From b7f88d78b5f45194cb77eb1defa9b495c09ef91c Mon Sep 17 00:00:00 2001 From: xeals Date: Mon, 6 Mar 2023 11:59:25 +1100 Subject: [PATCH] flake: add check for NUR reproducibility --- .github/workflows/build.yml | 1 + flake.nix | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 452c24e..16de628 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,6 +10,7 @@ jobs: check: - nixpkgs-fmt - deadnix + - nur runs-on: ubuntu-latest steps: - name: Checkout repository diff --git a/flake.nix b/flake.nix index c9bdadb..31fb387 100644 --- a/flake.nix +++ b/flake.nix @@ -33,6 +33,18 @@ deadnix = pkgs.writeShellScriptBin "deadnix-check" '' ${pkgs.deadnix}/bin/deadnix --fail . ''; + # Ensures that the NUR bot can evaluate and find all our packages. + # Normally we'd also run with `--option restrict-eval true`, but + # this is incompatible with flakes because reasons. + nur = pkgs.writeShellScriptBin "nur-check" '' + nix-env -f . -qa \* --meta \ + --allowed-uris https://static.rust-lang.org \ + --option allow-import-from-derivation true \ + --drv-path --show-trace \ + -I nixpkgs=$(nix-instantiate --find-file nixpkgs) \ + -I ./ \ + --json | ${pkgs.jq}/bin/jq -r 'values | .[].name' + ''; }; devShells.ci = pkgs.mkShellNoCC {