This repo includes some garnix actions that are generally useful, as well as helpers from writing your own actions.
The actions here, if they need some sort of setup (e.g., creating and
encrypting secrets) follow the pattern of having a setup attribute
which you can run. So if you have an app foo, nix run #foo.setup will
generally help you set it up.
In order to run the action in garnix, you'll also need to add them to garnix.yaml. For example:
actions:
- on: push
run: statix # Your action name here
withRepoContents: true # Most actions here need thisAn action is mostly just an app, so you already know how to write one! The two things that are more garnix-specific are the environment variables that are set, and how to handle secrets.
Additionally, we suggest following the convention of having another app in the
.setup attribute which guides through any setup steps.
statix :
{ actionName,
encryptedTokenFile,
disabled ? [],
ignore ? [],
logLevel ? "info",
} -> App
Run statix on your Nix files.
- actionName: The name of the output this action is running as.
- encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the
.setupattribute of the resulting app. - disabled: A list of lints to disable. See here for more details. Default: [].
- ignore: A list of paths (globs allowed) to not check. Default: [].
- logLevel: How much to log. Options: debug, info, warning, error. Default: info.
Example:
{
outputs = { ... }:
apps.x86_64-linux.statix = actions.lib.statix
{ actionName = "statix";
disabled = [ "useless_parens" ];
}
}Requires withRepoContents
clippy : { actionName, encryptedTokenFile, logLevel ? "info" } -> App
Run clippy on your files.
You can configure clippy in the lint section of your Cargo.toml.
- actionName: The name of the action. Must match the key in
outputsto which this action is assigned (apps.x86_64-linux.<name>). - encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the
.setupattribute of the resulting app. - logLevel: How much to log. Options: debug, info, warning, error. Default: info.
Requires withRepoContents.
reviewDog :
{ linter,
errorFormat ? "%f:$l%:%c: %m",
format ? null,
logLevel ? "info",
encryptedTokenFile } -> App
Generic function for sending linting and other automated feedback to GitHub pull requests. Can be combined with a wide range of linters. Also supports code suggestions.
- linter: A command that generates lints.
- errorFormat: What format the linter outputs. See here for more details.
- format: A built-in format. If set, takes precedence over
errorFormat. Runreviewdog -listto see available ones. - logLevel: How much to log. Options: debug, info, warning, error. Default: info.
- encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the
.setupattribute of the resulting app. - actionName: The name of the action. Must match the key in
outputsto which this action is assigned (apps.x86_64-linux.<name>).
If the linter exits non-zero, then the entire action will fail.
Example:
{
outputs = { ... }:
apps.x86_64-linux.statix = actions.lib.reviewDog
{ actionName = "statix";
linter = "${pkgs.statix}/bin/statix check . -o errfmt";
errorFormat = "%f>%l:%c:%.%#:%.%#:%m";
encryptedTokenFile = ./secrets/reviewDogToken;
}
}Requires withRepoContents
getGitHubPAT :
{ appName,
appDescription,
actionName,
encryptedTokenFile,
extraRecipientsFile ? null
} -> Executable
getGitHubPAT is a helper that gets and encrypts a GitHub Personal Access Token.
- appName: What to call the app (used in labelling the PAT).
- appDescription: Short description of the app (used in labelling the PAT).
- encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the
.setupattribute of the resulting app. - extraRecipientsFile: Any other keys that secrets should be encrypted to. This allows you to easily run the app locally too.