chore(deps): update cachix/install-nix-action action to v25

.forgejo/workflows/go.yaml

@@ -11,10 +11,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
 
     - name: Set up Go
-      uses: actions/setup-go@v4
+      uses: actions/setup-go@v5
       with:
         go-version: '1.21'
 

.forgejo/workflows/nix.yaml

@@ -10,9 +10,11 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
-    - uses: cachix/install-nix-action@v22
+    - run: apt-get update && apt-get install -y sudo
+    - run: mkdir /var/empty && chown root:root /var/empty && chmod 555 /var/empty
+    - uses: cachix/install-nix-action@v25
       with:
-        github_access_token: ${{ secrets.GITHUB_TOKEN }}
+        github_access_token: ${{ secrets.GH_TOKEN }}
     - run: nix build
     - run: nix flake check

flake.nix

@@ -9,11 +9,12 @@
   };
 
   outputs = inputs @ {flake-parts, ...}:
-    flake-parts.lib.mkFlake {inherit inputs;} {
+    flake-parts.lib.mkFlake {inherit inputs;} ({withSystem, ...}: {
       imports = [
         inputs.treefmt-nix.flakeModule
       ];
       systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"];
+
       perSystem = {
         config,
         self',
@@ -32,12 +33,38 @@
 
         packages.default = pkgs.buildGoApplication {
           pname = "sealme";
-          version = "0.1";
+          version = "0.2.0";
           pwd = ./.;
           src = ./.;
           modules = ./gomod2nix.toml;
         };
 
+        packages.sealme = config.packages.default;
+
+        packages.ksecret = let
+          build-inputs = with pkgs; [kubectl yq-go];
+          script = (pkgs.writeScriptBin "ksecret" (builtins.readFile ./scripts/ksecret.sh)).overrideAttrs (old: {
+            buildComamnd = "${old.buildCommand}\n patchShebangs $out";
+          });
+          completion-zsh =
+            pkgs.writeTextDir "share/zsh/site-functions/_ksecret"
+            ''
+              compdef _ksecret ksecret
+              _ksecret() {
+                  service=kubectl
+                  CURRENT+=2
+                  words="kubectl get secrets ''${words[@]:1}"
+                  _kubectl
+              }
+            '';
+        in
+          pkgs.symlinkJoin {
+            name = "ksecret";
+            paths = [script completion-zsh];
+            buildInputs = [pkgs.makeWrapper];
+            postBuild = "wrapProgram $out/bin/ksecret --prefix PATH : ${pkgs.lib.makeBinPath build-inputs}";
+          };
+
         treefmt = {
           projectRootFile = ".git/config";
           programs = {
@@ -55,7 +82,15 @@
           ];
         };
       };
+
       flake = {
+        overlays.default = final: prev:
+          withSystem prev.stdenv.hostPlatform.system (
+            {config, ...}: {
+              sealme = config.packages.sealme;
+              ksecret = config.packages.ksecret;
+            }
+          );
       };
-    };
+    });
 }

scripts/ksecret.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+kubectl get secrets $@ -o yaml | yq '.stringData = .data | del(.data) | .stringData.* |= @base64d'