This job is a required status check on main. The workflow was path-filtered
to **.nix/flake.lock/ci.yaml, so a PR touching none of those (e.g. a
.renovaterc.json-only change) skipped the workflow entirely, leaving the
required check pending forever and making the PR unmergeable.
Run the workflow on every PR so the check is always reported, but keep a
'detect' step that diffs the PR against its base and runs nix flake check
and the per-host evals only when a .nix file, flake.lock, or this workflow
changed. When nothing Nix-relevant changed the heavy steps skip and the job
still passes, so the required check stays green-reportable without burning a
full evaluation on unrelated changes. Checkout uses fetch-depth: 0 so the
diff has the base history.
Replace the formatting-only build with `nix flake check`, so deadnix,
statix and the pre-commit hooks are enforced in CI (not just local
hooks). Add the nix-community binary cache to the runner's nix config to
speed up the check closure. The explicit per-host eval pass is kept for
granular output.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The eval steps listed hosts by hand and still referenced lyrathorpe-x1c,
which was removed (replaced by t400/macpro31), so CI errored. Derive the
NixOS and Darwin host lists from attrNames of nixos/darwinConfigurations
instead, so adding or removing a host needs no workflow change.
Verified locally under bash: all current hosts (edaas, macpro31, mbp,
t400, mac) evaluate; no removed host is referenced.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The eval loop covered only the NixOS hosts, so the nix-darwin host could
break unnoticed. Add an eval step for darwinConfigurations.lyrathorpe-mac.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add path filters so the workflow triggers only when *.nix files, flake.lock, or the workflow itself change, skipping CI for docs/markdown/unrelated edits.
CI workflow gates on nixfmt formatting and evaluates all three host toplevels (aarch64 evaluates without emulation; no full builds in CI).
renovate.json enables the nix manager and weekly lockFileMaintenance for flake.lock, plus grouped github-actions updates (Renovate matches .gitea/workflows). A self-hosted Renovate workflow runs it on Gitea, since Gitea has no built-in Renovate; it needs a RENOVATE_TOKEN secret.
Renovate Bot
lyrathorpe