Simplify VCS deployments, Update packages

.github/workflows/deploy.yaml

@@ -3,63 +3,71 @@ name: deploy
 on:
   push:
     branches:
-      - dev
       - main
     paths-ignore:
       - "*.md"
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Deployment tag'
+        required: true
+        type: string
+        default: 'main'
 
 jobs:
   deploy:
     name: Deploy
     runs-on: ubuntu-latest
-
     steps:
-      - name: Prepare environment
+      - name: Configure deployment tag
+        id: tag
         run: |
-          echo "TAG=${{ github.head_ref || github.ref_name }}" >> $GITHUB_ENV
-
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v30
+          if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then
+            echo "out=${{ inputs.tag }}" >> "$GITHUB_OUTPUT"
+          else
+            echo "out=dev" >> "$GITHUB_OUTPUT"
+          fi
+
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v30
         with:
-          nix_path: nixpkgs=channel:nixpkgs-24.05-darwin
+          nix_path: nixpkgs=channel:nixpkgs-24.11-darwin
 
       - name: Generate cache key
+        id: cache-key
         run: |
           nixpkgs_hash=$(egrep -o 'archive/[0-9a-f]{40}\.tar\.gz' shell.nix | cut -d'/' -f2 | cut -d'.' -f1)
-          echo "CACHE_KEY=${{ runner.os }}-$nixpkgs_hash" >> $GITHUB_ENV
+          echo "out=${{ runner.os }}-$nixpkgs_hash" >> "$GITHUB_OUTPUT"
 
       - name: Cache Nix store
-        uses: actions/cache@v4
         id: nix-cache
+        uses: actions/cache@v4
         with:
-          key: nix-${{ env.CACHE_KEY }}
+          key: nix-${{ steps.cache-key.outputs.out }}
           path: /tmp/nix-cache
 
       - name: Import Nix store cache
         if: steps.nix-cache.outputs.cache-hit == 'true'
-        run: |
-          nix-store --import < /tmp/nix-cache
+        run: nix-store --import < /tmp/nix-cache
 
       - name: Cache Python venv
         uses: actions/cache@v4
         with:
-          key: python-${{ env.CACHE_KEY }}-${{ hashFiles('uv.lock') }}
+          key: python-${{ steps.cache-key.outputs.out }}-${{ hashFiles('uv.lock') }}
           path: |
             ~/.cache/uv
             .venv
 
       - name: Build container image
+        id: image
         run: |
           nix-shell --pure --run true
-          echo "IMAGE_PATH=$(nix-build --no-out-link)" >> $GITHUB_ENV
+          image_path=$(nix-build --no-out-link)
+          echo "out=$image_path" >> "$GITHUB_OUTPUT"
 
       - name: Export Nix store cache
         if: steps.nix-cache.outputs.cache-hit != 'true'
-        run: |
-          nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nix-cache
+        run: nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nix-cache
 
       - name: Configure SSH
         run: |
@@ -74,22 +82,20 @@ jobs:
           " > ~/.ssh/config
 
       - name: Upload container image
-        run: |
-          scp "${{ env.IMAGE_PATH }}" remote:~
+        run: scp "${{ steps.image.outputs.out }}" remote:~
 
       - name: Deploy on remote
         run: |
           ssh remote <<\EOF
             set -e
-            tag="${{ env.TAG }}"
-            image_filename="$(basename "${{ env.IMAGE_PATH }}")"
+            tag="${{ steps.tag.outputs.out }}"
+            image_filename="$(basename "${{ steps.image.outputs.out }}")"
 
             cleanup() {
               cd ~
               echo "Cleaning up"
               rm -f "$image_filename"
             }
-
             trap cleanup EXIT
 
             echo "Loading Docker image"

shell.nix

@@ -2,7 +2,7 @@
 
 let
   # Update packages with `nixpkgs-update` command
-  pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/0fcb98acb6633445764dafe180e6833eb0f95208.tar.gz") { };
+  pkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/31d66ae40417bb13765b0ad75dd200400e98de84.tar.gz") { };
 
   pythonLibs = with pkgs; [
     stdenv.cc.cc.lib