Skip to content

OSSystems/nix-actions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
.github/workflows
.github/workflows
 
 
examples
examples
 
 
setup-nix
setup-nix
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

nix-actions

Reusable GitHub Actions workflows for Nix flake repos. Replaces copy-pasted CI and flake-update boilerplate with two parametrized reusable workflows.

  • .github/workflows/ci.yaml - nix flake check + optional nix build of explicit attributes.
  • .github/workflows/update-flake.yaml - scheduled flake.lock bump + PR.
  • setup-nix/action.yaml - internal composite (checkout + optional GitHub App token + optional Nix install/cache) shared by the CI jobs. Not called directly.

Quick start

The calling workflow owns the triggers (reusable workflows can't define on:), so each repo keeps its own branches, tag globs and pull_request types:

name: CI
on:
  push: { branches: [main], tags: ["*"] }
  pull_request: { types: [opened, ready_for_review, synchronize] }

jobs:
  ci:
    uses: ossystems/nix-actions/.github/workflows/ci.yaml@0.1
    secrets: inherit

See examples/ for ready-to-copy callers.

ci.yaml inputs

Input Default Description
runner self-hosted Runner label (self-hosted, ubuntu-latest, …).
install-nix false Install Nix + restore cache. Set true on hosted runners without Nix.
token-owner "" Org to scope a GitHub App token to (for private flake inputs). Empty disables the token.
flake-check true Run the nix flake check job.
flake-check-args --accept-flake-config Extra args for nix flake check.
build-attrs "" Installables to nix build (e.g. .#foo .#bar). Empty skips the build job.
build-args -L --keep-going Args passed to nix build before the attrs.

Secrets (via secrets: inherit): RUNNER_APP_ID, RUNNER_APP_PRIVATE_KEY - only needed when token-owner is set.

update-flake.yaml inputs

Input Default Description
runner self-hosted Runner label.
install-nix false Install Nix (set true on hosted runners).
base-branch main Branch to update against.
token-owner "" Org for the App token (empty = current repo owner).
reviewers "" Comma-separated PR reviewers.
pr-labels dependencies\nautomated Newline-separated PR labels.
auto-merge true Enable PR auto-merge.
merge-method rebase rebase | merge | squash.

Secrets (via secrets: inherit): UPDATE_FLAKE_APP_ID, UPDATE_FLAKE_APP_PRIVATE_KEY.

About

Reusable GitHub Actions workflows for Nix flake repos

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

 
 
 

Contributors