From a117582d8c23e97635bf55502f9a7eef8c3e35ba Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Date: Thu, 28 Dec 2023 20:47:17 -0300
Subject: [PATCH] build: use nix flake (#761)

* build: use nix flake

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>

* docs: fmt

---------

Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
---
 .envrc                     |  2 +-
 .github/workflows/docs.yml | 28 +++++++-------
 .gitignore                 |  1 +
 Taskfile.yml               |  6 +++
 flake.lock                 | 78 ++++++++++++++++++++++++++++++++++++++
 flake.nix                  | 46 ++++++++++++++++++++++
 shell.nix                  | 12 ------
 www/docs/install.md        | 33 ++++++++--------
 www/docs/tips.md           |  4 +-
 9 files changed, 164 insertions(+), 46 deletions(-)
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 delete mode 100644 shell.nix

diff --git a/.envrc b/.envrc
index 1d953f4b..3550a30f 100644
--- a/.envrc
+++ b/.envrc
@@ -1 +1 @@
-use nix
+use flake
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 1be1f352..a9acdf12 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -3,27 +3,25 @@ name: docs
 on:
   push:
     branches:
-      - 'main'
+      - "main"
     paths:
-      - '.github/workflows/htmltest.yml'
-      - 'www/*'
-  pull_request: {}
+      - "www/**/*"
+      - ".github/workflows/docs.yml"
+  pull_request:
+    paths:
+      - "www/**/*"
+      - ".github/workflows/docs.yml"
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   htmltest:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: arduino/setup-task@v1
-        with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
-      - uses: actions/setup-go@v5
-        with:
-          go-version: stable
-      - run: task docs:build
-      - uses: wjdp/htmltest-action@master
+      - uses: cachix/install-nix-action@v24
         with:
-          path: www/site
-          config: www/htmltest.yml
+          nix_path: nixpkgs=channel:nixos-unstable
+          github_access_token: ${{ secrets.GITHUB_TOKEN }}
+      - run: nix develop .#docs --command ci-docs
diff --git a/.gitignore b/.gitignore
index 0f608bcb..d2325bf2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -20,3 +20,4 @@ manpages
 output.json
 !acceptance_test.go
 .direnv/
+tmp/
diff --git a/Taskfile.yml b/Taskfile.yml
index 2ca61752..fcb498de 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -139,6 +139,12 @@ tasks:
       - task: docs:generate
       - "mkdocs build -f www/mkdocs.yml"
 
+  docs:test:
+    desc: Test docs with htmltest
+    cmds:
+      - task: docs:build
+      - "htmltest www/site -c www/htmltest.yml"
+
   release:
     desc: Create a new tag
     vars:
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 00000000..14efb3c1
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,78 @@
+{
+  "nodes": {
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1701680307,
+        "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1703438236,
+        "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": "nixpkgs",
+        "staging": "staging"
+      }
+    },
+    "staging": {
+      "locked": {
+        "lastModified": 1703777495,
+        "narHash": "sha256-ISkNWa58+6Uk/nQ47omTETrV+yhKFbnU/wR9n+3ux8g=",
+        "owner": "caarlos0",
+        "repo": "nixpkgs",
+        "rev": "e1d1738a056a052aedb6560c240b2749af33fee0",
+        "type": "github"
+      },
+      "original": {
+        "owner": "caarlos0",
+        "ref": "wip",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 00000000..84cea777
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,46 @@
+{
+  inputs = {
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    staging.url = "github:caarlos0/nixpkgs/wip";
+    flake-utils.url = "github:numtide/flake-utils";
+  };
+  outputs = { nixpkgs, staging, flake-utils, ... }:
+    flake-utils.lib.eachDefaultSystem (system:
+      let
+        pkgs = nixpkgs.legacyPackages.${system};
+        staging-pkgs = staging.legacyPackages.${system};
+      in
+      {
+        packages.default = pkgs.buildGoModule {
+          pname = "nfpm";
+          version = "unversioned";
+          src = ./.;
+          ldflags = [ "-s" "-w" "-X main.version=dev" "-X main.builtBy=flake" ];
+          doCheck = false;
+          vendorHash = "sha256-P9jSQG6EyVGMZKtThy8Q7Y/pV7mbMl2eGrylea0VHRc=";
+        };
+
+        devShells.default = pkgs.mkShell {
+          packages = with pkgs; with staging-pkgs.python311Packages; [
+            go
+            go-task
+            gofumpt
+          ];
+          shellHook = "go mod tidy";
+        };
+
+        devShells.docs = pkgs.mkShell {
+          packages = with pkgs; with staging-pkgs.python311Packages; [
+            (pkgs.writeScriptBin "ci-docs" "task docs:test")
+            go-task
+            htmltest
+            mkdocs-material
+            mkdocs-minify
+          ] ++ mkdocs-material.passthru.optional-dependencies.git;
+        };
+      }
+    );
+}
+
+
+
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index 4a64e313..00000000
--- a/shell.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-pkgs.mkShell {
-  packages = with pkgs; [
-    go
-    go-task
-    gofumpt
-
-    python311Packages.mkdocs-material
-    python311Packages.mkdocs-minify
-  ];
-}
diff --git a/www/docs/install.md b/www/docs/install.md
index f57d16d5..64fee66e 100644
--- a/www/docs/install.md
+++ b/www/docs/install.md
@@ -20,7 +20,8 @@ brew install nfpm
 ```
 
 !!! info
-    The [formula in homebrew-core](https://github.com/Homebrew/homebrew-core/blob/master/Formula/nfpm.rb) might be slightly outdated.
+
+    The [formula in homebrew-core](https://github.com/Homebrew/homebrew-core/blob/master/Formula/n/nfpm.rb) might be slightly outdated.
     Use our homebrew tap to always get the latest updates.
 
 ### scoop
@@ -73,24 +74,25 @@ All artifacts are checksummed, and the checksum is signed with [cosign][].
 
 1. Download the files you want, the `checksums.txt` and `checksums.txt.sig`
    files from the [releases][releases] page:
-	```bash
-	wget 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt'
-	```
+
+   ```bash
+   wget 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt'
+   ```
 
 1. Verify the signature:
-	```bash
-	cosign verify-blob \
-		--certificate-identity 'https://github.com/goreleaser/nfpm/.github/workflows/release.yml@refs/tags/__VERSION__' \
-        --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
-		--signature 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.sig' \
-		--cert 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.pem' \
-		checksums.txt
-	```
+   ```bash
+   cosign verify-blob \
+   	--certificate-identity 'https://github.com/goreleaser/nfpm/.github/workflows/release.yml@refs/tags/__VERSION__' \
+       --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
+   	--signature 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.sig' \
+   	--cert 'https://github.com/goreleaser/nfpm/releases/download/__VERSION__/checksums.txt.pem' \
+   	checksums.txt
+   ```
 1. If the signature is valid, you can then verify the SHA256 sums match with the
    downloaded binary:
-	```bash
-	sha256sum --ignore-missing -c checksums.txt
-	```
+   ```bash
+   sha256sum --ignore-missing -c checksums.txt
+   ```
 
 ### docker images
 
@@ -155,4 +157,3 @@ go build -o nfpm ./cmd/nfpm
 
 [releases]: https://github.com/goreleaser/nfpm/releases
 [cosign]: https://github.com/sigstore/cosign
-
diff --git a/www/docs/tips.md b/www/docs/tips.md
index aa390a63..32987468 100644
--- a/www/docs/tips.md
+++ b/www/docs/tips.md
@@ -200,7 +200,7 @@ On upgrade, the scripts are being executed in the following order:
 
 ### The `.lintian-overrides` file
 
-It is recommended to run [lintian](https://lintian.debian.org) against your
+It is recommended to run [lintian](https://wiki.debian.org/Lintian) against your
 deb packages to see if there are any problems.
 
 You can also add a `lintian-overrides` file:
@@ -215,7 +215,7 @@ contents:
 	mode: 0644
 ```
 
-You can read more in [lintian's documentation](https://lintian.debian.org/manual/index.html).
+You can read more in [lintian's documentation](https://wiki.debian.org/Lintian).
 
 ### The `copyright` file