Skip to content

feat(nix): add flake checks for CI validation#136

Closed
ryoppippi wants to merge 1 commit intomainfrom
feat/nix-flake-checks
Closed

feat(nix): add flake checks for CI validation#136
ryoppippi wants to merge 1 commit intomainfrom
feat/nix-flake-checks

Conversation

@ryoppippi
Copy link
Copy Markdown
Contributor

@ryoppippi ryoppippi commented Feb 1, 2026
edited by cubic-dev-ai bot
Loading

Summary

Consolidate all CI checks into nix flake check for unified local and CI validation.

What Changed

Added 5 flake checks:

  • formatting: treefmt check (nixfmt, ruff-check, ruff-format, oxfmt)
  • gitleaks: secret detection with --no-git flag for pure evaluation
  • uv-lock: verify lockfile is up to date (uv lock --check)
  • ty: type checking with Python 3.13
  • pytest: test suite execution with all extras

Why

  • Enables running all CI validations locally with a single command: nix flake check
  • Ensures reproducible builds with --locked flag
  • Pins Python to 3.13 for compatibility with dependencies (e.g., onnxruntime)

Testing

nix flake check --print-build-logs

All 5 checks pass (189 tests passed, 20 skipped).

Summary by cubic

Consolidates CI validation into nix flake check, so the same checks run locally and in CI with one command. Adds unified checks for formatting, secrets, lockfile, type checking, and tests.

  • New Features
    • Flake checks: formatting (treefmt: nixfmt, ruff-check, ruff-format, oxfmt), gitleaks (--no-git), uv-lock (uv lock --check), ty, pytest (all extras).
    • Uses --locked for reproducible builds and pins Python to 3.13 for dependency compatibility.

Written for commit e214da0. Summary will update on new commits.

@ryoppippi
feat(nix): add flake checks for CI validation
e214da0 
Consolidate all CI checks into nix flake check for unified validation:

- formatting: treefmt check (nixfmt, ruff-check, ruff-format, oxfmt)
- gitleaks: secret detection
- uv-lock: verify lockfile is up to date
- ty: type checking with Python 3.13
- pytest: test suite execution

All checks use --locked flag to ensure lockfile consistency and pin
Python to 3.13 for compatibility with dependencies like onnxruntime.
Copilot AI review requested due to automatic review settings February 1, 2026 19:59
@ryoppippi ryoppippi closed this Feb 1, 2026
Copilot AI reviewed Feb 1, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR centralizes CI validation into nix flake check, adding Nix-based checks that mirror the existing local tooling (treefmt, gitleaks, uv, ty, pytest) for consistent local and CI workflows.

Changes:

  • Added a checks attribute set under perSystem defining formatting, gitleaks, uv-lock, ty, and pytest checks.
  • Implemented pkgs.runCommand-based derivations for each check, wiring in the appropriate tools (treefmtEval, gitleaks, uv, ty, python313, bun, pnpm_10, typescript-go, git, cacert) and a git-tracked, pure source tree via pkgs.lib.fileset.toSource.
  • Ensured Python-related checks (uv-lock, ty, pytest) run in isolated environments using uv with --locked and a pinned python313, matching the PR’s reproducibility and versioning goals.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Feb 1, 2026
View reviewed changes
Copy link
Copy Markdown

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 1 file

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ryoppippi