Pin our own npins

[piegamesde]

Currently the dev shell does not provide an npins, leaving users to use a globally installed one. This causes issues when developing new features, where the sources.json may require a newer version than the user has installed. In that case, cargo run -- must be used instead. Another issue is that the npins/default.nix is both used as the ground truth for the application as well as for dogfooding. In the end, I see the following options:

• Pin the current development repo (./.) as the npins to use in the shell
• Declare an npins=cargo run -- alias in the shell. This avoids having to rebuild the entire derivation after each change
• Pin a package npins version for the shell, and stop using npins/default.nix in the npins binary. (Instead, copy it to some resources folder elsewhere)

Personally, I prefer the last option.

[andir]

The 2nd or 3d option sounds best. The 2nd might be the best for dogfooding. The 3rd option has the problem of migrating. If you are changing something (e.g. new version of the JSON file) you'll have to update the pinned npins version while proposing the changes... So we bit of a chicken-and-egg problem.

[piegamesde]

I don't think that's a problem in the 3rd option, because npins itself is not required to use the pins. So one can update npins in the dev shell first and then upgrade the pins.json.

[andir]

Then we'd at least need some CI check that the pinned version doesn't require a newer / older version of the manifest.