Update flake.lock

.editorconfig

@@ -1,10 +1,15 @@
-# https://editorconfig.org
+# EditorConfig helps developers define and maintain consistent
+# coding styles between different editors and IDEs
+# editorconfig.org
+
 root = true
 
 [*]
-indent_style = space
-indent_size = 2
-end_of_line = lf
 charset = utf-8
-trim_trailing_whitespace = true
+end_of_line = lf
 insert_final_newline = true
+trim_trailing_whitespace = true
+indent_style = space
+
+[*.{yml,yaml}]
+indent_size = 2

.envrc

@@ -1 +0,0 @@
-use flake

.eslintrc.json

@@ -1,74 +0,0 @@
-{
-  "plugins": ["@typescript-eslint"],
-  "extends": ["plugin:github/recommended"],
-  "parser": "@typescript-eslint/parser",
-  "parserOptions": {
-    "ecmaVersion": 9,
-    "sourceType": "module",
-    "project": "./tsconfig.json"
-  },
-  "settings": {
-    "import/resolver": {
-      "typescript": {}
-    }
-  },
-  "rules": {
-    "i18n-text/no-en": "off",
-    "eslint-comments/no-use": "off",
-    "import/no-namespace": "off",
-    "no-unused-vars": "off",
-    "@typescript-eslint/no-unused-vars": [
-      "error",
-      {
-        "argsIgnorePattern": "^_"
-      }
-    ],
-    "@typescript-eslint/explicit-member-accessibility": [
-      "error",
-      {
-        "accessibility": "no-public"
-      }
-    ],
-    "@typescript-eslint/no-base-to-string": "error",
-    "@typescript-eslint/no-require-imports": "error",
-    "@typescript-eslint/array-type": "error",
-    "@typescript-eslint/await-thenable": "error",
-    "@typescript-eslint/ban-ts-comment": "error",
-    "camelcase": "error",
-    "@typescript-eslint/consistent-type-assertions": "error",
-    "@typescript-eslint/explicit-function-return-type": [
-      "error",
-      {
-        "allowExpressions": true
-      }
-    ],
-    "@typescript-eslint/func-call-spacing": ["error", "never"],
-    "@typescript-eslint/no-array-constructor": "error",
-    "@typescript-eslint/no-empty-interface": "error",
-    "@typescript-eslint/no-explicit-any": "error",
-    "@typescript-eslint/no-floating-promises": "error",
-    "@typescript-eslint/no-extraneous-class": "error",
-    "@typescript-eslint/no-for-in-array": "error",
-    "@typescript-eslint/no-inferrable-types": "error",
-    "@typescript-eslint/no-misused-new": "error",
-    "@typescript-eslint/no-namespace": "error",
-    "@typescript-eslint/no-non-null-assertion": "warn",
-    "@typescript-eslint/no-unnecessary-qualifier": "error",
-    "@typescript-eslint/no-unnecessary-type-assertion": "error",
-    "@typescript-eslint/no-useless-constructor": "error",
-    "@typescript-eslint/no-var-requires": "error",
-    "@typescript-eslint/prefer-for-of": "warn",
-    "@typescript-eslint/prefer-function-type": "warn",
-    "@typescript-eslint/prefer-includes": "error",
-    "@typescript-eslint/prefer-string-starts-ends-with": "error",
-    "@typescript-eslint/promise-function-async": "error",
-    "@typescript-eslint/require-array-sort-compare": "error",
-    "@typescript-eslint/restrict-plus-operands": "error",
-    "@typescript-eslint/type-annotation-spacing": "error",
-    "@typescript-eslint/unbound-method": "error"
-  },
-  "env": {
-    "node": true,
-    "es6": true
-  }
-}

.github/workflows/ci.yml

@@ -5,29 +5,17 @@ on:
     branches: [main]
 
 jobs:
-  typescript-action:
-    runs-on: ubuntu-22.04
+  shellcheck:
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
+      - name: Check Nixpkgs input
+        uses: DeterminateSystems/flake-checker-action@v4
+        with:
+          fail-mode: true
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@main
-      - name: Enable magic Nix cache
-        uses: DeterminateSystems/magic-nix-cache-action@main
-      - name: Install pnpm dependencies
-        run: nix develop --command pnpm install
-      - name: Check formatting
-        run: nix develop --command pnpm run check-fmt
-      - name: Lint
-        run: nix develop --command pnpm run lint
-      - name: Build
-        run: nix develop --command pnpm run build
-      - name: Run test suite
-        run: nix develop --command pnpm run test
-      - name: Package
-        run: nix develop --command pnpm run package
-      - name: Check git status
-        run: git status --porcelain=v1
-      - name: Ensure no staged changes
-        run: git diff --exit-code
+      - name: Shellcheck
+        run: nix-shell --run 'shellcheck $(find . -type f -name "*.sh" -executable)'

.github/workflows/update.yml

@@ -6,17 +6,11 @@ on:
 
 jobs:
   lockfile:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v3
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@main
-      - name: Enable magic Nix cache
-        uses: DeterminateSystems/magic-nix-cache-action@main
-      - name: Check flake
-        uses: DeterminateSystems/flake-checker-action@main
       - name: Update flake.lock
         uses: ./.
-        with:
-          _internal-strict-mode: true

.github/workflows/validate.yml

@@ -6,9 +6,9 @@ on:
 
 jobs:
   validate:
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v2
         with:
           fetch-depth: 0
       - name: Validate YAML

.gitignore

@@ -1,2 +0,0 @@
-# JS dependencies
-node_modules/

.prettierignore

@@ -1,5 +0,0 @@
-dist/
-lib/
-node_modules/
-pnpm-lock.yaml
-README.md

README.md

@@ -20,11 +20,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@main
+        uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
-        uses: DeterminateSystems/update-flake-lock@main
+        uses: DeterminateSystems/update-flake-lock@vX
         with:
           pr-title: "Update flake.lock" # Title of PR to be created
           pr-labels: |                  # Labels to be set on the PR
@@ -50,7 +50,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -75,7 +75,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -98,7 +98,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -127,7 +127,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -138,23 +138,6 @@ jobs:
           path-to-flake-dir: 'nix/' # in this example our flake doesn't sit at the root of the repository, it sits under 'nix/flake.nix'
 ```
 
-You can also run the update operation in multiple directories, provided that each directory is a valid flake:
-
-```yaml
-- name: Update flake.lock
-  uses: DeterminateSystems/update-flake-lock@vX
-  with:
-    flake-dirs: |
-      flake1
-      flake2
-      flake3
-```
-
-> **Warning**: If you choose multiple directories, `update-flake-lock` can only update all flake inputs,
-> meaning that you can't set the `inputs` parameter. This is due to limitations in input handling in
-> GitHub Actions, which only allows for strings, numbers, Booleans, and arrays but not objects, which
-> would be the much preferred data type for expressing per-directory inputs.
-
 ## Example using a different Git user
 
 If you want to change the author and / or committer of the flake.lock update commit, you can tweak the `git-{author,committer}-{name,email}` options:
@@ -171,7 +154,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -216,7 +199,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -251,7 +234,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock
@@ -313,7 +296,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v2
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v1
       - name: Update flake.lock

action.yml

@@ -1,65 +1,35 @@
-name: "Update Nix Flake Lock"
-description: "Update your Nix flake.lock and send a PR"
+name: 'Update flake.lock'
+description: 'Update your flake.lock and send a PR'
 inputs:
   inputs:
-    description: "A space-separated list of inputs to update. Leave empty to update all inputs."
+    description: 'A space-separated list of inputs to update. Leave empty to update all inputs.'
     required: false
-    default: ""
+    default: ''
   token:
-    description: "GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)"
+    description: 'GITHUB_TOKEN or a `repo` scoped Personal Access Token (PAT)'
     required: false
     default: ${{ github.token }}
-  commit-msg-template:
-    description: |
-      The commit message template to use. You can use these variables in your template:
-
-      * `{{ flake_dot_lock }}` is the path to the `flake.lock` file being updated
-      * `{{ flake_dot_lock_dir }}` is the `flake.lock` file's directory
-
-      If you set both this and `commit-msg`, the `commit-msg` setting is used (it does not support templating).
-    required: false
-    default: |
-      flake.lock: Updated in {{ flake_dot_lock_dir }}
   commit-msg:
-    description: |
-      The message provided with the commit.
+    description: 'The message provided with the commit'
     required: false
+    default: "flake.lock: Update"
   base:
     description: "Sets the pull request base branch. Defaults to the branch checked out in the workflow."
     required: false
   branch:
-    description: "The branch of the PR to be created"
+    description: 'The branch of the PR to be created'
     required: false
     default: "update_flake_lock_action"
   path-to-flake-dir:
-    description: |
-      The path of the directory containing `flake.nix` file within your repository.
-      Useful when `flake.nix` cannot reside at the root of your repository.
+    description: 'The path of the directory containing `flake.nix` file within your repository. Useful when `flake.nix` cannot reside at the root of your repository.'
     required: false
-  flake-dirs:
-    description: |
-      A space-separated list of directories containing `flake.nix` files within your repository.
-      Useful when you have multiple flakes in your repository.
-    required: false
-    default: ""
+    default: ''
   pr-title:
-    description: "The title of the PR to be created"
+    description: 'The title of the PR to be created'
     required: false
     default: "flake.lock: Update"
-  pr-body-template:
-    description: |
-      The pull request body template to use. You can use these variables in your template:
-
-      * `{{ comma_separated_dirs }}` is the flake directories that were updated separated by comma
-      * `{{ space_separated_dirs }}` is the flake directories that were updated separated by space
-      * `{{ updated_dirs_list }}` is the flake directories that were updated as a Markdown list
-
-      If you set both this and `pr-body`, the `pr-body` setting is used (it does not support templating).
-    required: false
-    default: |
-      Just testing.
   pr-body:
-    description: "The body of the PR to be created"
+    description: 'The body of the PR to be created'
     required: false
     default: |
       Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
@@ -83,62 +53,58 @@ inputs:
       ```
 
   pr-labels:
-    description: "A comma or newline separated list of labels to set on the Pull Request to be created"
+    description: 'A comma or newline separated list of labels to set on the Pull Request to be created'
     required: false
-    default: ""
+    default: ''
   pr-assignees:
-    description: "A comma or newline separated list of assignees (GitHub usernames)."
+    description: 'A comma or newline separated list of assignees (GitHub usernames).'
     required: false
-    default: ""
+    default: ''
   pr-reviewers:
-    description: "A comma or newline separated list of reviewers (GitHub usernames) to request a review from."
+    description: 'A comma or newline separated list of reviewers (GitHub usernames) to request a review from.'
     required: false
-    default: ""
+    default: ''
   git-author-name:
-    description: "Author name used for commit. Only used if sign-commits is false."
+    description: 'Author name used for commit. Only used if sign-commits is false.'
     required: false
-    default: "github-actions[bot]"
+    default: 'github-actions[bot]'
   git-author-email:
-    description: "Author email used for commit. Only used if sign-commits is false."
+    description: 'Author email used for commit. Only used if sign-commits is false.'
     required: false
-    default: "github-actions[bot]@users.noreply.github.com"
+    default: 'github-actions[bot]@users.noreply.github.com'
   git-committer-name:
-    description: "Committer name used for commit. Only used if sign-commits is false."
+    description: 'Committer name used for commit. Only used if sign-commits is false.'
     required: false
-    default: "github-actions[bot]"
+    default: 'github-actions[bot]'
   git-committer-email:
-    description: "Committer email used for commit. Only used if sign-commits is false."
+    description: 'Committer email used for commit. Only used if sign-commits is false.'
     required: false
-    default: "github-actions[bot]@users.noreply.github.com"
+    default: 'github-actions[bot]@users.noreply.github.com'
   sign-commits:
-    description: "Set to true if the action should sign the commit with GPG"
+    description: 'Set to true if the action should sign the commit with GPG'
     required: false
-    default: "false"
+    default: 'false'
   gpg-private-key:
-    description: "GPG Private Key with which to sign the commits in the PR to be created"
+    description: 'GPG Private Key with which to sign the commits in the PR to be created'
     required: false
-    default: ""
+    default: ''
   gpg-fingerprint:
-    description: "Fingerprint of specific GPG subkey to use"
+    description: 'Fingerprint of specific GPG subkey to use'
     required: false
   gpg-passphrase:
-    description: "GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created"
+    description: 'GPG Private Key Passphrase for the GPG Private Key with which to sign the commits in the PR to be created'
     required: false
-    default: ""
+    default: ''
   nix-options:
-    description: "A space-separated list of options to pass to the nix command"
+    description: 'A space-separated list of options to pass to the nix command'
     required: false
-    default: ""
-  _internal-strict-mode:
-    description: Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.
-    required: false
-    default: false
+    default: ''
 outputs:
   pull-request-number:
-    description: "The number of the opened pull request"
+    description: 'The number of the opened pull request'
     value: ${{ steps.create-pr.outputs.pull-request-number }}
   pull-request-operation:
-    description: "The pull request operation performed by the action, `created`, `updated` or `closed`."
+    description: 'The pull request operation performed by the action, `created`, `updated` or `closed`.'
     value: ${{ steps.create-pr.outputs.pull-request-operation }}
 runs:
   using: "composite"
@@ -146,10 +112,10 @@ runs:
     - name: Import bot's GPG key for signing commits
       if: ${{ inputs.sign-commits == 'true' }}
       id: import-gpg
-      uses: crazy-max/ghaction-import-gpg@v6
+      uses: crazy-max/ghaction-import-gpg@v5
       with:
         gpg_private_key: ${{ inputs.gpg-private-key }}
-        fingerprint: ${{ inputs.gpg-fingerprint }}
+        fingerprint: ${{ inputs.gpg-fingerprint }}
         passphrase: ${{ inputs.gpg-passphrase }}
         git_config_global: true
         git_user_signingkey: true
@@ -176,44 +142,23 @@ runs:
         echo "GIT_AUTHOR_EMAIL=<${{ inputs.git-author-email }}>" >> $GITHUB_ENV
         echo "GIT_COMMITTER_NAME=${{ inputs.git-committer-name }}" >> $GITHUB_ENV
         echo "GIT_COMMITTER_EMAIL=<${{ inputs.git-committer-email }}>" >> $GITHUB_ENV
-    - name: Run update-flake-lock
-      id: update-flake-lock
+    - name: Run update-flake-lock.sh
+      run: $GITHUB_ACTION_PATH/update-flake-lock.sh
       shell: bash
-      run: node "$GITHUB_ACTION_PATH/dist/index.js"
       env:
-        # The following manually exposes all of the action inputs into INPUT_ environment variables so actionsCore.getInput works:
-        # https://github.com/actions/toolkit/blob/ae38557bb0dba824cdda26ce787bd6b66cf07a83/packages/core/src/core.ts#L126
-        INPUT_BASE: ${{ inputs.base }}
-        INPUT_BRANCH: ${{ inputs.branch }}
-        INPUT_COMMIT-MSG: ${{ inputs.commit-msg }}
-        INPUT_COMMIT-MSG-TEMPLATE: ${{ inputs.commit-msg-template }}
-        INPUT_GIT-AUTHOR-EMAIL: ${{ inputs.git-author-email }}
-        INPUT_GIT-AUTHOR-NAME: ${{ inputs.git-author-name }}
-        INPUT_GIT-COMMITTER-EMAIL: ${{ inputs.git-committer-email }}
-        INPUT_GIT-COMMITTER-NAME: ${{ inputs.git-committer-name }}
-        INPUT_GPG-FINGERPRINT: ${{ inputs.gpg-fingerprint }}
-        INPUT_GPG-PASSPHRASE: ${{ inputs.gpg-passphrase }}
-        INPUT_GPG-PRIVATE-KEY: ${{ inputs.gpg-private-key }}
-        INPUT_INPUTS: ${{ inputs.inputs }}
-        INPUT_NIX-OPTIONS: ${{ inputs.nix-options }}
-        INPUT_PATH-TO-FLAKE-DIR: ${{ inputs.path-to-flake-dir }}
-        INPUT_FLAKE-DIRS: ${{ inputs.flake-dirs }}
-        INPUT_PR-ASSIGNEES: ${{ inputs.pr-assignees }}
-        INPUT_PR-BODY: ${{ inputs.pr-body }}
-        INPUT_PR-BODY-TEMPLATE: ${{ inputs.pr-body-template }}
-        INPUT_PR-LABELS: ${{ inputs.pr-labels }}
-        INPUT_PR-REVIEWERS: ${{ inputs.pr-reviewers }}
-        INPUT_PR-TITLE: ${{ inputs.pr-title }}
-        INPUT_PULL-REQUEST-NUMBER: ${{ inputs.pull-request-number }}
-        INPUT_PULL-REQUEST-OPERATION: ${{ inputs.pull-request-operation }}
-        INPUT_SIGN-COMMITS: ${{ inputs.sign-commits }}
-        INPUT_TOKEN: ${{ inputs.token }}
-        INPUT__INTERNAL-STRICT-MODE: ${{ inputs._internal-strict-mode }}
+        GIT_AUTHOR_NAME: ${{ env.GIT_AUTHOR_NAME }}
+        GIT_AUTHOR_EMAIL: ${{ env.GIT_AUTHOR_EMAIL }}
+        GIT_COMMITTER_NAME: ${{ env.GIT_COMMITTER_NAME }}
+        GIT_COMMITTER_EMAIL: ${{ env.GIT_COMMITTER_EMAIL }}
+        NIX_OPTIONS: ${{ inputs.nix-options }}
+        TARGETS: ${{ inputs.inputs }}
+        COMMIT_MSG: ${{ inputs.commit-msg }}
+        PATH_TO_FLAKE_DIR: ${{ inputs.path-to-flake-dir }}
     - name: Save PR Body as file
-      uses: DamianReeves/write-file-action@v1.3
+      uses: DamianReeves/write-file-action@v1.2
       with:
         path: pr_body.template
-        contents: ${{ steps.update-flake-lock.outputs.pr-body }}
+        contents: ${{ inputs.pr-body }}
       env: {}
     - name: Set additional env variables (GIT_COMMIT_MESSAGE)
       shell: bash
@@ -225,10 +170,10 @@ runs:
         echo "$DELIMITER" >> $GITHUB_ENV
         echo "GIT_COMMIT_MESSAGE is: ${COMMIT_MESSAGE}"
     - name: Interpolate PR Body
-      uses: pedrolamas/handlebars-action@v2.4.0
+      uses: pedrolamas/handlebars-action@v2.2.0
       with:
-        files: "pr_body.template"
-        output-filename: "pr_body.txt"
+        files: 'pr_body.template'
+        output-filename: 'pr_body.txt'
     - name: Read pr_body.txt
       id: pr_body
       uses: juliangruber/read-file-action@v1
@@ -242,7 +187,7 @@ runs:
       run: rm -f pr_body.txt pr_body.template
     - name: Create PR
       id: create-pr
-      uses: peter-evans/create-pull-request@v6
+      uses: peter-evans/create-pull-request@v4
       with:
         base: ${{ inputs.base }}
         branch: ${{ inputs.branch }}

dist/index.d.ts

@@ -1,2 +0,0 @@
-
-export {  }

dist/package.json

@@ -1,3 +0,0 @@
-{
-  "type": "module"
-}

flake.lock

@@ -2,16 +2,18 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1713537308,
-        "narHash": "sha256-XtTSSIB2DA6tOv+l0FhvfDMiyCmhoRbNB+0SeInZkbk=",
-        "rev": "5c24cf2f0a12ad855f444c30b2421d044120c66f",
-        "revCount": 614481,
-        "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.614481%2Brev-5c24cf2f0a12ad855f444c30b2421d044120c66f/018efa00-a443-7f41-b371-ce568b5c7e9f/source.tar.gz"
+        "lastModified": 1686869522,
+        "narHash": "sha256-tbJ9B8WLCTnVP/LwESRlg0dII6Zyg2LmUU/mB9Lu98E=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "7c67f006ea0e7d0265f16d7df07cc076fdffd91f",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
-        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
+        "owner": "nixos",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "root": {

flake.nix

@@ -1,23 +1,30 @@
 {
   description = "update-flake-lock";
 
-  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz";
+  inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
 
-  outputs = { self, nixpkgs }:
+  outputs =
+    { self
+    , nixpkgs
+    }:
     let
-      supportedSystems = [ "x86_64-linux" "aarch64-darwin" "aarch64-linux" "x86_64-darwin" ];
-      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
-        pkgs = import nixpkgs { inherit system; };
-      });
+      nameValuePair = name: value: { inherit name value; };
+      genAttrs = names: f: builtins.listToAttrs (map (n: nameValuePair n (f n)) names);
+
+      allSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forAllSystems = f: genAttrs allSystems
+        (system: f {
+          inherit system;
+          pkgs = import nixpkgs { inherit system; };
+        });
     in
     {
-      devShells = forEachSupportedSystem ({ pkgs }: {
-        default = pkgs.mkShell {
-          packages = with pkgs; [
-            nodejs_latest
-            nodePackages_latest.pnpm
-          ];
-        };
-      });
+      devShell = forAllSystems
+        ({ system, pkgs, ... }:
+          pkgs.stdenv.mkDerivation {
+            name = "update-flake-lock-devshell";
+            buildInputs = [ pkgs.shellcheck ];
+            src = self;
+          });
     };
 }

package.json

@@ -1,49 +0,0 @@
-{
-  "name": "update-flake-lock",
-  "version": "1.0.0",
-  "description": "",
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "type": "module",
-  "scripts": {
-    "build": "tsup",
-    "format": "prettier --write .",
-    "check-fmt": "prettier --check .",
-    "lint": "eslint src/**/*.ts --ignore-pattern *.test.ts",
-    "package": "ncc build",
-    "test": "vitest --watch false",
-    "test-dev": "vitest",
-    "all": "pnpm run format && pnpm run lint && pnpm run build && pnpm run package"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/DeterminateSystems/update-flake-lock.git"
-  },
-  "keywords": [],
-  "author": "",
-  "license": "MIT",
-  "bugs": {
-    "url": "https://github.com/DeterminateSystems/update-flake-lock/issues"
-  },
-  "homepage": "https://github.com/DeterminateSystems/update-flake-lock#readme",
-  "dependencies": {
-    "@actions/core": "^1.10.1",
-    "@actions/exec": "^1.1.1",
-    "detsys-ts": "github:DeterminateSystems/detsys-ts",
-    "handlebars": "^4.7.8"
-  },
-  "devDependencies": {
-    "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-    "@typescript-eslint/eslint-plugin": "^7.11.0",
-    "@vercel/ncc": "^0.38.1",
-    "eslint": "^8.57.0",
-    "eslint-import-resolver-typescript": "^3.6.1",
-    "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-import": "^2.29.1",
-    "eslint-plugin-prettier": "^5.1.3",
-    "prettier": "^3.2.5",
-    "tsup": "^8.0.2",
-    "typescript": "^5.4.5",
-    "vitest": "^1.6.0"
-  }
-}

prettier.config.cjs

@@ -1,12 +0,0 @@
-/** @type {import('prettier').Config} */
-module.exports = {
-  plugins: [require.resolve("@trivago/prettier-plugin-sort-imports")],
-  semi: true,
-  singleQuote: false,
-  tabWidth: 2,
-  trailingComma: "all",
-  useTabs: false,
-  // Import sorting
-  importOrderSeparation: true,
-  importOrderSortSpecifiers: true,
-};

src/index.ts

@@ -1,184 +0,0 @@
-import { makeNixCommandArgs } from "./nix.js";
-import { renderCommitMessage, renderPullRequestBody } from "./template.js";
-import * as actionsCore from "@actions/core";
-import * as actionsExec from "@actions/exec";
-import { DetSysAction, inputs } from "detsys-ts";
-import * as fs from "fs";
-
-const DEFAULT_FLAKE_DIR = ".";
-
-const PR_BODY_OUTPUT_KEY = "pr-body";
-
-const EVENT_EXECUTION_FAILURE = "execution_failure";
-
-class UpdateFlakeLockAction extends DetSysAction {
-  private commitMessage: string;
-  private commitMessageTemplate: string;
-  private prBody: string;
-  private prBodyTemplate: string;
-  private nixOptions: string[];
-  private flakeInputs: string[];
-  private pathToFlakeDir: string | null;
-  private flakeDirsInput: string[] | null;
-  private flakeDirs: string[];
-
-  constructor() {
-    super({
-      name: "update-flake-lock",
-      fetchStyle: "universal",
-      requireNix: "fail",
-    });
-
-    this.commitMessage = inputs.getString("commit-msg");
-    this.commitMessageTemplate = inputs.getString("commit-msg-template");
-    this.prBody = inputs.getString("pr-body");
-    this.prBodyTemplate = inputs.getString("pr-body-template");
-    this.flakeInputs = inputs.getArrayOfStrings("inputs", "space");
-    this.nixOptions = inputs.getArrayOfStrings("nix-options", "space");
-    this.pathToFlakeDir = inputs.getStringOrNull("path-to-flake-dir");
-    this.flakeDirsInput = inputs.getArrayOfStringsOrNull("flake-dirs", "space");
-
-    this.validateInputs();
-
-    if (this.flakeDirsInput !== null && this.flakeDirsInput.length > 0) {
-      this.flakeDirs = this.flakeDirsInput;
-    } else {
-      this.flakeDirs = [this.pathToFlakeDir ?? DEFAULT_FLAKE_DIR];
-    }
-  }
-
-  async main(): Promise<void> {
-    for (const directory of this.flakeDirs) {
-      await this.updateFlakeInDirectory(directory);
-    }
-
-    const prBody =
-      this.prBody !== ""
-        ? this.prBody
-        : renderPullRequestBody(this.prBodyTemplate, this.flakeDirs);
-
-    actionsCore.setOutput(PR_BODY_OUTPUT_KEY, prBody);
-  }
-
-  // No post phase
-  async post(): Promise<void> {}
-
-  private async updateFlakeInDirectory(flakeDir: string): Promise<void> {
-    this.ensureDirectoryExists(flakeDir);
-    this.ensureDirectoryIsFlake(flakeDir);
-
-    actionsCore.debug(`Running flake lock update in directory \`${flakeDir}\``);
-
-    const flakeDotLock = `${flakeDir}/flake.lock`;
-    const commitMessage =
-      this.commitMessage !== ""
-        ? this.commitMessage
-        : renderCommitMessage(
-            this.commitMessageTemplate,
-            flakeDir,
-            flakeDotLock,
-          );
-
-    // Nix command of this form:
-    // nix ${maybe nix options} flake ${"update" or "lock"} ${maybe --update-input flags} --commit-lock-file --commit-lockfile-summary ${commit message}
-    // Example commands:
-    // nix --extra-substituters https://example.com flake lock --update-input nixpkgs --commit-lock-file --commit-lockfile-summary "updated flake.lock"
-    // nix flake update --commit-lock-file --commit-lockfile-summary "updated flake.lock"
-    const nixCommandArgs: string[] = makeNixCommandArgs(
-      this.nixOptions,
-      this.flakeInputs,
-      commitMessage,
-    );
-
-    actionsCore.debug(
-      JSON.stringify({
-        directory: flakeDir,
-        options: this.nixOptions,
-        inputs: this.flakeInputs,
-        message: this.commitMessage,
-        args: nixCommandArgs,
-      }),
-    );
-
-    const execOptions: actionsExec.ExecOptions = {
-      cwd: flakeDir,
-    };
-
-    const exitCode = await actionsExec.exec("nix", nixCommandArgs, execOptions);
-
-    if (exitCode !== 0) {
-      this.recordEvent(EVENT_EXECUTION_FAILURE, {
-        exitCode,
-      });
-      actionsCore.setFailed(
-        `non-zero exit code of ${exitCode} detected while updating directory \`${flakeDir}\``,
-      );
-    } else {
-      actionsCore.info(
-        `flake.lock file in \`${flakeDir}\` was successfully updated`,
-      );
-    }
-  }
-
-  private validateInputs(): void {
-    // Ensure that either `path-to-flake-dir` or `flake-dirs` is set to a meaningful value but not both
-    if (
-      this.flakeDirsInput !== null &&
-      this.flakeDirsInput.length > 0 &&
-      this.pathToFlakeDir !== null &&
-      this.pathToFlakeDir !== ""
-    ) {
-      throw new Error(
-        "Both `path-to-flake-dir` and `flake-dirs` are set, whereas only one can be",
-      );
-    }
-
-    // Ensure that `flake-dirs` isn't an empty array if set
-    if (this.flakeDirsInput !== null && this.flakeDirsInput.length === 0) {
-      throw new Error(
-        "The `flake-dirs` input is set to an empty array; it must contain at least one directory",
-      );
-    }
-
-    // Ensure that both `flake-dirs` and `inputs` aren't set at the same time
-    if (
-      this.flakeDirsInput !== null &&
-      this.flakeDirsInput.length > 0 &&
-      this.flakeInputs.length > 0
-    ) {
-      throw new Error(
-        `You've set both \`flake-dirs\` and \`inputs\` but you can only set one`,
-      );
-    }
-  }
-
-  private ensureDirectoryExists(flakeDir: string): void {
-    actionsCore.debug(`Checking that flake directory \`${flakeDir}\` exists`);
-
-    // Ensure the directory exists
-    fs.access(flakeDir, fs.constants.F_OK, (err) => {
-      if (err !== null) {
-        throw new Error(`Directory \`${flakeDir}\` doesn't exist`);
-      } else {
-        actionsCore.debug(`Flake directory \`${flakeDir}\` exists`);
-      }
-    });
-  }
-
-  private ensureDirectoryIsFlake(flakeDir: string): void {
-    const flakeDotNix = `${flakeDir}/flake.nix`;
-    if (!fs.existsSync(flakeDotNix)) {
-      throw new Error(
-        `Directory \`${flakeDir}\` is not a valid flake as it doesn't contain a \`flake.nix\``,
-      );
-    } else {
-      actionsCore.debug(`Directory \`${flakeDir}\` is a valid flake`);
-    }
-  }
-}
-
-function main(): void {
-  new UpdateFlakeLockAction().execute();
-}
-
-main();

src/nix.ts

@@ -1,18 +0,0 @@
-// Build the Nix args out of inputs from the Actions environment
-export function makeNixCommandArgs(
-  nixOptions: string[],
-  flakeInputs: string[],
-  commitMessage: string,
-): string[] {
-  const flakeInputFlags = flakeInputs.flatMap((input) => [
-    "--update-input",
-    input,
-  ]);
-
-  const updateLockMechanism = flakeInputFlags.length === 0 ? "update" : "lock";
-
-  return nixOptions
-    .concat(["flake", updateLockMechanism])
-    .concat(flakeInputFlags)
-    .concat(["--commit-lock-file", "--commit-lockfile-summary", commitMessage]);
-}

src/template.test.ts

@@ -1,75 +0,0 @@
-import { renderCommitMessage, renderPullRequestBody } from "./template.js";
-import { template } from "handlebars";
-import { Test, describe, expect, test } from "vitest";
-
-describe("templating", () => {
-  test("commit message", () => {
-    type TestCase = {
-      template: string;
-      flakeDotLockDir: string;
-      flakeDotLock: string;
-      expected: string;
-    };
-
-    const testCases: TestCase[] = [
-      {
-        template: "Updating flake.lock in dir {{ flake_dot_lock_dir }}",
-        flakeDotLockDir: ".",
-        flakeDotLock: "./flake.lock",
-        expected: "Updating flake.lock in dir .",
-      },
-      {
-        template:
-          "Here I go doing some updating of my pristine flake.lock at {{ flake_dot_lock }}",
-        flakeDotLockDir: "subflake",
-        flakeDotLock: "subflake/flake.lock",
-        expected:
-          "Here I go doing some updating of my pristine flake.lock at subflake/flake.lock",
-      },
-      {
-        template: "This variable doesn't exist: {{ foo }}",
-        flakeDotLockDir: ".",
-        flakeDotLock: "./flake.lock",
-        expected: "This variable doesn't exist: ",
-      },
-    ];
-
-    testCases.forEach(
-      ({ template, flakeDotLockDir, flakeDotLock, expected }) => {
-        expect(
-          renderCommitMessage(template, flakeDotLockDir, flakeDotLock),
-        ).toEqual(expected);
-      },
-    );
-  });
-
-  test("pull request body", () => {
-    type TestCase = {
-      template: string;
-      dirs: string[];
-      expected: string;
-    };
-
-    const testCases: TestCase[] = [
-      {
-        template: "Updated inputs: {{ comma_separated_dirs }}",
-        dirs: ["."],
-        expected: "Updated inputs: .",
-      },
-      {
-        template: "Updated inputs: {{ space_separated_dirs }}",
-        dirs: ["subflake", "subflake2"],
-        expected: "Updated inputs: subflake subflake2",
-      },
-      {
-        template: "Updated inputs:\n{{ updated_dirs_list }}",
-        dirs: ["flake1", "flake2"],
-        expected: `Updated inputs:\n* flake1\n* flake2`,
-      },
-    ];
-
-    testCases.forEach(({ template, dirs, expected }) => {
-      expect(renderPullRequestBody(template, dirs)).toEqual(expected);
-    });
-  });
-});

src/template.ts

@@ -1,39 +0,0 @@
-import Handlebars from "handlebars";
-
-export function renderPullRequestBody(
-  template: string,
-  dirs: string[],
-): string {
-  const commaSeparated = dirs.join(", ");
-  const spaceSeparated = dirs.join(" ");
-  const dirsList = dirs.map((d: string) => `* ${d}`).join("\n");
-
-  const tpl = Handlebars.compile(template);
-
-  return tpl({
-    // eslint-disable-next-line camelcase
-    comma_separated_dirs: commaSeparated,
-    // eslint-disable-next-line camelcase
-    space_separated_dirs: spaceSeparated,
-    // eslint-disable-next-line camelcase
-    updated_dirs_list: dirsList,
-  });
-}
-
-export function renderCommitMessage(
-  template: string,
-  flakeDotLockDir: string,
-  flakeDotLock: string,
-): string {
-  return render(template, {
-    // eslint-disable-next-line camelcase
-    flake_dot_lock_dir: flakeDotLockDir,
-    // eslint-disable-next-line camelcase
-    flake_dot_lock: flakeDotLock,
-  });
-}
-
-function render(template: string, inputs: Record<string, string>): string {
-  const tpl = Handlebars.compile(template);
-  return tpl(inputs);
-}

src/update-flake-lock.test.ts

@@ -1,74 +0,0 @@
-import { makeNixCommandArgs } from "./nix.js";
-import { expect, test } from "vitest";
-
-test("Nix command arguments", () => {
-  type TestCase = {
-    inputs: {
-      nixOptions: string[];
-      flakeInputs: string[];
-      commitMessage: string;
-    };
-    expected: string[];
-  };
-
-  const testCases: TestCase[] = [
-    {
-      inputs: {
-        nixOptions: ["--log-format", "raw"],
-        flakeInputs: [],
-        commitMessage: "just testing",
-      },
-      expected: [
-        "--log-format",
-        "raw",
-        "flake",
-        "update",
-        "--commit-lock-file",
-        "--commit-lockfile-summary",
-        "just testing",
-      ],
-    },
-    {
-      inputs: {
-        nixOptions: [],
-        flakeInputs: ["nixpkgs", "rust-overlay"],
-        commitMessage: "just testing",
-      },
-      expected: [
-        "flake",
-        "lock",
-        "--update-input",
-        "nixpkgs",
-        "--update-input",
-        "rust-overlay",
-        "--commit-lock-file",
-        "--commit-lockfile-summary",
-        "just testing",
-      ],
-    },
-    {
-      inputs: {
-        nixOptions: ["--debug"],
-        flakeInputs: [],
-        commitMessage: "just testing",
-      },
-      expected: [
-        "--debug",
-        "flake",
-        "update",
-        "--commit-lock-file",
-        "--commit-lockfile-summary",
-        "just testing",
-      ],
-    },
-  ];
-
-  testCases.forEach(({ inputs, expected }) => {
-    const args = makeNixCommandArgs(
-      inputs.nixOptions,
-      inputs.flakeInputs,
-      inputs.commitMessage,
-    );
-    expect(args).toStrictEqual(expected);
-  });
-});

tsconfig.json

@@ -1,15 +0,0 @@
-{
-  "compilerOptions": {
-    "target": "ES2020" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */,
-    "module": "Node16",
-    "moduleResolution": "NodeNext",
-    "outDir": "./dist",
-    "rootDir": "./src",
-    "strict": true /* Enable all strict type-checking options. */,
-    "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
-    "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
-    "resolveJsonModule": true,
-    "declaration": true
-  },
-  "exclude": ["node_modules", "**/*.test.ts", "dist"]
-}

tsup.config.ts

@@ -1,16 +0,0 @@
-import { name } from "./package.json";
-import { defineConfig } from "tsup";
-
-export default defineConfig({
-  name,
-  entry: ["src/index.ts"],
-  format: ["esm"],
-  target: "node20",
-  bundle: true,
-  splitting: false,
-  sourcemap: true,
-  clean: true,
-  dts: {
-    resolve: true,
-  },
-});

update-flake-lock.sh

@@ -0,0 +1,23 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [[ -n "$PATH_TO_FLAKE_DIR" ]]; then
+  cd "$PATH_TO_FLAKE_DIR"
+fi
+
+options=()
+if [[ -n "$NIX_OPTIONS" ]]; then
+    for option in $NIX_OPTIONS; do
+        options+=("${option}")
+    done
+fi
+
+if [[ -n "$TARGETS" ]]; then
+    inputs=()
+    for input in $TARGETS; do
+        inputs+=("--update-input" "$input")
+    done
+    nix "${options[@]}" flake lock "${inputs[@]}" --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+else
+    nix "${options[@]}" flake update --commit-lock-file --commit-lockfile-summary "$COMMIT_MSG"
+fi