feat(back): #1202 new major

- Release new major version
- This version will incorporate breaking changes brought after
nixos 25.05
- Stop supporting nix unstable in CLI
- Pin nix to 2.15

Signed-off-by: Daniel Salazar <podany270895@gmail.com>

.github/workflows/prod.yml

@@ -77,15 +77,15 @@ jobs:
           token: ${{ github.token }}
       - uses: richardsimko/update-tag@5bd0e05b035e02d5da3768dbdcfc4e5e0908623e
         with:
-          tag_name: "23.07"
+          tag_name: "24.01"
         env:
           GITHUB_TOKEN: ${{ github.token }}
       - uses: johnwbyrd/update-release@1d5ec4791e40507e5eca3b4dbf90f0b27e7e4979
         with:
           files: README.md
-          release: "23.07"
+          release: "24.01"
           prerelease: true
-          tag: "23.07"
+          tag: "24.01"
           token: ${{ github.token }}
   linux_all:
     runs-on: ubuntu-latest

docs/src/api/builtins/utilities.md

@@ -9,7 +9,7 @@ You can generate a `package-lock.json` for
 like this:
 
 ```bash
-m github:fluidattacks/makes@23.07 /utils/makeNodeJsLock \
+m github:fluidattacks/makes@24.01 /utils/makeNodeJsLock \
   "${node_js_version}" \
   "${package_json_dir}"
 ```
@@ -27,7 +27,7 @@ You can generate a `sourcesYaml` for
 like this:
 
 ```bash
-m github:fluidattacks/makes@23.07 /utils/makePythonLock \
+m github:fluidattacks/makes@24.01 /utils/makePythonLock \
   "${python_version}" \
   "${dependencies_yaml}" \
   "${sources_yaml}"
@@ -53,7 +53,7 @@ You can generate a `sourcesYaml` for
 like this:
 
 ```bash
-m github:fluidattacks/makes@23.07 /utils/makeRubyLock \
+m github:fluidattacks/makes@24.01 /utils/makeRubyLock \
   "${ruby_version}" \
   "${dependencies_yaml}" \
   "${sources_yaml}"
@@ -77,7 +77,7 @@ m github:fluidattacks/makes@23.07 /utils/makeRubyLock \
 You can generate an encrypted [Sops](https://github.com/mozilla/sops) file like this:
 
 ```bash
-m github:fluidattacks/makes@23.07 /utils/makeSopsEncryptedFile \
+m github:fluidattacks/makes@24.01 /utils/makeSopsEncryptedFile \
   "${kms_key_arn}" \
   "${output}"
 ```

docs/src/getting-started.md

@@ -12,7 +12,7 @@
 1. Install Makes:
 
     ```bash
-    nix-env -if https://github.com/fluidattacks/makes/archive/23.07.tar.gz
+    nix-env -if https://github.com/fluidattacks/makes/archive/24.01.tar.gz
     ```
 
 ## Usage
@@ -85,7 +85,7 @@ Example:
         runs-on: ubuntu-latest
         steps:
           - uses: actions/checkout@f095bcc56b7c2baf48f3ac70d6d6782f4f553222
-          - uses: docker://ghcr.io/fluidattacks/makes/amd64:23.07
+          - uses: docker://ghcr.io/fluidattacks/makes/amd64:24.01
             name: helloWorld
             with:
               args: m . /helloWorld 1 2 3
@@ -96,7 +96,7 @@ Example:
     ```yaml
     # .gitlab-ci.yml
     /helloWorld:
-      image: ghcr.io/fluidattacks/makes/amd64:23.07
+      image: ghcr.io/fluidattacks/makes/amd64:24.01
       script:
         - m . /helloWorld 1 2 3
     ```
@@ -108,7 +108,7 @@ Example:
     os: linux
     language: nix
     nix: 2.3.12
-    install: nix-env -if https://github.com/fluidattacks/makes/archive/23.07.tar.gz
+    install: nix-env -if https://github.com/fluidattacks/makes/archive/24.01.tar.gz
     jobs:
       include:
         - script: m . /helloWorld 1 2 3
@@ -123,7 +123,7 @@ let
   # Import the framework
   makes = import "${builtins.fetchGit {
     url = "https://github.com/fluidattacks/makes";
-    ref = "refs/tags/23.07";
+    ref = "refs/tags/24.01";
     rev = ""; # Add a commit here
   }}/src/args/agnostic.nix" { };
 in

docs/src/versioning.md

@@ -37,7 +37,7 @@ for instance:
 {
   makesSrc = builtins.fetchGit {
     url = "https://github.com/fluidattacks/makes";
-    ref = "refs/tags/23.07";
+    ref = "refs/tags/24.01";
     rev = ""; # Add a commit here
   };
 }
@@ -48,4 +48,4 @@ for instance:
 For the whole ecosystem to work
 you need to use the **same version**
 of the framework and the CLI.
-For example: `23.07`.
+For example: `24.01`.

makes.nix

@@ -57,7 +57,7 @@
         registry = "ghcr.io";
         src = outputs."/container-image";
         sign = true;
-        tag = "fluidattacks/makes/amd64:23.07";
+        tag = "fluidattacks/makes/amd64:23.12";
       };
       makesPinnedArm64 = {
         attempts = 3;
@@ -68,7 +68,7 @@
         registry = "ghcr.io";
         src = outputs."/container-image";
         sign = true;
-        tag = "fluidattacks/makes/arm64:23.07";
+        tag = "fluidattacks/makes/arm64:24.01";
       };
     };
   };

makes/cli/env/runtime/main.nix

@@ -11,7 +11,7 @@ makeSearchPaths {
     __nixpkgs__.git
     __nixpkgs__.gnutar
     __nixpkgs__.gzip
-    __nixpkgs__.nixStable
+    __nixpkgs__.nixVersions.nix_2_15
     __nixpkgs__.openssh
   ];
   source = [

makes/main.nix

@@ -5,7 +5,7 @@
   projectPath,
   ...
 }: let
-  makesVersion = "23.07";
+  makesVersion = "24.01";
 in
   makeScript {
     aliases = [
@@ -15,13 +15,11 @@ in
     ];
     replace = {
       __argMakesSrc__ = projectPath "/";
-      __argNixStable__ = __nixpkgs__.nixStable;
-      __argNixUnstable__ = __nixpkgs__.nixUnstable;
+      __argNix__ = __nixpkgs__.nixVersions.nix_2_15;
     };
     entrypoint = ''
       __MAKES_SRC__=__argMakesSrc__ \
-      __NIX_STABLE__=__argNixStable__ \
-      __NIX_UNSTABLE__=__argNixUnstable__ \
+      __NIX__=__argNix__ \
       python -u __argMakesSrc__/src/cli/main/__main__.py "$@"
     '';
     searchPaths.source = [

src/cli/main/cli.py

@@ -78,12 +78,11 @@
 makedirs(MAKES_DIR, exist_ok=True)
 SOURCES_CACHE: str = join(MAKES_DIR, "sources")
 ON_EXIT: List[Callable[[], None]] = []
-VERSION: str = "23.07"
+VERSION: str = "24.01"
 
 # Environment
 __MAKES_SRC__: str = environ["__MAKES_SRC__"]
-__NIX_STABLE__: str = environ["__NIX_STABLE__"]
-__NIX_UNSTABLE__: str = environ["__NIX_UNSTABLE__"]
+__NIX__: str = environ["__NIX__"]
 
 
 # Feature flags
@@ -101,10 +100,6 @@
 if K8S_COMPAT:
     CON.out("Using feature flag: MAKES_K8S_COMPAT")
 
-NIX_STABLE: bool = not bool(environ.get("MAKES_NIX_UNSTABLE"))
-if not NIX_STABLE:
-    CON.out("Using feature flag: MAKES_NIX_UNSTABLE")
-
 
 def _if(condition: Any, *value: Any) -> List[Any]:
     return list(value) if condition else []
@@ -118,11 +113,7 @@ def _clone_src(src: str) -> str:
     ON_EXIT.append(partial(shutil.rmtree, head, ignore_errors=True))
 
     if abspath(src) == CWD:  # `m .` ?
-        if NIX_STABLE:
-            _clone_src_git_worktree_add(src, head)
-        else:
-            # Nix with Flakes already ensures a pristine git repo
-            head = src
+        _clone_src_git_worktree_add(src, head)
     else:
         if (
             (match := _clone_src_github(src))
@@ -286,16 +277,12 @@ def _nix_build(
             ]
         )
     return [
-        *_if(NIX_STABLE, f"{__NIX_STABLE__}/bin/nix-build"),
-        *_if(not NIX_STABLE, f"{__NIX_UNSTABLE__}/bin/nix"),
-        *_if(not NIX_STABLE, "--experimental-features", "flakes nix-command"),
-        *_if(not NIX_STABLE, "build"),
-        *_if(NIX_STABLE, "--argstr", "makesSrc", __MAKES_SRC__),
-        *_if(NIX_STABLE, "--argstr", "projectSrc", head),
+        *[f"{__NIX__}/bin/nix-build"],
+        *["--argstr", "makesSrc", __MAKES_SRC__],
+        *["--argstr", "projectSrc", head],
         *["--argstr", "attrPaths", attr_paths],
-        *_if(NIX_STABLE, "--attr", attr),
+        *["--attr", attr],
         *["--option", "cores", "0"],
-        *_if(not NIX_STABLE, "--impure"),
         *["--option", "narinfo-cache-negative-ttl", "1"],
         *["--option", "narinfo-cache-positive-ttl", "1"],
         *["--option", "max-jobs", "auto"],
@@ -305,15 +292,14 @@ def _nix_build(
         *_if(out, "--out-link", out),
         *_if(not out, "--no-out-link"),
         *["--show-trace"],
-        *_if(NIX_STABLE, f"{__MAKES_SRC__}/src/evaluator/default.nix"),
-        *_if(not NIX_STABLE, attr),
+        *[f"{__MAKES_SRC__}/src/evaluator/default.nix"],
     ]
 
 
 def _nix_hashes(paths: bytes) -> List[str]:
     cmd = [
         "xargs",
-        f"{__NIX_STABLE__}/bin/nix-store",
+        f"{__NIX__}/bin/nix-store",
         "--query",
         "--hash",
     ]
@@ -326,13 +312,13 @@ def _nix_hashes(paths: bytes) -> List[str]:
 
 def _nix_build_requisites(path: str) -> List[Tuple[str, str]]:
     """Answer the question: what do I need to build `out`."""
-    cmd = [f"{__NIX_STABLE__}/bin/nix-store", "--query", "--deriver", path]
+    cmd = [f"{__NIX__}/bin/nix-store", "--query", "--deriver", path]
     out, stdout, _ = _run_outputs(cmd, stderr=None)
     if out != 0:
         raise SystemExit(out)
 
     cmd = [
-        f"{__NIX_STABLE__}/bin/nix-store",
+        f"{__NIX__}/bin/nix-store",
         "--query",
         "--requisites",
         "--include-outputs",
@@ -358,8 +344,8 @@ def _get_head(src: str) -> str:
     CON.out()
     head: str = _clone_src(src)
 
-    # Applies only to local repositories on non-flakes Nix
-    if abspath(src) == CWD and NIX_STABLE:  # `m .` ?
+    # Applies only to local repositories
+    if abspath(src) == CWD:  # `m .` ?
         paths: Set[str] = set()
 
         # Propagated `git add`ed files
@@ -410,15 +396,13 @@ def _get_config(head: str, attr_paths: str) -> Config:
     out: str = _get_named_temporary_file_name()
     code = _run(
         args=_nix_build(
-            attr="config.configAsJson"
-            if NIX_STABLE
-            else f'{head}#__makes__."config:configAsJson"',
+            attr="config.configAsJson",
             attr_paths=attr_paths,
             cache=None,
             head=head,
             out=out,
         ),
-        env=None if NIX_STABLE else dict(HOME=environ["HOME_IMPURE"]),
+        env=None,
         stderr=None,
         stdout=sys.stderr.fileno(),
     )
@@ -626,15 +610,13 @@ def _cli_build(  # pylint: disable=too-many-arguments
 
     code = _run(
         args=_nix_build(
-            attr=f'config.outputs."{attr}"'
-            if NIX_STABLE
-            else f'{head}#__makes__."config:outputs:{attr}"',
+            attr=f'config.outputs."{attr}"',
             attr_paths=attr_paths,
             cache=config.cache,
             head=head,
             out=out,
         ),
-        env=None if NIX_STABLE else dict(HOME=environ["HOME_IMPURE"]),
+        env=None,
         stderr=None,
         stdout=None,
     )

src/evaluator/default.nix

@@ -12,8 +12,6 @@
 {
   # JSON String containing complete list of main.nix files found within projectSrc
   attrPaths,
-  # flake inputs to inject, if any
-  flakeInputs ? {},
   # Source code of makes, can be overriden by the user.
   makesSrc,
   # Path to the user's project, inside a sandbox.
@@ -41,7 +39,7 @@
     else makesSrc;
 
   args = import "${makesSrcOverriden}/src/args/default.nix" {
-    inputs = flakeInputs // result.config.inputs;
+    inherit (result.config) inputs;
     inherit (result.config) outputs;
     inherit (result.config) projectIdentifier;
     inherit projectSrc;

src/evaluator/modules/pipelines/default.nix

@@ -33,7 +33,7 @@
         type = lib.types.attrsOf lib.types.anything;
       };
       image = lib.mkOption {
-        default = "ghcr.io/fluidattacks/makes/amd64:23.07";
+        default = "ghcr.io/fluidattacks/makes/amd64:24.01";
         type = lib.types.str;
       };
       output = lib.mkOption {

test/pipelines/.gitlab-ci.yaml

@@ -1,5 +1,5 @@
 /helloWorld__1__2__3:
-  image: ghcr.io/fluidattacks/makes/amd64:23.07
+  image: ghcr.io/fluidattacks/makes/amd64:24.01
   interruptible: true
   needs: []
   script:
@@ -8,7 +8,7 @@
     GIT_DEPTH: 1
     MAKES_GIT_DEPTH: 1
 /lintNix:
-  image: ghcr.io/fluidattacks/makes/amd64:23.07
+  image: ghcr.io/fluidattacks/makes/amd64:24.01
   interruptible: true
   needs: []
   script: