perf(ci): use nix profile install instead of nix develop #295
Conversation
- Replace nix develop --command with direct command execution - Add tools input to setup-nix action for per-job tool selection - Install only required tools per job (e.g., gitleaks job only installs gitleaks) - Remove cache-nix-action as nixpkgs binary cache handles caching - This should reduce CI setup time by avoiding devShell evaluation
gitleaks job only needs gitleaks binary, not node dependencies
Use flake.lock pinned nixpkgs revision to benefit from evaluation caching
There was a problem hiding this comment.
Pull request overview
This PR optimizes CI performance by replacing nix develop --command with nix profile install and implementing per-job tool selection. The setup-nix action now accepts a tools input to install only the packages needed for each job, and a skip-pnpm-install flag for jobs that don't need Node.js dependencies.
Changes:
- Modified setup-nix action to accept tool lists and conditionally skip pnpm install
- Updated all CI jobs to use direct commands instead of
nix develop --command - Removed nix-community/cache-nix-action caching step
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.github/workflows/ci.yaml |
Updated gitleaks, lint, build-and-test, and coverage jobs to specify required tools and run commands directly without nix develop wrapper |
.github/actions/setup-nix/action.yaml |
Added tools and skip-pnpm-install inputs, replaced cache-nix-action with nix profile install approach, added conditional pnpm install step |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| - name: Install tools from nixpkgs | ||
| shell: bash | ||
| run: | | ||
| tools="${{ inputs.tools }}" | ||
| packages="" | ||
| for tool in $tools; do | ||
| packages="$packages nixpkgs#$tool" | ||
| done | ||
| nix profile install --inputs-from . $packages |
There was a problem hiding this comment.
Removing the cache-nix-action without replacement may negatively impact CI performance. While the PR description shows performance improvements in the short term, subsequent CI runs will need to re-download and rebuild Nix packages every time since there's no caching mechanism. Consider adding nix-community/cache-nix-action or another caching strategy back to maintain performance benefits across multiple CI runs.
| uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 | ||
| - name: Setup Nix | ||
| uses: ./.github/actions/setup-nix | ||
| with: |
There was a problem hiding this comment.
The tools list is duplicating information already defined in flake.nix. If the list of linting tools changes in flake.nix, this must be manually updated as well. Consider whether there's a way to maintain a single source of truth, or add a comment referencing the flake.nix buildInputs to help maintainers keep these in sync.
| with: | |
| with: | |
| # Keep this tools list in sync with flake.nix (e.g. buildInputs) to avoid drift. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Summary
nix develop --commandwithnix profile install --inputs-from .for faster CI setuptoolsinput to setup-nix action for per-job tool selectionPerformance improvement
Test plan
Summary by cubic
Switch CI from nix develop to nix profile install with per-job tool selection for faster, leaner setup. Total CI time drops from ~2m10s to ~43s.
Refactors
Performance
Written for commit effd70b. Summary will update on new commits.