[PR #217] [MERGED] chore(nix): add nix hash update automation #1885

New Issue

GiteaMirror · 2026-04-27T22:34:40-05:00

GiteaMirror commented

2026-04-27 22:34:40 -05:00

📋 Pull Request Information

Original PR: https://github.com/fosrl/newt/pull/217
Author: @water-sucks
Created: 12/22/2025
Status: ✅ Merged
Merged: 12/23/2025
Merged by: @oschwartz10612

Base: main ← Head: nix-automation

📝 Commits (5)

b25a07c chore(nix): sync version number with latest version
1c87196 fix(nix): disable tests, set meta.mainProgram for package
34e4e8a ci: build nix package when go.mod is changed
e3d161a chore: add direnv and nix result dirs to gitignore
79e312a ci: update nix go vendor hash if needed for dependabot PRs

📊 Changes

4 files changed (+88 additions, -2 deletions)

View changed files

➕ .github/workflows/nix-build.yml (+23 -0)
➕ .github/workflows/nix-dependabot-update-hash.yml (+48 -0)
📝 .gitignore (+3 -1)
📝 flake.nix (+14 -1)

📄 Description

Community Contribution License Agreement

By creating this pull request, I grant the project maintainers an unlimited,
perpetual license to use, modify, and redistribute these contributions under any terms they
choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
represent that I have the right to grant this license for all contributed content.

Description

This syncs up the latest Nix package, unbreaks the Nix package build, and also attempts to add CI checks/updates for the Nix hash to prevent this from happening in the future.

From now on, whenever a PR is opened, and go.mod/go.sum are changed, the Nix package is built by CI, and it will fail if the hash is incorrect. Any maintainer can subsequently update the hash themselves, or post the hash in a PR review comment and ask the user to update their PR.

Additionally, since Dependabot automates Go package updates, this PR adds an action to run nix-update in order to get the new hash, and updates the Dependabot PR with the hash change.

Ultimately, the maintainers are still responsible for updating the version number on their own before release. This cannot be automated away, unfortunately.

How to test?

Next time a Dependabot update happens, the Dependabot action should trigger and update the Nix hash.

Additionally, the next time a go.mod/go.sum change happens, a successful Nix package build should be a prerequisite for merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/fosrl/newt/pull/217 **Author:** [@water-sucks](https://github.com/water-sucks) **Created:** 12/22/2025 **Status:** ✅ Merged **Merged:** 12/23/2025 **Merged by:** [@oschwartz10612](https://github.com/oschwartz10612) **Base:** `main` ← **Head:** `nix-automation` --- ### 📝 Commits (5) - [`b25a07c`](https://github.com/fosrl/newt/commit/b25a07cebbacab14ab76f62c797421897d401cf6) chore(nix): sync version number with latest version - [`1c87196`](https://github.com/fosrl/newt/commit/1c871962b049ca3b515c6a68c1d3125410d79a47) fix(nix): disable tests, set meta.mainProgram for package - [`34e4e8a`](https://github.com/fosrl/newt/commit/34e4e8a9d781858e38328594ee1bd2f28541b461) ci: build nix package when go.mod is changed - [`e3d161a`](https://github.com/fosrl/newt/commit/e3d161ae5c096e00f9f92cee8fd647759278f477) chore: add direnv and nix result dirs to gitignore - [`79e312a`](https://github.com/fosrl/newt/commit/79e312a8a2dfba3c2b36cf1d3b28d24cf36ec07b) ci: update nix go vendor hash if needed for dependabot PRs ### 📊 Changes **4 files changed** (+88 additions, -2 deletions) <details> <summary>View changed files</summary> ➕ `.github/workflows/nix-build.yml` (+23 -0) ➕ `.github/workflows/nix-dependabot-update-hash.yml` (+48 -0) 📝 `.gitignore` (+3 -1) 📝 `flake.nix` (+14 -1) </details> ### 📄 Description ## Community Contribution License Agreement By creating this pull request, I grant the project maintainers an unlimited, perpetual license to use, modify, and redistribute these contributions under any terms they choose, including both the AGPLv3 and the Fossorial Commercial license terms. I represent that I have the right to grant this license for all contributed content. ## Description This syncs up the latest Nix package, unbreaks the Nix package build, and also attempts to add CI checks/updates for the Nix hash to prevent this from happening in the future. From now on, whenever a PR is opened, and `go.mod`/`go.sum` are changed, the Nix package is built by CI, and it will fail if the hash is incorrect. Any maintainer can subsequently update the hash themselves, or post the hash in a PR review comment and ask the user to update their PR. Additionally, since Dependabot automates Go package updates, this PR adds an action to run `nix-update` in order to get the new hash, and updates the Dependabot PR with the hash change. Ultimately, the maintainers are still responsible for updating the version number on their own before release. This cannot be automated away, unfortunately. ## How to test? Next time a Dependabot update happens, the Dependabot action should trigger and update the Nix hash. Additionally, the next time a `go.mod`/`go.sum` change happens, a successful Nix package build should be a prerequisite for merging. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2026-04-27 22:34:40 -05:00

GiteaMirror closed this issue

2026-04-27 22:34:41 -05:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#1885