fix(release): install Nix profile tools after checkout #288

Merged

jwilger merged 1 commit from fix/release-publish-checkout-before-flake-install into main 2026-06-13 07:27:48 -07:00

Conversation 1 Commits 1 Files changed 2 +70 -14

jwilger commented 2026-06-13 07:25:16 -07:00

Owner

Copy link

Scope of this PR

Fixes the ordering of the release-publish Forgejo workflow so the Nix
profile tools are installed only after the repository is checked out.

What changed

• .forgejo/workflows/release-publish.yml: move the Install or reuse Nix
  step (which runs nix profile install --inputs-from . nixpkgs#tea nixpkgs#coreutils nixpkgs#gawk nixpkgs#gnused) so it runs after both
  conditional checkout steps (push and workflow_dispatch) rather than
  before them.
• crates/ar-gateway/tests/ci_workflow_contract.rs: add the
  release_publish_installs_profile_tools_after_checkout contract test that
  asserts both checkout steps precede the --inputs-from . profile install.

Why

nix profile install --inputs-from . resolves its inputs from the flake in
the working tree. Running it before checkout means there is no flake to
resolve against, so on a cold runner the profile-tools install could fail or
resolve against the wrong inputs. Installing after checkout guarantees the
flake is present first; the contract test guards the ordering against
regression.

Verification

• cargo nextest run -p ar-gateway release_publish — 4 passed.
• cargo fmt --check and cargo clippy -p ar-gateway --tests — clean.
• Pre-push full-verification hook passed.

🤖 Generated with Claude Code

## Scope of this PR Fixes the ordering of the `release-publish` Forgejo workflow so the Nix profile tools are installed only after the repository is checked out. ### What changed - `.forgejo/workflows/release-publish.yml`: move the **Install or reuse Nix** step (which runs `nix profile install --inputs-from . nixpkgs#tea nixpkgs#coreutils nixpkgs#gawk nixpkgs#gnused`) so it runs **after** both conditional checkout steps (`push` and `workflow_dispatch`) rather than before them. - `crates/ar-gateway/tests/ci_workflow_contract.rs`: add the `release_publish_installs_profile_tools_after_checkout` contract test that asserts both checkout steps precede the `--inputs-from .` profile install. ### Why `nix profile install --inputs-from .` resolves its inputs from the flake in the working tree. Running it before checkout means there is no flake to resolve against, so on a cold runner the profile-tools install could fail or resolve against the wrong inputs. Installing after checkout guarantees the flake is present first; the contract test guards the ordering against regression. ### Verification - `cargo nextest run -p ar-gateway release_publish` — 4 passed. - `cargo fmt --check` and `cargo clippy -p ar-gateway --tests` — clean. - Pre-push `full-verification` hook passed. 🤖 Generated with [Claude Code](https://claude.com/claude-code)

jwilger added 1 commit 2026-06-13 07:25:16 -07:00

fix(release): install Nix profile tools after checkout ... d69b263bcf

The release-publish workflow ran `nix profile install --inputs-from .`
before checking out the repository. With no working tree present there is
no flake for `--inputs-from .` to resolve against, so on a cold runner the
profile-tools install (tea, coreutils, gawk, gnused) could fail or resolve
against the wrong inputs.

Move the "Install or reuse Nix" step to run after both conditional checkout
steps (push and workflow_dispatch) so the flake is always present first, and
add the `release_publish_installs_profile_tools_after_checkout` contract test
to guard the ordering against regression.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

auto-review approved these changes 2026-06-13 07:27:15 -07:00

auto-review left a comment

Copy link

The PR fixes the order of operations in the release-publish workflow by ensuring the Nix profile tools are installed after the repository is checked out. This change is verified by a new contract test, which guards against future regressions.

LLM usage and cost

• Reasoning (gpt-4o) in=2210 out=216 cost=$0.014290
• Cheap (gpt-4o-mini) in=605 out=43 cost=$0.000117
  Estimated total USD: $0.014407 via https://api.openai.com and https://api.openai.com

The PR fixes the order of operations in the `release-publish` workflow by ensuring the Nix profile tools are installed after the repository is checked out. This change is verified by a new contract test, which guards against future regressions. ## LLM usage and cost - Reasoning (gpt-4o) in=2210 out=216 cost=$0.014290 - Cheap (gpt-4o-mini) in=605 out=43 cost=$0.000117 Estimated total USD: $0.014407 via https://api.openai.com and https://api.openai.com

jwilger scheduled this pull request to auto merge when all checks succeed 2026-06-13 07:27:27 -07:00

jwilger merged commit aa055a46d4 into main 2026-06-13 07:27:48 -07:00

jwilger deleted branch fix/release-publish-checkout-before-flake-install 2026-06-13 07:27:48 -07:00

jwilger referenced this pull request from a commit 2026-06-13 07:27:49 -07:00

fix(release): install Nix profile tools after checkout (#288)

Sign in to join this conversation.

Reviewers

No reviewers

auto-review

Labels

Clear labels   

bug

  

discussion

  

enhancement

  

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

wontfix

This won't be fixed

No labels

bug

discussion

enhancement

bug

duplicate

enhancement

help wanted

invalid

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

2 participants

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

Slipstream/auto_review!288

No description provided.