Setup semantic-release (#8)

* Minor refactor to packages output

* Setup semantic-release

* Test release workflow

* Testing release workflow from feature branch

* Granting extra permissions to the injected token

* Move release steps to a separate workflow

* Rename CI workflow to Build

* Update status badges

* Remove extra line

* Update semantic-release config

* Testing release workflow

* Revert "Testing release workflow"

This reverts commit 84935b6.

* Update README

* Fix status badge

* Disable commenting on issues and pull requests

* Only push to Cachix from the default branch

* Increase timeout for templates

* Limit release workflow to main branch only

* Add missing permissions to release workflow

Author: sestrella

.github/workflows/ci.yml .github/workflows/build.yml

@@ -1,9 +1,9 @@
-name: CI
+name: Build
 
 on: push
 
 concurrency:
-  group: ci-${{ github.ref }}
+  group: build-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:
@@ -22,6 +22,7 @@ jobs:
         with:
           name: nixpkgs-terraform
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          skipPush: ${{ github.ref_name != 'main' }}
       - name: Build all packages
         run: nix flake check --impure
         env:
@@ -33,7 +34,7 @@ jobs:
         template: [default, devenv]
       fail-fast: true
     runs-on: ubuntu-latest
-    timeout-minutes: 2
+    timeout-minutes: 4
     needs: [build]
     steps:
       - name: Checkout code

.github/workflows/release.yml

@@ -0,0 +1,33 @@
+name: Release
+
+on:
+  workflow_run:
+    workflows: [Build]
+    types: [completed]
+    branches: [main]
+
+concurrency:
+  group: release
+  cancel-in-progress: true
+
+jobs:
+  release:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v6
+      - name: Install tools via Nix
+        run: nix develop --check
+      - name: Install dependencies
+        run: nix develop -c npm ci
+      - name: Run semantic-release
+        run: nix develop -c npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -1,4 +1,5 @@
 .direnv
 .env
+node_modules
 result
 templates/*/flake.lock

.releaserc.yml

@@ -0,0 +1,5 @@
+branches: [main]
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - ["@semantic-release/github", { successComment: false }]

README.md

@@ -1,7 +1,8 @@
 # nixpkgs-terraform
 
-[![CI](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/ci.yml/badge.svg)](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/ci.yml)
+[![Build](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/build.yml/badge.svg)](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/build.yml)
 [![Update](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/update.yml/badge.svg)](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/update.yml)
+[![Release](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/release.yml/badge.svg)](https://github.com/stackbuilders/nixpkgs-terraform/actions/workflows/release.yml)
 
 A collection of Terraform versions that are automatically updated.
 
@@ -123,10 +124,17 @@ Do you want to contribute to this project? Please take a look at our
 [contributing guideline](docs/CONTRIBUTING.md) to know how you can help us
 build it.
 
+Aside from the contribution guidelines outlined above, this project uses
+[semantic-release] to automate version management; thus, we encourage
+contributors to follow the commit conventions outlined
+[here](https://semantic-release.gitbook.io/semantic-release/#commit-message-format)
+to make it easier for maintainers to release new changes.
+
 ---
 <img src="https://www.stackbuilders.com/media/images/Sb-supports.original.png"
 alt="Stack Builders" width="50%"></img>  
 [Check out our libraries](https://github.com/stackbuilders/) | [Join our
 team](https://www.stackbuilders.com/join-us/)
 
 [nix-shell]: https://nixos.wiki/wiki/Development_environment_with_nix-shell
+[semantic-release]: https://semantic-release.gitbook.io/semantic-release/

flake.nix

@@ -26,20 +26,16 @@
                 ])
               )
               pkgs-unstable.nix-prefetch
+              pkgs.nodejs
             ];
           };
           # https://github.com/NixOS/nix/issues/7165
           checks = self.packages.${system};
-          packages = builtins.listToAttrs
-            (builtins.map
-              (version: {
-                name = version;
-                value = self.lib.buildTerraform {
-                  inherit system version;
-                  inherit (versions.${version}) hash vendorHash;
-                };
-              })
-              (builtins.attrNames versions));
+          packages = builtins.mapAttrs
+            (version: { hash, vendorHash }: self.lib.buildTerraform {
+              inherit system version hash vendorHash;
+            })
+            versions;
         }) // {
       lib.buildTerraform = { system, version, hash, vendorHash }:
         let