies.txt -r nix copy --to "file://${CACHE_PATH}" --no-substitute
+
+banner "done with populating cache"

scripts/restore_cache.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+CACHE_PATH=${CACHE_PATH:-"/tmp/nixcache"}
+
+banner() {
+  echo "========================================================"
+  echo "  $*"
+  echo "========================================================"
+}
+
+# banner "List what we start with"
+# ls -alh "${CACHE_PATH}"
+
+banner "Copy time"
+nix copy --from "file://${CACHE_PATH}" --no-check-sigs --all

version.txt

@@ -1 +1 @@
-0.0.4
+1.2.0