flake-checker-action
flake-checker-action copied to clipboard
Published
20 hours ago •
DeterminateSystems
DeterminateSystems
A GitHub Action that performs health checks for your Nix flake.lock files
The Nix Flake Checker Action
This repo houses a Github Action from Determinate Systems that performs health checks on your repos' flake.lock files.
Specifically, it wraps the Nix Flake Checker tool, which verifies that your root Nixpkgs inputs:
- Have been updated within the last 30 days
- Have the
NixOSGitHub org as their owner - Are from a supported Git branch
Here's an example configuration that uses flake-checker-action as part of a broader Actions workflow involving Nix.
on:
pull_request:
push:
branches: [main]
jobs:
build:
name: Build Nix targets
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- name: Check Nix flake inputs
uses: DeterminateSystems/flake-checker-action@v4 # This action
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v3
- name: Build default package
run: nix build
Configuration
The Nix Flake Checker Action has a number of configuration parameters that you can set in the with block:
| Parameter | Description | Default |
|---|---|---|
condition |
An optional Common Expression Language (CEL) condition expressing your flake policy. Supersedes all check-* parameters. |
|
flake-lock-path |
The path to the flake.lock file you want to check. |
flake.lock |
check-outdated |
Whether to check that the root Nixpkgs input is less than 30 days old. | true |
check-owner |
Whether to check that the root Nixpkgs input has the NixOS GitHub org as its owner. |
true |
check-supported |
Whether to check that the root Nixpkgs input has a supported Git ref. Currently supported refs: nixos-22.11, nixos-22.11-small, nixos-23.05, nixos-23.05-small, nixos-unstable, nixos-unstable-small, nixpkgs-22.11-darwin, nixpkgs-23.05-darwin, nixpkgs-unstable. |
true |
nixpkgs-keys |
The names of the Nixpkgs inputs you want to check. By default the checker only checks the nixpkgs but you can specify multiple names as a comma-separated list, such as nixpkgs,nixpkgs-macos,nixpkgs-unstable. |
nixpkgs |
ignore-missing-flake-lock |
Whether to ignore a missing flake.lock file, where the path to the file is the value of flake-lock-path parameter. If set to false (the default is true), the Action throws an error and the job fails if the lockfile is missing. |
true |
fail-mode |
Fail with an exit code of 1 if any issues are encountered. | false |
send-statistics |
Anonymously report the number of issues detected by the flake checker. This reporting helps measure the effectiveness of the flake checker. Set to false to disable. |
true |
Here's an example non-default configuration:
- name: Check Nix flake inputs
uses: DeterminateSystems/flake-checker-action@v2
with:
flake-lock-path: ./nix/flake.lock
check-owner: false
ignore-missing-flake-lock: false
fail-mode: true
Metadata
40
Stars
2
Forks
Watchers
Owner
DeterminateSystems
Metadata
A GitHub Action that performs health checks for your Nix flake.lock files