Skip to content

ci(nix): use nix profile install instead of nix develop #100

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ryoppippi merged 1 commit into from
Jan 16, 2026
+56 −27
Merged

ci(nix): use nix profile install instead of nix develop #100

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 39 additions & 8 deletions .github/actions/setup-nix/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,14 @@
name: "Setup Nix"
description: "Install Nix and configure Cachix"
description: "Install Nix and configure cache"
inputs:
tools:
description: 'Space-separated list of nixpkgs packages to install (e.g., "uv ty just")'
required: false
default: "uv ty just"
skip-uv-sync:
description: "Skip uv sync step (useful for jobs that do not need Python dependencies)"
required: false
default: "false"
runs:
using: "composite"
steps:
Expand All @@ -8,12 +17,34 @@ runs:
with:
github_access_token: ${{ github.token }}

- name: Setup Cachix (numtide)
uses: cachix/cachix-action@0fc020193b5a1fa3ac4575aa3a7d3aa6a35435ad # v16
with:
name: numtide
authToken: ""
- name: Install tools from nixpkgs
shell: bash
run: |
tools="${{ inputs.tools }}"
packages=""
for tool in $tools; do
packages="$packages nixpkgs#$tool"
done
nix profile install --inputs-from . $packages
Comment on lines +24 to +28
Copy link

Copilot AI Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The packages variable accumulates leading whitespace in the loop (line 26). This could cause issues with some shell configurations. Consider using an array instead: packages=() and packages+=(\"nixpkgs#$tool\"), then invoke with nix profile install --inputs-from . \"${packages[@]}\".

Suggested change
packages=""
for tool in $tools; do
packages="$packages nixpkgs#$tool"
done
nix profile install --inputs-from . $packages
packages=()
for tool in $tools; do
packages+=("nixpkgs#$tool")
done
nix profile install --inputs-from . "${packages[@]}"

Copilot uses AI. Check for mistakes.

- name: Initialise git submodules
if: inputs.skip-uv-sync != 'true'
shell: bash
run: |
# Only initialise if submodules exist but are not yet checked out
Comment on lines +30 to +34
Copy link

Copilot AI Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Corrected spelling of 'Initialise' to 'Initialize' for consistency with American English spelling convention commonly used in code.

Suggested change
- name: Initialise git submodules
if: inputs.skip-uv-sync != 'true'
shell: bash
run: |
# Only initialise if submodules exist but are not yet checked out
- name: Initialize git submodules
if: inputs.skip-uv-sync != 'true'
shell: bash
run: |
# Only initialize if submodules exist but are not yet checked out

Copilot uses AI. Check for mistakes.
if [ -f .gitmodules ] && [ ! -f vendor/stackone-ai-node/package.json ]; then
git submodule update --init --recursive
fi

- name: Install Python dependencies
if: inputs.skip-uv-sync != 'true'
shell: bash
run: uv sync --all-extras

- name: Load Nix development environment
- name: Install MCP mock server dependencies
if: inputs.skip-uv-sync != 'true'
shell: bash
run: nix develop --command true
run: |
if [ -f vendor/stackone-ai-node/package.json ]; then
cd vendor/stackone-ai-node && pnpm install --frozen-lockfile
Copy link

@cubic-dev-ai cubic-dev-ai bot Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: pnpm is invoked but not installed by the action’s default tool set, so this step will fail on runners without pnpm. Add pnpm to the installed tools or install it before running the command.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At .github/actions/setup-nix/action.yaml, line 49:

<comment>`pnpm` is invoked but not installed by the action’s default tool set, so this step will fail on runners without pnpm. Add pnpm to the installed tools or install it before running the command.</comment>

<file context>
@@ -8,12 +17,34 @@ runs:
-      run: nix develop --command true
+      run: |
+        if [ -f vendor/stackone-ai-node/package.json ]; then
+          cd vendor/stackone-ai-node && pnpm install --frozen-lockfile
+        fi
</file context>

fi
28 changes: 12 additions & 16 deletions .github/workflows/ci.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,20 +26,18 @@ jobs:

- name: Setup Nix
uses: ./.github/actions/setup-nix
with:
tools: gitleaks
skip-uv-sync: "true"

- name: Run Gitleaks
run: nix develop --command just gitleaks
run: gitleaks detect --source . --config .gitleaks.toml

ci:
runs-on: ubuntu-latest
strategy:
matrix:
python-version: ["3.11", "3.13"]
Comment on lines 38 to 40
Copy link

Copilot AI Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The python-version matrix variable is defined but never used in the job. Since Python version management is now handled by uv based on pyproject.toml, this matrix variable should be removed from the strategy section to avoid confusion.

Suggested change
strategy:
matrix:
python-version: ["3.11", "3.13"]

Copilot uses AI. Check for mistakes.
include:
- python-version: "3.11"
sync-extras: "--all-extras"
- python-version: "3.13"
sync-extras: "--all-extras"
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
Expand All @@ -48,18 +46,17 @@ jobs:

- name: Setup Nix
uses: ./.github/actions/setup-nix

- name: Install dependencies
run: nix develop --command just install ${{ matrix.sync-extras }}
with:
tools: uv ty just bun pnpm_10 typescript-go

- name: Run Lint
run: nix develop --command just lint
run: just lint

- name: Run Ty
run: nix develop --command just ty
run: just ty

- name: Run Tests
run: nix develop --command just test
run: just test

coverage:
runs-on: ubuntu-latest
Expand All @@ -72,12 +69,11 @@ jobs:

- name: Setup Nix
uses: ./.github/actions/setup-nix

- name: Install dependencies
run: nix develop --command just install --all-extras
with:
tools: uv just bun pnpm_10 typescript-go

- name: Run Tests with Coverage
run: nix develop --command just coverage
run: just coverage

- name: Create Coverage Badge
uses: jaywcjlove/coverage-badges-cli@4e8975aa2628e3329126e7eee36724d07ed86fda # v2.2.0
Expand Down
8 changes: 5 additions & 3 deletions .github/workflows/nix-flake.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,10 @@ jobs:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1

- name: Setup Nix
uses: ./.github/actions/setup-nix
- name: Install Nix
uses: cachix/install-nix-action@0b0e072294b088b73964f1d72dfdac0951439dbd # v31.8.4
with:
github_access_token: ${{ github.token }}

- name: Check flake
run: nix flake check --all-systems --show-trace
run: nix flake check --all-systems --print-build-logs --show-trace