From 68f2f11ab299df3f01ef30029fcc09e0c910e88c Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Fri, 16 Jan 2026 20:32:22 +0000 Subject: [PATCH 1/3] ci(nix): use nix profile install instead of nix develop - Replace nix develop --command with direct command execution - Add tools input to setup-nix action for per-job tool selection - Install only required tools per job (e.g., gitleaks job only installs gitleaks) - Remove cache-nix-action as nixpkgs binary cache handles caching - This should reduce CI setup time by avoiding devShell evaluation --- .github/actions/setup-nix/action.yaml | 22 ++++++++++++++++------ .github/workflows/ci.yaml | 14 +++++++++----- 2 files changed, 25 insertions(+), 11 deletions(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index 5c37602..0f01f3a 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -1,5 +1,10 @@ name: 'Setup Nix' description: 'Install Nix and configure cache' +inputs: + tools: + description: 'Space-separated list of nixpkgs packages to install (e.g., "nodejs_24 pnpm_10 oxlint")' + required: false + default: 'nodejs_24 pnpm_10' runs: using: 'composite' steps: @@ -8,11 +13,16 @@ runs: with: github_access_token: ${{ github.token }} - - name: Cache Nix store - uses: nix-community/cache-nix-action@b426b118b6dc86d6952988d396aa7c6b09776d08 # v7.0.0 - with: - primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', 'flake.lock', 'pnpm-lock.yaml') }} + - name: Install tools from nixpkgs + shell: bash + run: | + tools="${{ inputs.tools }}" + packages="" + for tool in $tools; do + packages="$packages nixpkgs#$tool" + done + nix profile install $packages - - name: Load Nix development environment + - name: Install pnpm dependencies shell: bash - run: nix develop --command true + run: pnpm install --frozen-lockfile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index dc1cb8c..a01df01 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,9 +26,11 @@ jobs: - name: Setup Nix uses: ./.github/actions/setup-nix + with: + tools: gitleaks - name: Run Gitleaks - run: nix develop --command gitleaks detect --source . --config .gitleaks.toml + run: gitleaks detect --source . --config .gitleaks.toml lint: runs-on: ubuntu-latest @@ -37,8 +39,10 @@ jobs: uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - name: Setup Nix uses: ./.github/actions/setup-nix + with: + tools: nodejs_24 pnpm_10 oxlint oxfmt similarity nixfmt tsgolint - name: Run Lint - run: nix develop --command pnpm run lint + run: pnpm run lint build-and-test: runs-on: ubuntu-latest @@ -50,10 +54,10 @@ jobs: uses: ./.github/actions/setup-nix - name: Run Build - run: nix develop --command pnpm run build + run: pnpm run build - name: Run Tests - run: nix develop --command pnpm test + run: pnpm test coverage: runs-on: ubuntu-latest @@ -64,7 +68,7 @@ jobs: - name: Setup Nix uses: ./.github/actions/setup-nix - name: Run Tests with Coverage - run: nix develop --command pnpm run coverage + run: pnpm run coverage - name: Create Coverage Badge uses: jaywcjlove/coverage-badges-cli@4e8975aa2628e3329126e7eee36724d07ed86fda # v2.2.0 with: From 8c6fbbd91a18b7832da822805a6dbb72dc16e43d Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Fri, 16 Jan 2026 20:34:23 +0000 Subject: [PATCH 2/3] fix(ci): skip pnpm install for gitleaks job gitleaks job only needs gitleaks binary, not node dependencies --- .github/actions/setup-nix/action.yaml | 5 +++++ .github/workflows/ci.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index 0f01f3a..fe20d0d 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -5,6 +5,10 @@ inputs: description: 'Space-separated list of nixpkgs packages to install (e.g., "nodejs_24 pnpm_10 oxlint")' required: false default: 'nodejs_24 pnpm_10' + skip-pnpm-install: + description: 'Skip pnpm install step (useful for jobs that do not need node dependencies)' + required: false + default: 'false' runs: using: 'composite' steps: @@ -24,5 +28,6 @@ runs: nix profile install $packages - name: Install pnpm dependencies + if: inputs.skip-pnpm-install != 'true' shell: bash run: pnpm install --frozen-lockfile diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index a01df01..d8b2005 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -28,6 +28,7 @@ jobs: uses: ./.github/actions/setup-nix with: tools: gitleaks + skip-pnpm-install: 'true' - name: Run Gitleaks run: gitleaks detect --source . --config .gitleaks.toml From effd70bbe287f2799e1bfa60bb50b9bdaecf9e07 Mon Sep 17 00:00:00 2001 From: ryoppippi <1560508+ryoppippi@users.noreply.github.com> Date: Fri, 16 Jan 2026 20:48:55 +0000 Subject: [PATCH 3/3] perf(ci): use --inputs-from . for nixpkgs resolution Use flake.lock pinned nixpkgs revision to benefit from evaluation caching --- .github/actions/setup-nix/action.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/actions/setup-nix/action.yaml b/.github/actions/setup-nix/action.yaml index fe20d0d..c5be186 100644 --- a/.github/actions/setup-nix/action.yaml +++ b/.github/actions/setup-nix/action.yaml @@ -25,7 +25,7 @@ runs: for tool in $tools; do packages="$packages nixpkgs#$tool" done - nix profile install $packages + nix profile install --inputs-from . $packages - name: Install pnpm dependencies if: inputs.skip-pnpm-install != 'true'