feat: initial implementation (#1)

- The initial implementation for the action.
  - `/tools/run_nix_shell.sh`: The core logic for the action.
  - `/action.yaml`: The GitHub action definition.
- Nix configuration files to support the testing of the action
(`/flake.nix`, `/flake.lock`, `/nixpkgs.nix`).
- Unit tests (`/tests/tools_tests`) that can be exercised using Bazel.
- Files used in the integration tests (`/tests/integration_tests`). The
actual integration tests are defined in the CI workflow file.
- A CI workflow to test PRs and run a daily build.
- `README.md` with usage information.

Related to https://github.com/tweag/scalable-builds-group/issues/97.
Related to https://github.com/tweag/scalable-builds-group/issues/138.

Author: cgrindel

.bazelrc

@@ -0,0 +1,22 @@
+build --enable_bzlmod
+
+# CI Configuration
+# ----------------
+common:ci --announce_rc
+test:ci --test_output=errors --test_summary=terse
+
+# MacOS CI Configuration
+# ----------------------
+# The unit tests have a tendency to timeout when executed on the GH macos 
+# runners. So, we reduce the number of parallel jobs and increase the timeout 
+# for the tests.
+common:macos_ci --jobs=2
+common:macos_ci --test_timeout=600
+
+# Remote Cache Authentication
+# ---------------------------
+try-import %workspace%/.bazelrc.auth
+
+# User Configuration
+# ------------------
+try-import %workspace%/.bazelrc.local

.envrc

@@ -0,0 +1 @@
+use flake

.github/actions/set_up_runner/action.yaml

@@ -0,0 +1,26 @@
+name: Set up GitHub runner
+
+inputs:
+  github_token:
+    type: string
+
+runs:
+  using: composite
+  steps:
+    - uses: DeterminateSystems/nix-installer-action@v9
+      with:
+        github-token: ${{ inputs.github_token }}
+    - uses: DeterminateSystems/magic-nix-cache-action@v2
+    - name: Configure
+      shell: bash
+      run: |
+        cat >>.bazelrc.local <<EOF
+        common --config=ci
+        EOF
+    - name: Configure MacOS
+      if: ${{ runner.os == 'macOS' }}
+      shell: bash
+      run: |
+        cat >>.bazelrc.local <<EOF
+        common --config=macos_ci
+        EOF

.github/workflows/ci.yaml

@@ -0,0 +1,80 @@
+name: Continuous integration
+on:
+  push:
+    branches: main
+  pull_request:
+    branches: main
+  workflow_dispatch: # allows manual triggering
+  schedule:
+    - cron: '1 11 * * *'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}
+
+jobs:
+  unit_tests:
+    name: Unit Tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: ./.github/actions/set_up_runner
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Execute Bazel tests
+        shell: bash
+        run: bazel test //...
+  
+  integration_tests:
+    name: Integration Tests
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
+      - uses: ./.github/actions/set_up_runner
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Execute simple
+        uses: ./
+        with:
+          verbose: true
+          working-directory: ./tests/integration_tests
+          options: |
+            --arg customVarBool true
+            --argstr customVarStr "Hello, World!"
+          run: |
+            echo "FIRST" > integration_test.out
+            echo "${CUSTOM_VAR_BOOL}" >> integration_test.out
+            echo "${CUSTOM_VAR_STR}" >> integration_test.out
+      - name: Confirm output
+        shell: bash
+        run: |
+          output="$(<./tests/integration_tests/integration_test.out)"
+          expected="$(cat <<-EOF
+          FIRST
+          true
+          Hello, World!
+          EOF
+          )"
+          [[ "${output}" == "${expected}" ]] || \
+            (echo >&2 "Ouptput from integration test does not match:" "${output}"; exit 1)
+
+  all_ci_tests:
+    runs-on: ubuntu-latest
+    needs:
+      - unit_tests
+      - integration_tests
+    if: ${{ always() }}
+    steps:
+      - uses: cgrindel/gha_join_jobs@794a2d117251f22607f1aab937d3fd3eaaf9a2f5 # v1
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -0,0 +1,3 @@
+bazel-*
+
+.direnv

BUILD.bazel

@@ -0,0 +1,10 @@
+# exports_files(["flake.lock"])
+
+filegroup(
+    name = "flake_files",
+    srcs = [
+        "flake.lock",
+        "flake.nix",
+    ],
+    visibility = ["//:__subpackages__"],
+)

MODULE.bazel

@@ -0,0 +1,15 @@
+module(
+    name = "run_nix_shell",
+    version = "0.0.0",
+)
+
+bazel_dep(
+    name = "rules_nixpkgs_core",
+    version = "0.10.0",
+)
+
+bazel_dep(
+    name = "cgrindel_bazel_starlib",
+    version = "0.18.1",
+    dev_dependency = True,
+)

README.md

@@ -1,2 +1,64 @@
-# run-nix-shell
-GitHub action for executing scripts via nix-shell.
+# Execute scripts using `nix-shell`
+
+[![Continuous Integration](https://github.com/tweag/run-nix-shell/actions/workflows/ci.yaml/badge.svg?event=schedule)](https://github.com/tweag/run-nix-shell/actions/workflows/ci.yaml)
+
+Executes a script or script file using `nix-shell`.
+
+## Usage
+
+To use this action, install Nix on your runner and start executing scripts.
+
+```yaml
+name: Example
+on:
+  workflow_dispatch: # allows manual triggering
+
+jobs:
+  run_under_nix:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@v9
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Execute script in Nix shell
+        uses: tweag/run-nix-shell@v0
+        with:
+          run: |
+            set -o errexit -o nounset -o pipefail
+            echo "Hello"
+
+      - name: Execute script file
+        uses: tweag/run-nix-shell@v0
+        with:
+          run: path/to/my/script
+
+      - name: Configure Nix shell before executing script
+        uses: tweag/run-nix-shell@v0
+        with:
+          options: |
+            --arg myNixArg true
+            --argstr anotherNixArg "Hello, World!"
+          run: |
+            set -o errexit -o nounset -o pipefail
+            echo "Hello"
+
+      - name: Execute script in a specific directory
+        uses: tweag/run-nix-shell@v0
+        with:
+          working-directory: my/working/directory
+          run: |
+            set -o errexit -o nounset -o pipefail
+            echo "${PWD}"
+```
+
+## Inputs
+
+| Input | Description |
+| ----- | ----------- |
+| `run` | The script to be executed using `nix-shell`. This can be the actual script or a path to as cript file. |
+| `options` | Any options that you want to pass to `nix-shell`. |
+| `working-directory` | This will be the current working direcotry when the script is executed. |
+| `verbose` | Enables additional output for debugging this action. |

WORKSPACE

@@ -0,0 +1 @@
+# Intentionally blank; using bzlmod

WORKSPACE.bzlmod

@@ -0,0 +1,2 @@
+# Intentionally blank
+# This file exists to force bzlmod into a strict mode.