build: use nix flake (#761)

* build: use nix flake

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

* docs: fmt

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

.envrc

@@ -1 +1 @@
-use nix
+use flake

.github/workflows/docs.yml

@@ -3,27 +3,25 @@ name: docs
 on:
   push:
     branches:
-      - 'main'
+      - "main"
     paths:
-      - '.github/workflows/htmltest.yml'
-      - 'www/*'
-  pull_request: {}
+      - "www/**/*"
+      - ".github/workflows/docs.yml"
+  pull_request:
+    paths:
+      - "www/**/*"
+      - ".github/workflows/docs.yml"
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   htmltest:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: arduino/setup-task@v1
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - run: task docs:build
-      - uses: wjdp/htmltest-action@master
+      - uses: cachix/install-nix-action@v24
         with:
-          path: www/site
-          config: www/htmltest.yml
+          nix_path: nixpkgs=channel:nixos-unstable
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: nix develop .#docs --command ci-docs

.gitignore

@@ -20,3 +20,4 @@ manpages
 output.json
 !acceptance_test.go
 .direnv/
+tmp/

Taskfile.yml

@@ -139,6 +139,12 @@ tasks:
       - task: docs:generate
       - "mkdocs build -f www/mkdocs.yml"
 
+  docs:test:
+    desc: Test docs with htmltest
+    cmds:
+      - task: docs:build
+      - "htmltest www/site -c www/htmltest.yml"
+
   release:
     desc: Create a new tag
     vars:

flake.nix

@@ -0,0 +1,46 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    staging.url = "github:caarlos0/nixpkgs/wip";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+  outputs = { nixpkgs, staging, flake-utils, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        staging-pkgs = staging.legacyPackages.${system};
+      in
+      {
+        packages.default = pkgs.buildGoModule {
+          pname = "nfpm";
+          version = "unversioned";
+          src = ./.;
+          ldflags = [ "-s" "-w" "-X main.version=dev" "-X main.builtBy=flake" ];
+          doCheck = false;
+          vendorHash = "sha256-P9jSQG6EyVGMZKtThy8Q7Y/pV7mbMl2eGrylea0VHRc=";
+        };
+
+        devShells.default = pkgs.mkShell {
+          packages = with pkgs; with staging-pkgs.python311Packages; [
+            go
+            go-task
+            gofumpt
+          ];
+          shellHook = "go mod tidy";
+        };
+
+        devShells.docs = pkgs.mkShell {
+          packages = with pkgs; with staging-pkgs.python311Packages; [
+            (pkgs.writeScriptBin "ci-docs" "task docs:test")
+            go-task
+            htmltest
+            mkdocs-material
+            mkdocs-minify
+          ] ++ mkdocs-material.passthru.optional-dependencies.git;
+        };
+      }
+    );
+}
+
+
+

www/docs/install.md

@@ -20,7 +20,8 @@ brew install nfpm
 ```
 
 !!! info
-    The [formula in homebrew-core](https://github.com/Homebrew/homebrew-core/blob/master/Formula/nfpm.rb) might be slightly outdated.
+
+    The [formula in homebrew-core](https://github.com/Homebrew/homebrew-core/blob/master/Formula/n/nfpm.rb) might be slightly outdated.
     Use our homebrew tap to always get the latest updates.
 
 ### scoop
@@ -73,24 +74,25 @@ All artifacts are checksummed, and the checksum is signed with [cosign][].
 
 1. Download the files you want, the `checksums.txt` and `checksums.txt.sig`
    files from the [releases][releases] page:
-	```bash
-	wget 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt'
-	```
+
+   ```bash
+   wget 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt'
+   ```
 
 1. Verify the signature:
-	```bash
-	cosign verify-blob \
-		--certificate-identity 'https://github.com/goreleaser/nfpm/.github/workflows/release.yml@refs/tags/__VERSION__' \
-        --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
-		--signature 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.sig' \
-		--cert 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.pem' \
-		checksums.txt
-	```
+   ```bash
+   cosign verify-blob \
+   	--certificate-identity 'https://github.com/goreleaser/nfpm/.github/workflows/release.yml@refs/tags/__VERSION__' \
+       --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
+   	--signature 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.sig' \
+   	--cert 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.pem' \
+   	checksums.txt
+   ```
 1. If the signature is valid, you can then verify the SHA256 sums match with the
    downloaded binary:
-	```bash
-	sha256sum --ignore-missing -c checksums.txt
-	```
+   ```bash
+   sha256sum --ignore-missing -c checksums.txt
+   ```
 
 ### docker images
 
@@ -155,4 +157,3 @@ go build -o nfpm ./cmd/nfpm
 
 [releases]: https://github.com/goreleaser/nfpm/releases
 [cosign]: https://github.com/sigstore/cosign
-

www/docs/tips.md

@@ -200,7 +200,7 @@ On upgrade, the scripts are being executed in the following order:
 
 ### The `.lintian-overrides` file
 
-It is recommended to run [lintian](https://lintian.debian.org) against your
+It is recommended to run [lintian](https://wiki.debian.org/Lintian) against your
 deb packages to see if there are any problems.
 
 You can also add a `lintian-overrides` file:
@@ -215,7 +215,7 @@ contents:
 	mode: 0644
 ```
 
-You can read more in [lintian's documentation](https://lintian.debian.org/manual/index.html).
+You can read more in [lintian's documentation](https://wiki.debian.org/Lintian).
 
 ### The `copyright` file