chore(release): 1.2.0

.gitea/workflows/deploy.yaml

@@ -0,0 +1,107 @@
+name: Build and Deploy
+on:
+  push:
+    branches: [master]
+  # pull_request:
+  #  branches: [master]
+  tags:
+    - '*.*.*'
+jobs:
+  build-deploy-ubuntu:
+    # Is it a risk to Ouroboros this?
+    # Really want this to be able to run on ubuntu but it is a slow run.
+    runs-on: ubuntu-latest
+    # runs-on: nix-runner
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Fetch all history for tags
+      - name: Install Nix
+        uses: cachix/install-nix-action@7be5dee1421f63d07e71ce6e0a9f8a4b07c2a487
+      - name: "Cache Nix store"
+        uses: actions/cache@v4
+        id: nix-cache
+        with:
+          path: /tmp/nixcache
+          key: nix-${{ runner.os }}-nix-builder-image-${{ hashFiles('**/package.json', 'package-lock.json', '**/*.nix', '**/flake.lock') }}
+          restore-keys: |
+            nix-${{ runner.os }}-nix-builder-image
+      - name: Setup Attic Cache
+        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
+        with:
+          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+          cache: ${{ secrets.ATTIC_CACHE }}
+          token: ${{ secrets.ATTIC_TOKEN }}
+      - name: "Import Nix store cache"
+        continue-on-error: true
+        # if: "steps.nix-cache.outputs.cache-hit == 'true'"
+        run: bash scripts/restore_cache.sh
+      - name: Build container
+        run: nix build .#act-runner-image
+      - name: Check Nix flake
+        run: nix flake check
+        id: flake-check
+      - name: Build Docker image if flake check fails
+        if: steps.flake-check.outcome == 'failure'
+        run: |
+          just build
+          echo "::warning::Nix flake check failed, but Docker image build succeeded as fallback"
+      - name: Set deployment variables
+        id: vars
+        run: |
+          # Check if this is a tag build
+          if [[ ${{ github.ref_type }} == 'tag' ]]; then
+            echo "TAG=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+            echo "BRANCH=master" >> $GITHUB_OUTPUT
+          else
+            echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT
+          fi
+      - name: Deploy Docker image
+        env:
+          REGISTRY: gitea.deepak.science
+          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
+          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
+          REPOSITORY: ${{ github.repository }}
+          TAG: ${{ steps.vars.outputs.TAG }}
+          BRANCH: ${{ steps.vars.outputs.BRANCH }}
+        run: |
+          nix develop -c bash scripts/deploy.sh
+      - name: "Export Nix store cache"
+        if: always()
+        # if: "steps.nix-cache.outputs.cache-hit != 'true'"
+        run: bash scripts/populate_cache.sh
+  nix-check:
+    runs-on: nix-runner
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # Fetch all history for tags
+      - name: "Cache Nix store"
+        uses: actions/cache@v4
+        id: nix-cache
+        with:
+          path: /tmp/nixcache
+          key: nix-${{ runner.os }}-nix-builder-image-${{ hashFiles('**/package.json', 'package-lock.json', '**/*.nix', '**/flake.lock') }}
+          restore-keys: |
+            nix-${{ runner.os }}-nix-builder-image
+      - name: Setup Attic Cache
+        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
+        with:
+          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
+          cache: ${{ secrets.ATTIC_CACHE }}
+          token: ${{ secrets.ATTIC_TOKEN }}
+      - name: "Import Nix store cache"
+        continue-on-error: true
+        # if: "steps.nix-cache.outputs.cache-hit == 'true'"
+        run: bash scripts/restore_cache.sh
+      - name: Build container
+        run: nix build .#act-runner-image
+      - name: Check Nix flake
+        run: nix flake check
+        id: flake-check
+      - name: "Export Nix store cache"
+        if: always()
+        # if: "steps.nix-cache.outputs.cache-hit != 'true'"
+        run: bash scripts/populate_cache.sh

.gitea/workflows/release_please.yml

@@ -1,24 +0,0 @@
-on:
-  push:
-    branches:
-      - master
-
-permissions:
-  contents: write
-  pull-requests: write
-
-name: release-please
-
-jobs:
-  release-please:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: joaquinjsb/gitea-release-please-action@v4
-        with:
-          # this assumes that you have created a personal access token
-          # (PAT) and configured it as a GitHub action secret named
-          # `MY_RELEASE_PLEASE_TOKEN` (this secret name is not important).
-          token: ${{ secrets.MY_RELEASE_PLEASE_TOKEN }}
-          # this is a built-in strategy in release-please, see "Action Inputs"
-          # for more options
-          release-type: simple

.gitea/workflows/test.yml

@@ -1,33 +0,0 @@
-name: Test build 
-
-on:
-  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-
-jobs:
-  nix-check:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v3
- 
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
-      - name: Setup Attic Cache
-        uses: ryanccn/attic-action@3354ae812cb672e1381be4c7914204c44db53866
-        with:
-          endpoint: ${{ secrets.ATTIC_ENDPOINT }}
-          cache: ${{ secrets.ATTIC_CACHE }}
-          token: ${{ secrets.ATTIC_TOKEN }}
-      - name: Check Nix flake
-        run: nix flake check
-        continue-on-error: true
-        id: flake-check
-
-      - name: Build Docker image if flake check fails
-        if: steps.flake-check.outcome == 'failure'
-        run: |
-          just build
-          echo "::warning::Nix flake check failed, but Docker image build succeeded as fallback"

.nvim.lua

@@ -0,0 +1,2 @@
+vim.opt.tabstop = 2;
+vim.opt.expandtab = true;

.versionrc

@@ -0,0 +1,10 @@
+{
+	"bumpFiles": [
+		{
+			"filename": "version.txt",
+			"type": "plain-text"
+		}
+	],
+	"sign": true,
+	"tag-prefix": ""
+}

CHANGELOG.md

@@ -0,0 +1,61 @@
+# Changelog
+
+All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
+
+## [1.2.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/1.1.0...1.2.0) (2025-09-17)
+
+
+### Features
+
+* adds findutils ([0a4d71d](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/0a4d71da9ad96da975744b6598e341abddcc075b))
+* update flakes and fix dependencies with nixpkgs follows ([991e6dc](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/991e6dc2d3090f7cd07ec18fd2a7a72009f49d32))
+
+
+### Bug Fixes
+
+* try removing the always allow substitutes config ([9b412d6](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/9b412d6fe3c1a7b90e78a96b95e9910c047bf24c))
+
+## [1.1.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/1.0.0...1.1.0) (2025-03-25)
+
+
+### Features
+
+* Adds some default dockertools env setup guys ([aad15b8](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/aad15b8fd664061cba0cd0bf564edfbd411c656e))
+* adds ssh to our image ([ca5a032](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/ca5a03208862b4296b3fd9a4f89d9e62128bb5f4))
+* adds zstd for cache ([96266b8](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/96266b8c066d7265429493467bb4c2c5ed046254))
+
+## [1.0.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.2.0...1.0.0) (2025-03-22)
+
+
+### Features
+
+* adds attic-client to docker image ([a0bf7e3](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/a0bf7e332a1ec0aef658a4d6559831086a6e8b47))
+* adds more to nix.conf ([15d2307](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/15d230783910b794e9075b5b15817f8aebf0902d))
+* adds nix conf for experimental features into image ([1605f96](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/1605f960660c5bc32af82ccf9c3db6c47305ee17))
+
+
+### Bug Fixes
+
+* Better formatting for nix.conf ([f99f972](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/f99f9723f86ebf16aabd6f31093a6a795b5a8fa8))
+* whoops fixing invalid entry ([cec1960](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/cec19600630a28eef566c50216cdb21fc68f9221))
+
+## [0.2.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.1.0...0.2.0) (2025-03-22)
+
+
+### Features
+
+* adds node and uv as common tools ([41912b1](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/41912b100884d3c04e333beaf7cbebf58fb429be))
+
+## [0.1.0](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.0.4...0.1.0) (2025-03-22)
+
+## [0.0.4](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.0.3...0.0.4) (2025-03-22)
+
+## [0.0.3](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/0.0.2...0.0.3) (2025-03-22)
+
+## [0.0.2](https://gitea.deepak.science:2222/deepak/nix-builder-image/compare/v0.0.1...v0.0.2) (2025-03-22)
+
+
+### Features
+
+* reduces docker image size ([6c9ff43](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/6c9ff4335d10ea138dca8f19aae0c70f4a9d6711))
+* updating with a version ([276c4e1](https://gitea.deepak.science:2222/deepak/nix-builder-image/commit/276c4e19216d00358dc1e0638740635d3b465701))

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1742422364,
-        "narHash": "sha256-mNqIplmEohk5jRkqYqG19GA8MbQ/D4gQSK0Mu4LvfRQ=",
+        "lastModified": 1757745802,
+        "narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a84ebe20c6bc2ecbcfb000a50776219f48d134cc",
+        "rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1",
         "type": "github"
       },
       "original": {
@@ -16,22 +16,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_2": {
-      "locked": {
-        "lastModified": 1735554305,
-        "narHash": "sha256-zExSA1i/b+1NMRhGGLtNfFGXgLtgo+dcuzHzaWA6w3Q=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "0e82ab234249d8eee3e8c91437802b32c74bb3fd",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "root": {
       "inputs": {
         "nixpkgs": "nixpkgs",
@@ -40,14 +24,16 @@
     },
     "treefmt-nix": {
       "inputs": {
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": [
+          "nixpkgs"
+        ]
       },
       "locked": {
-        "lastModified": 1742370146,
-        "narHash": "sha256-XRE8hL4vKIQyVMDXykFh4ceo3KSpuJF3ts8GKwh5bIU=",
+        "lastModified": 1756662192,
+        "narHash": "sha256-F1oFfV51AE259I85av+MAia221XwMHCOtZCMcZLK2Jk=",
         "owner": "numtide",
         "repo": "treefmt-nix",
-        "rev": "adc195eef5da3606891cedf80c0d9ce2d3190808",
+        "rev": "1aabc6c05ccbcbf4a635fb7a90400e44282f61c4",
         "type": "github"
       },
       "original": {

flake.nix

@@ -3,7 +3,10 @@
 
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
-    treefmt-nix.url = "github:numtide/treefmt-nix";
+    treefmt-nix = {
+      url = "github:numtide/treefmt-nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =
@@ -12,18 +15,45 @@
       supportedSystems = [ "x86_64-linux" ];
       pkgsFor =
         system:
-        nixpkgs.legacyPackages.${system}.extend (
-          nixpkgs.lib.composeManyExtensions ([ ])
+        let
+          pkgs = import nixpkgs {
+            inherit system;
+            config.allowUnfree = true;
+          };
+        in
+        pkgs.extend (
+          pkgs.lib.composeManyExtensions [ dockerOverlay ]
           # nixpkgs.lib.composeManyExtensions ([ ] ++ builtins.attrValues self.overlays)
         );
       eachSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f (pkgsFor system));
+      dockerOverlay = _final: prev: {
 
+        scripts = prev.callPackage ./scripts { };
+
+        # gitMinimal still ships with perl and python
+        gitReallyMinimal =
+          (prev.git.override {
+            perlSupport = false;
+            pythonSupport = false;
+            withManual = false;
+            withpcre2 = false;
+          }).overrideAttrs
+            (_: {
+              # installCheck is broken when perl is disabled
+              doInstallCheck = false;
+            });
+
+      };
       treefmtEval = eachSystem (pkgs: inputs.treefmt-nix.lib.evalModule pkgs ./treefmt.nix);
     in
     {
       # nix fmt formatter
       formatter = eachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
 
+      checks = eachSystem (pkgs: {
+        formatting = treefmtEval.${pkgs.system}.config.build.check self;
+      });
+
       # Docker image for Gitea Actions runner
       packages = eachSystem (pkgs: {
         default = self.packages.${pkgs.system}.act-runner-image;
@@ -35,17 +65,40 @@
           # fromImage = "ghcr.io/catthehacker/ubuntu:runner-latest";
 
           contents = [
+
+            # some stuff that dockertools provides?
+            pkgs.dockerTools.usrBinEnv
+            pkgs.dockerTools.binSh
+            pkgs.dockerTools.caCertificates
+            pkgs.dockerTools.fakeNss
+
+            # Get nix in there
+            pkgs.nix
+            (pkgs.writeTextDir "etc/nix/nix.conf" ''
+              experimental-features = nix-command flakes
+              build-users-group =
+            '')
+
             # Base packages
             pkgs.bash
             pkgs.coreutils
-            pkgs.nix
+            # for the actions/cache need the find command
+            pkgs.findutils
             pkgs.cacert
             pkgs.curl
-            pkgs.git
+            pkgs.gitReallyMinimal
             pkgs.gnutar
             pkgs.gzip
             pkgs.gnused
             pkgs.gnugrep
+            pkgs.attic-client
+            pkgs.openssh
+            # zstd needed for cache-nix-action I believe
+            pkgs.zstd
+
+            # Tools we need to get some common actions running
+            pkgs.nodejs
+            pkgs.uv
 
             # runner
             pkgs.gitea-actions-runner
@@ -53,7 +106,9 @@
             # Additional tools
             # pkgs.docker
             # pkgs.docker-compose
-            # pkgs.jq
+            pkgs.jq
+            pkgs.terraform
+            pkgs.awscli2
           ];
 
           config = {
@@ -75,8 +130,9 @@
             pkgs.just
             pkgs.dive
             pkgs.jq
+            pkgs.skopeo
             pkgs.docker
-            pkgs.docker-compose
+            pkgs.nodejs
           ];
 
           # Will be executed before entering the shell

justfile

@@ -46,3 +46,19 @@ dive:
     #!/usr/bin/env bash
     set -euxo pipefail
     dive nix-gitea-act-runner:latest
+
+# release the app, checking that our working tree is clean and ready for release, optionally takes target version
+release version="":
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    if [[ -n "{{ version }}" ]]; then
+    	./scripts/release.sh {{ version }}
+    else
+    	./scripts/release.sh
+    fi
+
+# Exec into the most recently built version
+exec:
+    #!/usr/bin/env bash
+    set -euxo pipefail
+    docker run -it nix-gitea-act-runner /bin/bash

scripts/deploy.sh

@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+# Configuration (can be overridden by environment variables)
+REGISTRY=${REGISTRY:-"ghcr.io"}
+REGISTRY_USER=${REGISTRY_USER:-""}
+REGISTRY_PASSWORD=${REGISTRY_PASSWORD:-""}
+IMAGE_NAME=${IMAGE_NAME:-"nix-gitea-act-runner"}
+REPOSITORY=${REPOSITORY:-"deepak/nix-gitea-act-runner"}
+IMAGE_PATH="${REGISTRY}/${REPOSITORY}/${IMAGE_NAME}"
+
+banner() {
+  echo "========================================================"
+  echo "  $*"
+  echo "========================================================"
+}
+
+echo "List what we start with"
+ls -alh
+
+banner "Deploying Docker image to registry"
+
+# Check if result file exists
+if [[ ! -f "result" ]]; then
+  echo "Error: Docker archive 'result' not found. Build the image first."
+  exit 1
+fi
+
+# Login to registry if credentials are provided
+if [[ -n ${REGISTRY_USER} && -n ${REGISTRY_PASSWORD} ]]; then
+  banner "Logging in to registry ${REGISTRY}"
+  echo "${REGISTRY_PASSWORD}" | skopeo login --username "${REGISTRY_USER}" --password-stdin "${REGISTRY}"
+fi
+
+# Inspect the image to ensure it's valid
+banner "Inspecting Docker archive"
+skopeo inspect docker-archive:result
+
+# Initialize tags array
+TAGS=()
+
+# Determine tags based on git context
+if [[ -n ${TAG:-} ]]; then
+  # For explicitly provided TAG (from workflow or command line)
+  VERSION="${TAG}"
+  if [[ ${VERSION} =~ ^v(.+)$ ]]; then
+    # Remove 'v' prefix if present
+    VERSION="${BASH_REMATCH[1]}"
+  fi
+
+  # Split version into components
+  IFS='.' read -r MAJOR MINOR _PATCH <<<"${VERSION}"
+
+  # Add version tags
+  TAGS+=("${VERSION}")
+  if [[ -n ${MAJOR} && -n ${MINOR} ]]; then
+    TAGS+=("${MAJOR}.${MINOR}")
+  fi
+  if [[ -n ${MAJOR} ]]; then
+    TAGS+=("${MAJOR}")
+  fi
+
+  banner "Deploying version: ${VERSION} (tags: ${TAGS[*]})"
+else
+  # Check for git tag
+  if GIT_TAG=$(git describe --tags --exact-match 2>/dev/null); then
+    # We're on a tag, use it for versioning
+    VERSION="${GIT_TAG}"
+    if [[ ${VERSION} =~ ^v(.+)$ ]]; then
+      # Remove 'v' prefix if present
+      VERSION="${BASH_REMATCH[1]}"
+    fi
+
+    # Split version into components
+    IFS='.' read -r MAJOR MINOR _PATCH <<<"${VERSION}"
+
+    # Add version tags
+    TAGS+=("${VERSION}")
+    if [[ -n ${MAJOR} && -n ${MINOR} ]]; then
+      TAGS+=("${MAJOR}.${MINOR}")
+    fi
+    if [[ -n ${MAJOR} ]]; then
+      TAGS+=("${MAJOR}")
+    fi
+
+    banner "Deploying git tag version: ${VERSION} (tags: ${TAGS[*]})"
+  fi
+fi
+
+# Always include latest tag when on master branch
+if [[ -z ${TAGS[*]} ]] || [[ ${BRANCH:-} == "master" ]] || [[ $(git rev-parse --abbrev-ref HEAD) == "master" ]]; then
+  TAGS+=("latest")
+  banner "Deploying with latest tag"
+fi
+
+# Copy the image to the registry with all relevant tags
+for TAG in "${TAGS[@]}"; do
+  banner "Pushing image with tag: ${TAG}"
+  skopeo copy \
+    --insecure-policy \
+    --dest-tls-verify=true \
+    docker-archive:result \
+    "docker://${IMAGE_PATH}:${TAG}"
+done
+
+banner "Deployment complete"

scripts/populate_cache.sh

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -Eeuox pipefail
+
+CACHE_PATH=${CACHE_PATH:-"/tmp/nixcache"}
+
+banner() {
+  echo "========================================================"
+  echo "  $*"
+  echo "========================================================"
+}
+
+banner "List what we start with"
+
+nix-store --query --requisites --include-outputs "$(nix eval .\#devShells.x86_64-linux.default.drvPath --raw)" >dependencies.txt
+nix-store --query --requisites --include-outputs "$(nix eval .\#packages.x86_64-linux.default.drvPath --raw)" >>dependencies.txt
+# nix-store --query --requisites --include-outputs "$(nix eval .\#checks.x86_64-linux.formatting.drvPath --raw)" >>dependencies.txt
+# nix-store --query --requisites --include-outputs "$(nix eval .\#checks.x86_64-linux.test-check.drvPath --raw)" >>dependencies.txt
+nix-store --query --requisites --include-outputs "$(nix eval .\#formatter.x86_64-linux.drvPath --raw)" >>dependencies.txt
+
+sort -o dependencies.txt -u dependencies.txt
+
+banner "list obtained paths to cache"
+
+wc -l dependencies.txt
+
+banner "filter out our matches"
+
+echo "Using filter"
+cat scripts/populate_cache_exclude_patterns.txt
+
+grep -vf scripts/populate_cache_exclude_patterns.txt dependencies.txt >filtered_dependencies.txt
+
+echo "Count our filtered"
+wc -l filtered_dependencies.txt
+
+xargs <filtered_dependencies.txt -r nix copy --to "file://${CACHE_PATH}" --no-substitute
+
+banner "done with populating cache"

scripts/release.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+if [ -z "$(git status --porcelain)" ]; then
+  branch_name=$(git symbolic-ref -q HEAD)
+  branch_name=${branch_name##refs/heads/}
+  branch_name=${branch_name:-HEAD}
+  if [ "$branch_name" != "master" ]; then
+    echo "The current branch is not master!"
+    echo "I'd feel uncomfortable releasing from here..."
+    exit 3
+  fi
+
+  release_needed=false
+  if
+    { git log "$(git describe --tags --abbrev=0)..HEAD" --format='%s' | cut -d: -f1 | sort -u | sed -e 's/([^)]*)//' | grep -q -i -E '^feat|fix|perf|refactor|revert$'; } ||
+      { git log "$(git describe --tags --abbrev=0)..HEAD" --format='%s' | cut -d: -f1 | sort -u | sed -e 's/([^)]*)//' | grep -q -E '!$'; } ||
+      { git log "$(git describe --tags --abbrev=0)..HEAD" --format='%b' | grep -q -E '^BREAKING CHANGE:'; }
+  then
+    release_needed=true
+  fi
+
+  if ! [ "$release_needed" = true ]; then
+    echo "No release needed..."
+    exit 0
+  fi
+
+  std_version_args=()
+  if [[ -n ${1:-} ]]; then
+    std_version_args+=("--release-as" "$1")
+    echo "Parameter $1 was supplied, so we should use release-as"
+  else
+    echo "No release-as parameter specifed."
+  fi
+  # Working directory clean
+  echo "Doing a dry run..."
+  npx commit-and-tag-version --dry-run "${std_version_args[@]}"
+  read -p "Does that look good? [y/N] " -n 1 -r
+  echo # (optional) move to a new line
+  if [[ $REPLY =~ ^[Yy]$ ]]; then
+    # do dangerous stuff
+    npx commit-and-tag-version "${std_version_args[@]}"
+    git push --follow-tags origin master
+  else
+    echo "okay, never mind then..."
+    exit 2
+  fi
+else
+  echo "Can't create release, working tree unclean..."
+  exit 1
+fi

scripts/restore_cache.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -Eeuo pipefail
+
+CACHE_PATH=${CACHE_PATH:-"/tmp/nixcache"}
+
+banner() {
+  echo "========================================================"
+  echo "  $*"
+  echo "========================================================"
+}
+
+# banner "List what we start with"
+# ls -alh "${CACHE_PATH}"
+
+banner "Copy time"
+nix copy --from "file://${CACHE_PATH}" --no-check-sigs --all

version.txt

@@ -0,0 +1 @@
+1.2.0