feat: redesign Mac mini remote CI to one-command flow#11
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 029dcc0c14
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| local wf="$project_dir/.github/workflows/verify.yml" | ||
| if [[ ! -f "$wf" ]]; then | ||
| echo "ERROR: verify workflow not found for flake repo: $wf" >&2 |
There was a problem hiding this comment.
When flake.nix is present, ensure_verify_workflow_nix_compat hard-fails unless .github/workflows/verify.yml exists, but this same commit made workflow resolution accept .github/workflows/verify.yaml; as a result, flake-based repos that validly use verify.yaml now fail ci-self run-watch (and therefore focus/up) before dispatch, even though a verify workflow is available.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
This PR redesigns the Mac mini remote CI workflow by introducing a new remote-ci command that consolidates SSH authentication, rsync synchronization, remote verification execution, and artifact fetching into a single command. It also enhances workflow resolution to dynamically find verify workflows instead of hardcoding verify.yml, and adds comprehensive Nix environment detection for repositories using flake-based builds.
Changes:
- Added
ci-self remote-cicommand for streamlined Mac mini standalone verification with key-only SSH authentication - Enhanced
run-watch/watchcommands with dynamic workflow resolution to prevent 404 failures - Improved Nix environment detection in verification workflows, onboarding scripts, and runner health checks
- Updated documentation to promote
remote-cias the recommended workflow and clarify Nix requirements
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| ops/ci/ci_self.sh | Adds cmd_remote_ci and helper functions for SSH/rsync/artifact handling; implements resolve_verify_workflow_id for dynamic workflow discovery |
| ops/ci/ci_self_test.go | Adds test coverage for remote-ci key-auth enforcement, sync/fetch behavior, and workflow resolution |
| ops/ci/onboard_and_verify.sh | Adds ensure_nix_on_path and run_go error handling improvements; validates Nix for flake-based repositories |
| ops/ci/scaffold_verify_workflow.sh | Updates Nix workflow template to automatically source nix-daemon.sh and add fallback PATH modifications; warns about outdated workflows |
| cmd/runner_health/main.go | Adds --repo-dir flag and checkNixForRepo function to validate Nix availability for flake repositories |
| README.md | Documents remote-ci as recommended Mac mini workflow; explains Nix auto-detection and one-time setup requirements |
| docs/ci/QUICKSTART.md | Updates quickstart guide to feature remote-ci with detailed step-by-step explanation |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Summary
ci-self remote-cifor key-only SSH auth, sync, remote verify run, and artifact fetch in one commandremote-upas legacy bootstrap/recovery pathrun-watch/watchto avoid fixedverify.yml404 failuresVerification
mise x -- go test ./ops/cibash -n ops/ci/ci_self.sh