ci(nix): use nix profile install instead of nix develop #100
Conversation
Replace `nix develop --command` with `nix profile install --inputs-from .` for CI workflows. This avoids evaluating the full devShell and running shellHook on every job, which was unnecessarily slow. Changes: - Add `tools` input to setup-nix action for specifying required packages - Add `skip-uv-sync` input to skip Python dependency installation - Install only required tools per job (e.g., gitleaks job only needs gitleaks) - Remove Cachix setup (no longer needed without devShell) - Add submodule initialisation and MCP mock server setup to action - Update nix-flake.yaml to use install-nix-action directly
There was a problem hiding this comment.
Pull request overview
This PR optimizes CI workflows by replacing nix develop --command with nix profile install to install only required tools per job, improving performance by avoiding full devShell evaluation.
Changes:
- Modified setup-nix action to install specific nixpkgs packages using
nix profile installinstead of evaluating the full devShell - Added configurable
toolsandskip-uv-syncinputs to the setup-nix action - Removed Cachix setup and matrix sync-extras configuration that are no longer needed
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| .github/actions/setup-nix/action.yaml | Replaced Cachix and devShell with tool-specific nix profile installation, added inputs for tools and skip-uv-sync |
| .github/workflows/ci.yaml | Updated to use new setup-nix inputs, removed matrix sync-extras, changed commands to direct tool invocation |
| .github/workflows/nix-flake.yaml | Switched to direct install-nix-action usage without setup-nix wrapper |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| strategy: | ||
| matrix: | ||
| python-version: ["3.11", "3.13"] |
There was a problem hiding this comment.
The python-version matrix variable is defined but never used in the job. Since Python version management is now handled by uv based on pyproject.toml, this matrix variable should be removed from the strategy section to avoid confusion.
| strategy: | |
| matrix: | |
| python-version: ["3.11", "3.13"] |
| packages="" | ||
| for tool in $tools; do | ||
| packages="$packages nixpkgs#$tool" | ||
| done | ||
| nix profile install --inputs-from . $packages |
There was a problem hiding this comment.
The packages variable accumulates leading whitespace in the loop (line 26). This could cause issues with some shell configurations. Consider using an array instead: packages=() and packages+=(\"nixpkgs#$tool\"), then invoke with nix profile install --inputs-from . \"${packages[@]}\".
| packages="" | |
| for tool in $tools; do | |
| packages="$packages nixpkgs#$tool" | |
| done | |
| nix profile install --inputs-from . $packages | |
| packages=() | |
| for tool in $tools; do | |
| packages+=("nixpkgs#$tool") | |
| done | |
| nix profile install --inputs-from . "${packages[@]}" |
| - name: Initialise git submodules | ||
| if: inputs.skip-uv-sync != 'true' | ||
| shell: bash | ||
| run: | | ||
| # Only initialise if submodules exist but are not yet checked out |
There was a problem hiding this comment.
Corrected spelling of 'Initialise' to 'Initialize' for consistency with American English spelling convention commonly used in code.
| - name: Initialise git submodules | |
| if: inputs.skip-uv-sync != 'true' | |
| shell: bash | |
| run: | | |
| # Only initialise if submodules exist but are not yet checked out | |
| - name: Initialize git submodules | |
| if: inputs.skip-uv-sync != 'true' | |
| shell: bash | |
| run: | | |
| # Only initialize if submodules exist but are not yet checked out |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 3 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name=".github/actions/setup-nix/action.yaml">
<violation number="1" location=".github/actions/setup-nix/action.yaml:49">
P2: `pnpm` is invoked but not installed by the action’s default tool set, so this step will fail on runners without pnpm. Add pnpm to the installed tools or install it before running the command.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| run: nix develop --command true | ||
| run: | | ||
| if [ -f vendor/stackone-ai-node/package.json ]; then | ||
| cd vendor/stackone-ai-node && pnpm install --frozen-lockfile |
There was a problem hiding this comment.
P2: pnpm is invoked but not installed by the action’s default tool set, so this step will fail on runners without pnpm. Add pnpm to the installed tools or install it before running the command.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At .github/actions/setup-nix/action.yaml, line 49:
<comment>`pnpm` is invoked but not installed by the action’s default tool set, so this step will fail on runners without pnpm. Add pnpm to the installed tools or install it before running the command.</comment>
<file context>
@@ -8,12 +17,34 @@ runs:
- run: nix develop --command true
+ run: |
+ if [ -f vendor/stackone-ai-node/package.json ]; then
+ cd vendor/stackone-ai-node && pnpm install --frozen-lockfile
+ fi
</file context>
Summary
Replace
nix develop --commandwithnix profile install --inputs-from .for CI workflows to improve performance.What Changed
toolsinput to setup-nix action for specifying required nixpkgs packagesskip-uv-syncinput to skip Python dependency installation when not neededWhy
The previous approach evaluated the full devShell and ran shellHook on every CI job, which was unnecessarily slow. By using
nix profile install, each job installs only the tools it needs without evaluating the entire development environment.Summary by cubic
Switched CI from “nix develop --command” to “nix profile install --inputs-from .” so each job installs only the tools it needs. This speeds up CI and removes devShell evaluation and shellHook overhead.
New Features
Refactors
Written for commit 4507b84. Summary will update on new commits.