# Declarative CI and Git Hooks - Summary ## What's New ### 1. GitHub Actions CI ✅ `.github/workflows/flake-check.yaml` - Runs `nixfmt --check` on every push/PR - Runs `nix flake check` - Blocks merging if checks fail ### 2. Nix-Native Git Hooks ✅ `modules/git-hooks/default.nix` - Hooks defined in `flake.nix` (pure Nix) - Install automatically on `nixos-rebuild switch` - Run on every git commit ## Usage ### Install Hooks (One-time per host) ```nix # Add to hosts//default.nix { imports = [ # ... other modules ../../modules/git-hooks ]; services.git-hooks = { enable = true; # flake-path = /home/h/nix; # Optional, default }; } ``` ### Rebuild ```bash sudo nixos-rebuild switch --flake .#andromache # Output: # 🪝 Installing git hooks... # ✅ Done ``` ### Now Hooks Work Automatically ```bash git add . git commit -m "changes" # Hooks run automatically ``` ## Files | File | Purpose | |------|---------| | `.github/workflows/flake-check.yaml` | CI pipeline | | `modules/git-hooks/default.nix` | Auto-install module | | `flake.nix` | Hook definitions | | `.editorconfig` | Code style | ## Enable on Other Hosts ```nix # hosts//default.nix imports = [ # ... existing modules ../../modules/git-hooks # Add this ]; services.git-hooks.enable = true; ``` ## Add More Hooks Edit `flake.nix`: ```nix checks.${system}.pre-commit-check.hooks = { nixfmt-rfc-style.enable = true; # ✅ Already done statix.enable = true; # ✅ Already done deadnix.enable = true; # ✅ Already done }; ``` All Phase 1 hooks are now enabled! ## Testing ```bash # 1. Rebuild to install hooks sudo nixos-rebuild switch --flake .#andromache # 2. Test hooks git commit -m "test" # 3. Test CI locally nix run nixpkgs#nixfmt --check . nix flake check ``` ## Documentation - `CI_HOOKS_SUMMARY.md` - This file - `DRUPOL_INFRA_ANALYSIS.md` - Reference patterns - `AWESOME_NIX_PLAN.md` - Future improvements - `OPENCODE.md` - Tracking document ## Currently Enabled | Host | Status | Config File | |------|--------|--------------| | andromache | ✅ Enabled | `hosts/andromache/default.nix` | | astyanax | ✅ Enabled | `hosts/astyanax/default.nix` | | hecuba | ✅ Enabled | `hosts/hecuba/default.nix` | | eetion | ✅ Enabled | `hosts/eetion/default.nix` | | vm | ✅ Enabled | `hosts/vm/default.nix` | ## Clean Slate Test (Astyanax) ```bash # 1. Remove existing git hooks rm -rf /home/h/nix/.git/hooks/* ls -la /home/h/nix/.git/hooks/ # 2. Rebuild astyanax (installs hooks) sudo nixos-rebuild switch --flake .#astyanax # Expected output: # 🪝 Installing git hooks... # ✅ Done # 3. Verify hooks were installed ls -la /home/h/nix/.git/hooks/ # 4. Test hooks work echo "broken { }" > /home/h/nix/test.nix git add test.nix git commit -m "test" # Should fail with nixfmt error # 5. Clean up rm /home/h/nix/test.nix ``` ## Future Enhancements ### High Priority - [x] Add statix hook (lint for antipatterns) ✅ Done - [x] Add deadnix hook (find dead code) ✅ Done - [x] Enable git-hooks on all hosts ✅ Done - [ ] Add CI caching (speed up builds) ### Medium Priority - [ ] Add automated flake.lock updates - [ ] Add per-host CI checks - [ ] Add nixos-rebuild tests in CI ## References - [git-hooks.nix](https://github.com/cachix/git-hooks.nix) - [nixfmt-rfc-style](https://github.com/NixOS/nixfmt) - [drupol/infra analysis](DRUPOL_INFRA_ANALYSIS.md) - [awesome-nix plan](AWESOME_NIX_PLAN.md) - [OpenCode documentation](OPENCODE.md) ## Quick Reference ```bash # Rebuild (installs hooks automatically) sudo nixos-rebuild switch --flake .# # Verify hooks ls -la /home/h/nix/.git/hooks/ # Test formatting nixfmt . # Check CI status # https://github.com/hektor/nix/actions ``` ## Key Points ✅ **Fully declarative** - Hooks install on every rebuild ✅ **No manual setup** - No `nix develop` needed ✅ **No devShell** - Pure NixOS activation ✅ **Reproducible** - Managed by flake.lock ✅ **Host-aware** - Per-host configuration ✅ **Idempotent** - Checks before installing