4.0 KiB
4.0 KiB
Declarative CI and Git Hooks - Summary
What's New
1. GitHub Actions CI ✅
.github/workflows/flake-check.yaml
- Runs
nixfmt --checkon every push/PR - Runs
nix flake check - Blocks merging if checks fail
2. Nix-Native Git Hooks ✅
modules/git-hooks/default.nix
- Hooks defined in
flake.nix(pure Nix) - Install automatically on
nixos-rebuild switch - Run on every git commit
Usage
Install Hooks (One-time per host)
# Add to hosts/<hostname>/default.nix
{
imports = [
# ... other modules
../../modules/git-hooks
];
services.git-hooks = {
enable = true;
# flake-path = /home/h/nix; # Optional, default
};
}
Rebuild
sudo nixos-rebuild switch --flake .#andromache
# Output:
# 🪝 Installing git hooks...
# ✅ Done
Now Hooks Work Automatically
git add .
git commit -m "changes" # Hooks run automatically
Files
| File | Purpose |
|---|---|
.github/workflows/flake-check.yaml |
CI pipeline |
modules/git-hooks/default.nix |
Auto-install module |
flake.nix |
Hook definitions |
.editorconfig |
Code style |
Enable on Other Hosts
# hosts/<hostname>/default.nix
imports = [
# ... existing modules
../../modules/git-hooks # Add this
];
services.git-hooks.enable = true;
Add More Hooks
Edit flake.nix:
checks.${system}.pre-commit-check.hooks = {
nixfmt-rfc-style.enable = true; # ✅ Already done
statix.enable = true; # ✅ Already done
deadnix.enable = true; # ✅ Already done
};
All Phase 1 hooks are now enabled!
Testing
# 1. Rebuild to install hooks
sudo nixos-rebuild switch --flake .#andromache
# 2. Test hooks
git commit -m "test"
# 3. Test CI locally
nix run nixpkgs#nixfmt --check .
nix flake check
Documentation
CI_HOOKS_SUMMARY.md- This fileDRUPOL_INFRA_ANALYSIS.md- Reference patternsAWESOME_NIX_PLAN.md- Future improvementsOPENCODE.md- Tracking document
Currently Enabled
| Host | Status | Config File |
|---|---|---|
| andromache | ✅ Enabled | hosts/andromache/default.nix |
| astyanax | ✅ Enabled | hosts/astyanax/default.nix |
| hecuba | ✅ Enabled | hosts/hecuba/default.nix |
| eetion | ✅ Enabled | hosts/eetion/default.nix |
| vm | ✅ Enabled | hosts/vm/default.nix |
Clean Slate Test (Astyanax)
# 1. Remove existing git hooks
rm -rf /home/h/nix/.git/hooks/*
ls -la /home/h/nix/.git/hooks/
# 2. Rebuild astyanax (installs hooks)
sudo nixos-rebuild switch --flake .#astyanax
# Expected output:
# 🪝 Installing git hooks...
# ✅ Done
# 3. Verify hooks were installed
ls -la /home/h/nix/.git/hooks/
# 4. Test hooks work
echo "broken { }" > /home/h/nix/test.nix
git add test.nix
git commit -m "test" # Should fail with nixfmt error
# 5. Clean up
rm /home/h/nix/test.nix
Future Enhancements
High Priority
- Add statix hook (lint for antipatterns) ✅ Done
- Add deadnix hook (find dead code) ✅ Done
- Enable git-hooks on all hosts ✅ Done
- Add CI caching (speed up builds)
Medium Priority
- Add automated flake.lock updates
- Add per-host CI checks
- Add nixos-rebuild tests in CI
References
Quick Reference
# Rebuild (installs hooks automatically)
sudo nixos-rebuild switch --flake .#<host>
# Verify hooks
ls -la /home/h/nix/.git/hooks/
# Test formatting
nixfmt .
# Check CI status
# https://github.com/hektor/nix/actions
Key Points
✅ Fully declarative - Hooks install on every rebuild
✅ No manual setup - No nix develop needed
✅ No devShell - Pure NixOS activation
✅ Reproducible - Managed by flake.lock
✅ Host-aware - Per-host configuration
✅ Idempotent - Checks before installing