From 8d64b1593b72d8384edb918f27c1dedfa0b82043 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 16 Jun 2023 09:22:31 +0200 Subject: [PATCH 1/3] replace nix-shell with nix run to get sops-init-gpg-key fixes https://github.com/Mic92/sops-nix/issues/344 --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 5c4484b..9672ffa 100644 --- a/README.md +++ b/README.md @@ -795,8 +795,7 @@ The secrets are decrypted in a systemd user service called `sops-nix`, so other If you prefer having a separate GPG key, sops-nix also comes with a helper tool, `sops-init-gpg-key`: ```console -$ nix-shell -p sops-init-gpg-key -$ sops-init-gpg-key --hostname server01 --gpghome /tmp/newkey +$ nix run github:Mic92/sops-nix#sops-init-gpg-key -- --hostname server01 --gpghome /tmp/newkey # You can use the following command to save it to a file: $ cat > server01.asc < server01.asc < Date: Fri, 16 Jun 2023 09:27:21 +0200 Subject: [PATCH 2/3] sops-nix: upgrade to 23.05 --- flake.lock | 8 ++++---- flake.nix | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index dc7f3dd..07de3f2 100644 --- a/flake.lock +++ b/flake.lock @@ -18,16 +18,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1686392259, - "narHash": "sha256-hqSS9hKhWldIZr1bBp9xKhIznnGPICGKzuehd2LH0UA=", + "lastModified": 1686885751, + "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ef24b2fa0c5f290a35064b847bc211f25cb85c88", + "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.11", + "ref": "release-23.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index 1c02c4d..b038c2d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "Integrates sops into nixos"; inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; - inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-22.11"; + inputs.nixpkgs-stable.url = "github:NixOS/nixpkgs/release-23.05"; nixConfig.extra-substituters = ["https://cache.garnix.io"]; nixConfig.extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; outputs = { @@ -17,7 +17,7 @@ ]; forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); suffix-version = version: attrs: nixpkgs.lib.mapAttrs' (name: value: nixpkgs.lib.nameValuePair (name + version) value) attrs; - suffix-stable = suffix-version "-22_11"; + suffix-stable = suffix-version "-23_05"; in { overlays.default = final: prev: let localPkgs = import ./default.nix {pkgs = final;}; From 5a60b0abc489b15173b4037ec46c5caa0ce8428a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 16 Jun 2023 09:27:40 +0200 Subject: [PATCH 3/3] replace bors with mergify --- .github/workflows/test.yml | 2 -- .github/workflows/upgrade-flakes.yml | 8 ++--- .mergify.yml | 46 ++++++++++++++++++++++++++++ bors.toml | 34 -------------------- 4 files changed, 48 insertions(+), 42 deletions(-) create mode 100644 .mergify.yml delete mode 100644 bors.toml diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d01f598..f934e5d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -4,8 +4,6 @@ on: push: branches: - master - - staging - - release-* schedule: - cron: '51 2 * * *' jobs: diff --git a/.github/workflows/upgrade-flakes.yml b/.github/workflows/upgrade-flakes.yml index 1f1f737..b7e91f9 100644 --- a/.github/workflows/upgrade-flakes.yml +++ b/.github/workflows/upgrade-flakes.yml @@ -18,9 +18,5 @@ jobs: uses: DeterminateSystems/update-flake-lock@v19 with: token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} - pr-body: | - Automated changes by the update-flake-lock - ``` - {{ env.GIT_COMMIT_MESSAGE }} - ``` - bors merge + pr-labels: | + merge-queue diff --git a/.mergify.yml b/.mergify.yml new file mode 100644 index 0000000..a52ac17 --- /dev/null +++ b/.mergify.yml @@ -0,0 +1,46 @@ +queue_rules: + - name: default + merge_conditions: + - check-success=Evaluate flake.nix + - check-success=check age-keys [x86_64-linux] + - check-success=check age-keys-23_05 [x86_64-linux] + - check-success=check age-ssh-keys [x86_64-linux] + - check-success=check age-ssh-keys-23_05 [x86_64-linux] + - check-success=check cross-build-23_05 [x86_64-linux] + - check-success=check default-23_05 [x86_64-linux] + - check-success=check lint-23_05 [x86_64-linux] + - check-success=check pgp-keys [x86_64-linux] + - check-success=check pgp-keys-23_05 [x86_64-linux] + - check-success=check pruning [x86_64-linux] + - check-success=check pruning-23_05 [x86_64-linux] + - check-success=check sops-init-gpg-key-23_05 [x86_64-linux] + - check-success=check sops-pgp-hook-23_05 [x86_64-linux] + - check-success=check sops-pgp-hook-test-23_05 [x86_64-linux] + - check-success=check ssh-keys-23_05 [x86_64-linux] + - check-success=check ssh-to-pgp-23_05 [x86_64-linux] + - check-success=check templates [x86_64-linux] + - check-success=check unit-tests-23_05 [x86_64-linux] + - check-success=check user-passwords [x86_64-linux] + - check-success=devShell default [x86_64-linux] + - check-success=package cross-build [x86_64-linux] + - check-success=package default [x86_64-linux] + - check-success=package lint [x86_64-linux] + - check-success=package sops-import-keys-hook [x86_64-linux] + - check-success=package sops-init-gpg-key [x86_64-linux] + - check-success=package sops-install-secrets [x86_64-linux] + - check-success=package sops-pgp-hook [x86_64-linux] + - check-success=package sops-pgp-hook-test [x86_64-linux] + - check-success=package unit-tests [x86_64-linux] + - check-success=tests +defaults: + actions: + queue: + allow_merging_configuration_change: true + method: rebase +pull_request_rules: + - name: merge using the merge queue + conditions: + - base=master + - label~=merge-queue|dependencies + actions: + queue: {} diff --git a/bors.toml b/bors.toml deleted file mode 100644 index 858af9d..0000000 --- a/bors.toml +++ /dev/null @@ -1,34 +0,0 @@ -cut_body_after = "" # don't include text from the PR body in the merge commit message -status = [ - "Evaluate flake.nix", - "check age-keys [x86_64-linux]", - "check age-keys-22_11 [x86_64-linux]", - "check age-ssh-keys-22_11 [x86_64-linux]", - "check default-22_11 [x86_64-linux]", - "check lint-22_11 [x86_64-linux]", - "check pgp-keys [x86_64-linux]", - "check pruning-22_11 [x86_64-linux]", - "check restart-and-reload-22_11 [x86_64-linux]", - "check sops-import-keys-hook-22_11 [x86_64-linux]", - "check sops-init-gpg-key-22_11 [x86_64-linux]", - "check sops-install-secrets-22_11 [x86_64-linux]", - "check sops-pgp-hook-22_11 [x86_64-linux]", - "check sops-pgp-hook-test-22_11 [x86_64-linux]", - "check ssh-keys-22_11 [x86_64-linux]", - "check unit-tests-22_11 [x86_64-linux]", - "check user-passwords [x86_64-linux]", - "check user-passwords-22_11 [x86_64-linux]", - "devShell default [x86_64-linux]", - "devShell unit-tests [x86_64-linux]", - "package cross-build [x86_64-linux]", - "package default [x86_64-linux]", - "package lint [x86_64-linux]", - "package sops-import-keys-hook [x86_64-linux]", - "package sops-init-gpg-key [x86_64-linux]", - "package sops-install-secrets [x86_64-linux]", - "package sops-pgp-hook [x86_64-linux]", - "package sops-pgp-hook-test [x86_64-linux]", - "package ssh-to-pgp [x86_64-linux]", - "package unit-tests [x86_64-linux]", - "tests" -]