Merge branch 'main' into direnv-respect-config

Author: mikeland73

.envrc

@@ -1,7 +1,9 @@
+#!/bin/bash
+
 # Automatically sets up your devbox environment whenever you cd into this
 # directory via our direnv integration:
 
 eval "$(devbox generate direnv --print-envrc)"
 
-# check out https://www.jetify.com/devbox/docs/ide_configuration/direnv/
+# check out https://www.jetify.com/docs/devbox/ide_configuration/direnv/
 # for more details

.github/workflows/cache-upload.yml

@@ -21,6 +21,10 @@ env:
   DEVBOX_API_TOKEN: ${{ secrets.DEVBOX_API_TOKEN }}
   DEVBOX_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   DEVBOX_DEBUG: 1
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  # I think this should be added to individual nix commands within devbox, but this is quick fix for now
+  NIX_CONFIG: |
+    access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
 
 jobs:
   upload-cache:
@@ -44,7 +48,7 @@ jobs:
           sudo mv ./dist/devbox /usr/local/bin/
 
       # - name: Install devbox
-      #   uses: jetify-com/devbox-install-action@v0.11.0
+      #   uses: jetify-com/devbox-install-action@v0.14.0
       #   with:
       #     enable-cache: true
 

.github/workflows/cli-tests.yaml

@@ -39,15 +39,18 @@ defaults:
     shell: bash
 
 env:
-  HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  DEVBOX_DEBUG: 1
   DEVBOX_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   HOMEBREW_NO_ANALYTICS: 1
   HOMEBREW_NO_AUTO_UPDATE: 1
   HOMEBREW_NO_EMOJI: 1
   HOMEBREW_NO_ENV_HINTS: 1
   HOMEBREW_NO_INSTALL_CLEANUP: 1
-  DEVBOX_DEBUG: 1
-
+  NIX_CONFIG: |
+    access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+    
 jobs:
   build-devbox:
     strategy:
@@ -82,10 +85,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
+      - name: Install devbox
+        uses: jetify-com/devbox-install-action@jl/migrate-installer
+        with:
+          enable-cache: true
       - name: Build flake
         run: |
-          if ! nix build .; then
+          if ! devbox run build-flake; then
             echo "::warning::If this fails, you probably have to run 'devbox run update-hash'"
             exit 1
           fi
@@ -101,7 +107,7 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install devbox
-        uses: jetify-com/devbox-install-action@v0.11.0
+        uses: jetify-com/devbox-install-action@jl/migrate-installer
         with:
           enable-cache: true
 
@@ -131,7 +137,7 @@ jobs:
         # 1. the oldest supported nix version (which is 2.9.0? But determinate-systems installer has 2.12.0)
         # 2. nix 2.19.2: version before nix profile changes
         # 2. latest nix version (note, 2.20.1 introduced a new profile change)
-        nix-version: ["2.12.0", "2.19.2", "2.20.1"]
+        nix-version: ["2.12.0", "2.19.2", "2.30.2"]
         exclude:
           # Only runs tests on macos if explicitly requested, or on a schedule
           - os: "${{ (inputs.run-mac-tests || github.event.schedule != '') && 'dummy' || 'macos-13' }}"
@@ -145,16 +151,12 @@ jobs:
       DEVBOX_DEBUG: ${{ (matrix.run-project-tests == 'project-tests-off' || inputs.example-debug) && '1' || '0' }}
       DEVBOX_GOLANG_TEST_TIMEOUT: "${{ (github.ref == 'refs/heads/main' || inputs.run-mac-tests) && '1h' || '30m' }}"
     steps:
-      - name: Maximize build disk space
-        uses: easimon/maximize-build-space@v10
-        if: matrix.os == 'ubuntu-latest'
-        with:
-          root-reserve-mb: 32768
-          temp-reserve-mb: 10000
-          remove-dotnet: true
-          remove-android: true
-          remove-haskell: true
-          remove-codeql: true
+      - name: clear directories to reduce disk usage
+        # https://github.com/actions/runner-images/issues/2840#issuecomment-1284059930
+        run: |
+          sudo rm -rf /usr/share/dotnet
+          sudo rm -rf "$AGENT_TOOLSDIRECTORY"
+
       - uses: actions/checkout@v4
       - name: Mount golang cache
         uses: actions/cache@v4
@@ -173,9 +175,33 @@ jobs:
             brew install dash zsh
           fi
       - name: Install devbox
-        uses: jetify-com/devbox-install-action@v0.11.0
+        uses: jetify-com/devbox-install-action@jl/migrate-installer
         with:
           enable-cache: true
+      - name: Setup Nix GitHub authentication
+        run: |
+          # Setup github authentication to ensure Github's rate limits are not hit
+          # For macOS, we need to configure the system-wide nix.conf because the Nix daemon
+          # runs as a different user and doesn't read the user's ~/.config/nix/nix.conf
+          if [ "$RUNNER_OS" == "macOS" ]; then
+            echo "Configuring system-wide Nix config for macOS daemon"
+            # Ensure /etc/nix directory exists
+            if [ ! -d /etc/nix ]; then
+              sudo mkdir -p /etc/nix
+            fi
+            # Check if file exists, create it if not
+            if [ ! -f /etc/nix/nix.conf ]; then
+              echo "# Nix configuration" | sudo tee /etc/nix/nix.conf > /dev/null
+            fi
+            echo "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" | sudo tee -a /etc/nix/nix.conf
+            # Restart nix daemon to pick up the new configuration
+            sudo launchctl stop org.nixos.nix-daemon || true
+            sudo launchctl start org.nixos.nix-daemon || true
+            sleep 2  # Give daemon time to restart
+          fi
+          # For Linux and as a backup for macOS, also configure user config
+          mkdir -p ~/.config/nix
+          echo "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" > ~/.config/nix/nix.conf
       - name: Run fast tests
         if: matrix.run-project-tests == 'project-tests-off'
         run: |
@@ -215,12 +241,28 @@ jobs:
           export NIX_INSTALLER_NO_CHANNEL_ADD=1
           export DEVBOX_FEATURE_DETSYS_INSTALLER=${{ matrix.use-detsys }}
 
-          # Setup github authentication to ensure Github's rate limits are not hit.
-          # If this works, we can consider refactoring this into a reusable github action helper.
+          # Setup github authentication BEFORE running devbox to ensure Github's rate limits are not hit.
+          # Configure user config first (Nix installer will respect this)
           mkdir -p ~/.config/nix
           echo "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" > ~/.config/nix/nix.conf
 
+          # Run devbox which will auto-install Nix if needed
           devbox run echo "Installing packages..."
+
+          # After Nix is installed, configure system-wide config for the daemon on macOS
+          if [ "$RUNNER_OS" == "macOS" ]; then
+            echo "Configuring system-wide Nix config for macOS daemon"
+            # Check if file exists, create directory if needed
+            if [ ! -f /etc/nix/nix.conf ]; then
+              sudo mkdir -p /etc/nix
+              echo "# Nix configuration" | sudo tee /etc/nix/nix.conf > /dev/null
+            fi
+            echo "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" | sudo tee -a /etc/nix/nix.conf
+            # Restart nix daemon to pick up the new configuration
+            sudo launchctl stop org.nixos.nix-daemon || true
+            sudo launchctl start org.nixos.nix-daemon || true
+            sleep 2  # Give daemon time to restart
+          fi
       - name: Test removing package
         run: devbox rm go
 

.github/workflows/random-reviewer-assignment.yml

@@ -0,0 +1,89 @@
+name: Random Reviewer Assignment
+on:
+  pull_request:
+    types: [opened]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+env:
+  GITHUB_TOKEN: ${{ secrets.GH_TOKEN_FOR_PR_ASSIGNMENT }}
+
+jobs:
+  assign-reviewer:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Randomly assign reviewer from team
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const TRIAGE_USERNAME = 'Lagoja';
+            const EXCLUDE_USERNAMES = ['jetpack-io-bot'];
+
+            try {
+              const authenticatedUser = await github.rest.users.getAuthenticated();
+              
+              const teamMembers = await github.rest.teams.listMembersInOrg({
+                org: 'jetify-com',
+                team_slug: 'eng'
+              });
+              
+              const prAuthor = context.payload.pull_request.user.login.toLowerCase();
+              const prAuthorId = context.payload.pull_request.user.id;
+              const authenticatedUserLower = authenticatedUser.data.login.toLowerCase();
+
+              // If the PR author is already a member of the team, we can skip random assignment
+              const isPrAuthorInTeam = teamMembers.data.some(member => 
+                member.login.toLowerCase() === prAuthor && member.id === prAuthorId
+              );
+
+              if (isPrAuthorInTeam) {
+                console.log(`PR author ${prAuthor} is already a team member, skipping random assignment.`);
+                return;
+              }
+              
+              // Get eligible reviewers (excluding PR author, authenticated user, and lagoja)
+              const eligibleReviewers = teamMembers.data
+                .filter(member => {
+                  const loginLower = member.login.toLowerCase();
+                  
+                  // Exclude authenticated user
+                  const isNotAuthenticatedUser = member.id !== authenticatedUser.data.id;
+                  const isNotTriage = loginLower !== TRIAGE_USERNAME.toLowerCase();
+                  const isNotExcludedUsername = !EXCLUDE_USERNAMES.includes(loginLower);
+
+                  return isNotAuthenticatedUser && isNotTriage && isNotExcludedUsername;
+                })
+                .map(member => member.login);
+              
+              console.log(`Eligible reviewers: ${eligibleReviewers.join(', ')}`);
+              
+              if (eligibleReviewers.length === 0) {
+                console.log('No eligible reviewers found');
+                return;
+              }
+              
+              const randomReviewer = eligibleReviewers[Math.floor(Math.random() * eligibleReviewers.length)];
+              const reviewers = [randomReviewer];
+
+              // Only add TRIAGE_USERNAME if they're not the PR author and not the authenticated user
+              if (prAuthor !== TRIAGE_USERNAME.toLowerCase() && 
+                  authenticatedUserLower !== TRIAGE_USERNAME.toLowerCase()) {
+                reviewers.push(TRIAGE_USERNAME);
+              }
+              
+              console.log(`Final reviewers: ${reviewers.join(', ')}`);
+              
+              console.log(`Assigning reviewers: ${reviewers.join(', ')}`);
+              
+              await github.rest.pulls.requestReviewers({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.payload.pull_request.number,
+                reviewers
+              });
+              
+            } catch (error) {
+              console.error('Error assigning reviewer:', error);
+            }

README.md

@@ -47,7 +47,7 @@ curl -fsSL https://get.jetify.com/devbox | bash
 ```
 
 Read more on the
-[Devbox docs](https://www.jetify.com/devbox/docs/installing_devbox/).
+[Devbox docs](https://www.jetify.com/devbox/docs/installing-devbox/).
 
 ## Benefits
 

devbox.json

@@ -50,6 +50,7 @@
         "go mod vendor -o $vendor",
         "nix hash path $vendor >vendor-hash"
       ],
+      "build-flake": "nix build .",
       "tidy": ["go mod tidy", "devbox run update-hash"],
       // docker-testscripts runs the testscripts with Docker to exercise
       // Linux-specific tests. It invokes the test binary directly, so any extra