Update for self hosted runners#22
Conversation
…use self-hosted nix runners
There was a problem hiding this comment.
Pull request overview
This PR migrates the CI/CD infrastructure from GitHub-hosted runners to self-hosted runners with Nix flakes, providing a more reproducible and consistent development environment.
Key Changes:
- Replaced
shell.nixwithflake.nixfor better dependency management and reproducibility - Updated CI workflow to use self-hosted runners with the
nixlabel - Added new justfile commands to support CI operations (
test-all, parameterizedpackage)
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| shell.nix | Removed legacy Nix shell configuration in favor of flakes |
| flake.nix | Added modern Nix flake configuration with .NET 6 and 8 SDKs, development tools, and environment setup |
| flake.lock | Added lock file for reproducible Nix flake builds |
| justfile | Added test-all command for CI mode testing and parameterized the package command with version support |
| .github/workflows/ci.yml | Updated workflow to use self-hosted Nix runners, wrapped all commands with nix develop -c, and adjusted artifact paths |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| config.permittedInsecurePackages = [ | ||
| "dotnet-sdk-6.0.428" | ||
| ]; |
There was a problem hiding this comment.
The configuration explicitly permits an insecure package (dotnet-sdk-6.0.428). This could pose security risks. Consider upgrading to a newer, secure version of the .NET 6 SDK, or document why this specific version is required if it's necessary for compatibility reasons.
| config.permittedInsecurePackages = [ | |
| "dotnet-sdk-6.0.428" | |
| ]; |
| - name: Publish to GitHub Packages | ||
| if: ${{ !env.ACT}} | ||
| run: dotnet nuget push ./nupkg/*.nupkg --source "github" --api-key ${{ secrets.GITHUB_TOKEN }} | ||
| run: nix develop -c dotnet nuget push ./nupkg/*.nupkg --source "github" --api-key ${{ secrets.GITHUB_TOKEN }} |
There was a problem hiding this comment.
The artifact path is inconsistent with the pack command. The pack command now outputs to './artifacts' (line 95), but this publish step still references './nupkg'. This will cause the publish step to fail as it won't find the packages in the expected location.
| run: nix develop -c just add-github-nuget-source ${{ github.actor }} ${{ secrets.GITHUB_TOKEN }} ${{ github.repository_owner }} | ||
|
|
||
| - name: Publish to GitHub Packages | ||
| if: ${{ !env.ACT}} |
There was a problem hiding this comment.
There's a missing space in the conditional expression. It should be '${{ !env.ACT }}' instead of '${{ !env.ACT}}' (note the space before the closing braces) to maintain consistency with the pattern used in line 69.
No description provided.