/nixci

Define and build CI for Nix projects anywhere

Primary LanguageRustGNU Affero General Public License v3.0AGPL-3.0

nixci

Crates.io Harmeless Code of Conduct

nixci builds all outputs in a flake, or optionally its sub-flakes, which can in turn be used either in CI or locally. Using devour-flake it will automatically build the following outputs:

Type Output Key
Standard flake outputs packages, apps, checks, devShells
NixOS nixosConfigurations.*
nix-darwin darwinConfigurations.*
home-manager legacyPackages.${system}.homeConfigurations.*

The stdout of nixci will be a list of store paths built.

Install

From nixpkgs

nixpkgs contains version 0.5.0 of nixci that you can install using nix profile install nixpkgs#nixci or run using nix run nixpkgs#nixci.

From source

To install, run nix profile install github:srid/nixci. You can also use use nix run github:srid/nixci to run nixci directly off this repo without installing it.

Usage

nixci accepts any valid flake URL or a Github PR URL.

# Run nixci on current directory flake
$ nixci # Or `nixci build` or `nixci build .`

# Run nixci on a local flake (default is $PWD)
$ nixci build ~/code/myproject

# Run nixci on a github repo
$ nixci build github:hercules-ci/hercules-ci-agent

# Run nixci on a github PR
$ nixci build https://github.com/srid/emanote/pull/451

# Run only the selected sub-flake
$ git clone https://github.com/srid/haskell-flake && cd haskell-flake
$ nixci build .#default.dev

Using in Github Actions

Standard Runners

Add the following to your workflow file,

      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
        with:
          extra-conf: |
            trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
            substituters = https://cache.garnix.io?priority=41 https://cache.nixos.org/
      - uses: yaxitech/nix-install-pkgs-action@v3
        with:
          packages: "github:srid/nixci"
      - run: nixci build

Self-hosted Runners with Job Matrix

Note

This currently requires an explicit nixci configuration in your flake, viz.: nixci.default.root.dir = ".";.

jobs:
  configure:
    runs-on: self-hosted
    outputs:
      matrix: ${{ steps.set-matrix.outputs.matrix }}
    steps:
     - uses: actions/checkout@v4
     - id: set-matrix
       run: echo "matrix=$(nixci gh-matrix --systems=aarch64-linux,aarch64-darwin | jq -c .)" >> $GITHUB_OUTPUT
  nix:
    runs-on: self-hosted
    needs: configure
    strategy:
      matrix: ${{ fromJson(needs.configure.outputs.matrix) }}
      fail-fast: false
    steps:
      - uses: actions/checkout@v4
      - run: nixci build --systems "github:nix-systems/${{ matrix.system }}" ".#default.${{ matrix.subflake }}"

Tip

If your builds fail due to GitHub's rate limiting, consider passing --extra-access-tokens (see an example PR). If you get rate limits when accessing github:nix-systems, use this workaround.

Configuring

By default, nixci will build the top-level flake, but you can tell it to build sub-flakes by adding the following output to your top-level flake:

# myproject/flake.nix
{
  nixci.default = {
    dir1 = {
        dir = "dir1";
    };
    dir2 = {
        dir = "dir2";
        overrideInputs.myproject = ./.;
    };
  }
}

You can have more than one nixci configuration. For eg., nixci .#foo will run the configuration from nixci.foo flake output.

Examples

Some real-world examples of how nixci is used with specific configurations:

What it does

  • Optionally, accept a flake config (nixci.default) to indicate sub-flakes to build, along with their input overrides
  • Preliminary checks
    • Check that flake.lock is in sync
    • Check that the Nix version is not tool old (using nix-health)
  • Use devour-flake to build all flake outputs1
  • Print the built store paths to stdout

Discussion

For discussion of nixci, please post in our Zulip.

See also

  • github-nix-ci - A simple NixOS & nix-darwin module for self-hosting GitHub runners (includes nixci by default)
  • jenkins-nix-ci - Jenkins NixOS module that supports nixci as a Groovy function

Footnotes

  1. Support for flake-schemas is planned