From e3705c936b1e4bd904f670bf1d81c0500daa9233 Mon Sep 17 00:00:00 2001
From: Kenichi Kamiya <kachick1@gmail.com>
Date: Fri, 7 Jul 2023 10:50:14 +0900
Subject: [PATCH] Prefer newer Nix action for better cache (#13)

* Prefer newer Nix action for better cache

https://discourse.nixos.org/t/the-magic-nix-cache-a-github-action-for-speeding-up-your-nix-workflows/29665

* GitHub Actions does not have purl prefix?

* Looks like this is the PURL

* Required version tag in PURL?

https://github.com/package-url/purl-spec/tree/604c1ae693892f78986d87b2985f81100aba739a#some-purl-examples

* Might be a secret use inside of GitHub

* Drop actionlint with the wrong detection

https://github.com/rhysd/actionlint/blob/557341428508177b0e1059afa7f11ca1c6935426/docs/checks.md#popular-action-inputs-validation-at-with

The popular checks makes wrong detection
I will prefer https://github.com/actions/languageservices/tree/8f2f59092edf10e9c4494dd13db3f497bb8d579b
---
 .github/workflows/actionlint.yml        | 23 -----------------------
 .github/workflows/ci-dev.yml            | 19 ++-----------------
 .github/workflows/dependency-review.yml |  4 ++++
 CONTRIBUTING.md                         |  1 -
 Taskfile.yml                            |  2 --
 5 files changed, 6 insertions(+), 43 deletions(-)
 delete mode 100644 .github/workflows/actionlint.yml

diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
deleted file mode 100644
index debd64b..0000000
--- a/.github/workflows/actionlint.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-name: Lint GitHub Actions workflows
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - '.github/**'
-  pull_request:
-    paths:
-      - '.github/**'
-
-jobs:
-  actionlint:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Download actionlint
-        id: get_actionlint
-        run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash)
-        shell: bash
-      - name: Check workflow files
-        run: ${{ steps.get_actionlint.outputs.executable }} -color -shellcheck=
-        shell: bash
diff --git a/.github/workflows/ci-dev.yml b/.github/workflows/ci-dev.yml
index c214de2..9548998 100644
--- a/.github/workflows/ci-dev.yml
+++ b/.github/workflows/ci-dev.yml
@@ -17,28 +17,13 @@ on:
   workflow_dispatch:
 
 jobs:
-  get-version:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    outputs:
-      current: ${{ steps.current.outputs.current }}
-    steps:
-      - uses: actions/checkout@v3
-      - name: Install nix parser
-        run: curl -L https://github.com/kachick/nix-headbump/releases/download/v0.2.0/nix-headbump_Linux_x86_64.tar.gz | tar xvz -C ./ nix-headbump
-      - id: current
-        run: |
-          current="$(./nix-headbump detect --current)"
-          echo "current=${current}" | tee -a "$GITHUB_OUTPUT"
   tasks:
     runs-on: ubuntu-latest
     timeout-minutes: 30
-    needs: [get-version]
     steps:
       - uses: actions/checkout@v3
-      - uses: cachix/install-nix-action@v22
-        with:
-          nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/${{ needs.get-version.outputs.current }}.tar.gz
+      - uses: DeterminateSystems/nix-installer-action@v4
+      - uses: DeterminateSystems/magic-nix-cache-action@v2
       - run: nix-build
       - name: Log current versions
         run: nix-shell --run 'task versions'
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
index 5c1eb08..66472ca 100644
--- a/.github/workflows/dependency-review.yml
+++ b/.github/workflows/dependency-review.yml
@@ -22,3 +22,7 @@ jobs:
         with:
           # https://spdx.org/licenses/
           allow-licenses: MIT, BSD-3-Clause, BSD-2-Clause, 0BSD, Unlicense, ISC, Apache-2.0, CC-BY-4.0
+          # The PURL prefix is got from following command
+          # `gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/kachick/nix-headbump/dependency-graph/compare/87d736b80a8a254bcac003d97e0b84712176b04f...5ba877ff1048d5fedcc6758484623eb67737f0fb`
+          # Not found in https://github.com/package-url/packageurl-js
+          allow-dependencies-licenses: pkg:githubactions/DeterminateSystems/nix-installer-action@4
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 17354ed..cb475e7 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -19,7 +19,6 @@ task: [build] ..."
 task: [test] go test
 task: [lint] dprint check
 task: [lint] go vet
-task: [lint] actionlint
 PASS
 ok      nix-headbump    0.313s
 
diff --git a/Taskfile.yml b/Taskfile.yml
index 6028b1e..dcd63f5 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -27,7 +27,6 @@ tasks:
     cmds:
       - dprint check
       - go vet
-      - actionlint
       - goreleaser check
       - nixpkgs-fmt --check ./*.nix
   versions:
@@ -36,5 +35,4 @@ tasks:
       - task --version
       - go version
       - dprint --version
-      - actionlint --version
       - goreleaser --version