Format Nix sources and update template lockfiles #469
Conversation
✅ Deploy Preview for zero-to-nix ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Warning Rate limit exceeded@lucperkins has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 12 minutes and 24 seconds before requesting another review. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. 📒 Files selected for processing (7)
WalkthroughRefactors flake outputs to per-system generation (supportedSystems/forEachSupportedSystem), adds a per-system Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Developer
participant Flake as flake.nix
participant Iter as forEachSupportedSystem
participant Nixpkgs as nixpkgs
participant Shell as pkgs.mkShellNoCC
Developer->>Flake: nix develop .#<system>
Flake->>Iter: request per-system outputs
Iter->>Nixpkgs: import nixpkgs { system }
Nixpkgs-->>Iter: pkgs
Iter-->>Flake: devShells.${system}, apps.${system}, formatter.${system}
Flake->>Shell: mkShellNoCC { packages = common ++ [ self.formatter.${system} ] ++ scripts }
Shell-->>Developer: per-system dev environment
sequenceDiagram
autonumber
actor Maintainer
participant Script as scripts/update-template-inputs.sh
participant Git as git
participant Nix as nix
participant GH as GitHub Actions
Maintainer->>Script: run
Script->>Git: rev-parse --show-toplevel
Git-->>Script: repo root
loop for each template (dev, pkg)
Script->>Nix: nix flake update (template)
Script->>Nix: nix flake check --all-systems
Nix-->>Script: result
Script-->>Maintainer: "✔ Updated <template>"
end
Script->>GH: workflow step checks git diff
alt changes detected
GH->>GH: create pull request (flake-template-input-update)
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Poem
Pre-merge checks and finishing touches❌ Failed checks (2 warnings)
✅ Passed checks (3 passed)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (18)
src/content/start/3.nix-develop.mdx (1)
401-405: Example path updated; consider adding a small “version may vary” note.Store paths and minor versions drift by channel; a brief note can avoid confusion for readers who don’t see 3.13.6.
nix/templates/pkg/javascript/flake.nix (1)
31-55: Prefer nativeBuildInputs for Node (build-time only).This keeps Node out of the runtime closure for a static site and better reflects intent.
Apply:
- buildInputs = with pkgs; [ + nativeBuildInputs = with pkgs; [ nodejs_latest ];nix/templates/pkg/cpp/flake.nix (1)
37-41: Avoid explicitly depending on gcc; rely on stdenv toolchain.Including gcc can cause cross-platform friction (esp. on Darwin) and is redundant with stdenv.
- cppDependencies = with pkgs; [ - boost - gcc - poco - ]; + cppDependencies = with pkgs; [ + boost + poco + ];nix/templates/dev/haskell/flake.nix (1)
34-45: Switch dev shell to mkShellNoCC.Aligns with PR objective and reduces closure size when a C toolchain isn’t required.
- default = pkgs.mkShell { + default = pkgs.mkShellNoCC { # The Nix packages provided in the environment packages = with pkgs.haskellPackages; [ stack ghc ]; };nix/templates/dev/golang/flake.nix (1)
34-45: Use mkShellNoCC; optionally add gopls for better IDE support.NoCC trims toolchain overhead; gopls improves editor UX.
- default = pkgs.mkShell { + default = pkgs.mkShellNoCC { # The Nix packages provided in the environment packages = with pkgs; [ go # The Go CLI gotools # Go tools like goimports, godoc, and others + gopls # (optional) Go language server ]; };nix/templates/dev/javascript/flake.nix (1)
34-44: Use mkShellNoCC for dev shells to reduce closure sizemkShellNoCC avoids pulling the C toolchain into dev shells. rg shows mkShell still used in these templates — replace mkShell with mkShellNoCC:
- nix/templates/dev/javascript/flake.nix:37
- nix/templates/dev/scala/flake.nix:52
- nix/templates/dev/rust/flake.nix:54
- nix/templates/dev/python/flake.nix:42
- nix/templates/dev/haskell/flake.nix:37
- nix/templates/dev/golang/flake.nix:37
- nix/templates/dev/cpp/flake.nix:37
Diff (javascript example; apply same change across the listed templates):
- default = pkgs.mkShell { + default = pkgs.mkShellNoCC { # The Nix packages provided in the environment packages = with pkgs; [ nodejs_20 # Node.js 20, plus npm, npx, and corepack ]; };nix/templates/dev/scala/flake.nix (1)
49-60: Consider mkShellNoCC and adding a formatter to the dev shell.
This trims the closure and aligns templates with common practice; also adds a Nix formatter for convenience.Apply:
- default = pkgs.mkShell { + default = pkgs.mkShellNoCC { # The Nix packages provided in the environment - packages = with pkgs; [ + packages = with pkgs; [ # Uses the JRE/JDK version set up by the overlay. sbt + nixpkgs-fmt ]; };nix/templates/pkg/scala/flake.nix (2)
63-69: Add a stricter shell prologue to startScript.
Helps fail fast on script errors.Apply:
- startScript = '' - #!${pkgs.runtimeShell} + startScript = '' + #!${pkgs.runtimeShell} + set -euo pipefail
71-78: Install phase is fine; minor nit: quote path expansions.
Defensive quoting avoids surprises if names ever include spaces.Apply:
- install -T -D -m755 $startScriptPath $out/bin/${name} + install -T -D -m755 "$startScriptPath" "$out/bin/${name}"nix/templates/pkg/python/flake.nix (1)
31-46: Switch to python3 is good; consider pname/version and dropping pip from buildInputs.
More idiomatic packaging and fewer unnecessary build inputs.Apply:
- default = + default = let python = pkgs.python3; in python.pkgs.buildPythonApplication { - name = "zero-to-nix-python"; - - buildInputs = with python.pkgs; [ pip ]; + pname = "zero-to-nix-python"; + version = "0.1.0"; src = ./.; };nix/templates/pkg/rust/flake.nix (1)
50-68: Derivation is solid; prefer pname/version over name.
Improves metadata and store path clarity.Apply:
- rustPlatform.buildRustPackage { - name = "zero-to-nix-rust"; + rustPlatform.buildRustPackage { + pname = "zero-to-nix-rust"; + version = "0.1.0"; src = ./.; cargoLock = { lockFile = ./Cargo.lock; }; };nix/templates/dev/rust/flake.nix (1)
51-65: Consider mkShellNoCC and a Nix formatter in the dev shell.
Smaller closure and handy formatting tool.Apply:
- default = pkgs.mkShell { + default = pkgs.mkShellNoCC { # The Nix packages provided in the environment - packages = + packages = (with pkgs; [ # The package provided by our custom overlay. Includes cargo, Clippy, cargo-fmt, # rustdoc, rustfmt, and other tools. rustToolchain + nixpkgs-fmt ]) ++ pkgs.lib.optionals pkgs.stdenv.isDarwin (with pkgs; [ libiconv ]); };nix/shell/example.nix (1)
7-11: Example shells read cleaner; Python move to python3 is sensible.
Optionally: use mkShellNoCC for non-C/C++ shells to shrink closures, and consider pinning specific major.minor tool versions for reproducibility in examples.Also applies to: 25-28, 36-39, 55-55, 71-74, 91-95
nix/templates/dev/cpp/flake.nix (1)
34-45: Use mkShellNoCC to avoid pulling an extra toolchain.
You already add gcc explicitly; mkShellNoCC keeps the closure leaner.Apply:
- default = pkgs.mkShell { + default = pkgs.mkShellNoCC { # The Nix packages provided in the environment packages = with pkgs; [ boost # The Boost libraries gcc # The GNU Compiler Collection ]; };nix/templates/pkg/golang/flake.nix (1)
30-41: Derivation is fine; consider pname/version instead of name.
Improves metadata and consistency with other templates.Apply:
- default = pkgs.buildGoModule { - name = "zero-to-nix-go"; + default = pkgs.buildGoModule { + pname = "zero-to-nix-go"; + version = "0.1.0"; src = self; vendorHash = "sha256-JQ3vwk2F8aPy89I9E+phfUwCqe+ZeAJGPLpJ1ksiR18="; goSum = ./go.sum; subPackages = [ "cmd/zero-to-nix-go" ]; };nix/templates/dev/python/flake.nix (1)
39-53: Python alias switch to pkgs.python3: confirm intentUsing pkgs.python3 tracks nixpkgs’ default Python (varies by channel). With lockfiles this is reproducible, but templates copied without locks may drift. If you want a stable major/minor in templates, pin python311/python312; if you want “latest 3.x,” keep as-is.
flake.nix (2)
104-111: Make formatting scripts portable (avoid xargs -r) and faster-r is GNU-only; macOS/BSD xargs will error. Also, nesting nix develop per run is slow. Prefer nix run .#formatter (or nix fmt).
Apply this diff:
- (writeScriptBin "check-nix-formatting" '' - git ls-files -z '*.nix' | xargs -0 -r nix develop --command nixfmt --check - '') + (writeScriptBin "check-nix-formatting" '' + files="$(git ls-files '*.nix')" + [ -z "$files" ] || nix run .#formatter -- --check $files + '')- (writeScriptBin "format-nix" '' - git ls-files -z '*.nix' | xargs -0 -r nix fmt - '') + (writeScriptBin "format-nix" '' + nix fmt + '')
57-101: Tiny shell ergonomics (optional)Consider set -euo pipefail in multi-step scripts (setup/build/dev/preview) to fail fast on errors/undefined vars.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (14)
nix/templates/dev/cpp/flake.lockis excluded by!**/*.locknix/templates/dev/golang/flake.lockis excluded by!**/*.locknix/templates/dev/haskell/flake.lockis excluded by!**/*.locknix/templates/dev/javascript/flake.lockis excluded by!**/*.locknix/templates/dev/python/flake.lockis excluded by!**/*.locknix/templates/dev/rust/flake.lockis excluded by!**/*.locknix/templates/dev/scala/flake.lockis excluded by!**/*.locknix/templates/pkg/cpp/flake.lockis excluded by!**/*.locknix/templates/pkg/golang/flake.lockis excluded by!**/*.locknix/templates/pkg/haskell/flake.lockis excluded by!**/*.locknix/templates/pkg/javascript/flake.lockis excluded by!**/*.locknix/templates/pkg/python/flake.lockis excluded by!**/*.locknix/templates/pkg/rust/flake.lockis excluded by!**/*.locknix/templates/pkg/scala/flake.lockis excluded by!**/*.lock
📒 Files selected for processing (18)
flake.nix(3 hunks)nix/shell/example.nix(5 hunks)nix/templates/dev/cpp/flake.nix(2 hunks)nix/templates/dev/golang/flake.nix(2 hunks)nix/templates/dev/haskell/flake.nix(2 hunks)nix/templates/dev/javascript/flake.nix(2 hunks)nix/templates/dev/python/flake.nix(2 hunks)nix/templates/dev/rust/flake.nix(2 hunks)nix/templates/dev/scala/flake.nix(2 hunks)nix/templates/pkg/cpp/flake.nix(2 hunks)nix/templates/pkg/golang/flake.nix(2 hunks)nix/templates/pkg/haskell/flake.nix(2 hunks)nix/templates/pkg/javascript/flake.nix(2 hunks)nix/templates/pkg/python/flake.nix(2 hunks)nix/templates/pkg/rust/flake.nix(2 hunks)nix/templates/pkg/scala/flake.nix(2 hunks)src/content/start/3.nix-develop.mdx(1 hunks)src/content/start/4.nix-build.mdx(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: test
🔇 Additional comments (23)
nix/templates/pkg/javascript/flake.nix (1)
21-28: forAllSystems helper refactor is clean and idiomatic.nix/templates/pkg/haskell/flake.nix (1)
31-45: Formatting-only refactor looks good.No semantic changes; derivation remains equivalent.
src/content/start/4.nix-build.mdx (1)
319-323: Switch to pkgs.python3 looks good — verification required. Automated scan failed: ripgrep returned "No files were searched", so I could not confirm there are no pinned Python minor refs in docs/templates/README. Re-run in repo root and paste output of: rg -nP --hidden -S '\b(pkgs.)?python(39|310|311|312|313)\b|\bpython3.(10|11|12|13)\b' .nix/templates/dev/scala/flake.nix (3)
11-12: Formatting-only change to outputs looks good.
16-26: Overlay reads clean and non-recursive.
No semantic change; using prev.openjdk17 and exporting jre/jdk is fine.
38-45: forAllSystems helper is idiomatic.nix/templates/pkg/scala/flake.nix (3)
16-22: outputs header rewrap is fine.
37-45: forAllSystems helper reformat is correct.
49-82: Package derivation looks good.
sbt.mkSbtDerivation.${system} usage and passAsFile/startScript wiring are correct.nix/templates/pkg/python/flake.nix (2)
9-10: outputs header rewrap is fine.
21-28: forAllSystems helper LGTM.nix/templates/pkg/rust/flake.nix (2)
11-16: outputs header rewrap is fine.
27-42: forAllSystems with overlays is correct.nix/templates/dev/rust/flake.nix (2)
13-18: outputs header rewrap is fine.
40-47: forAllSystems helper LGTM.nix/templates/dev/cpp/flake.nix (2)
11-12: outputs header rewrap is fine.
23-30: forAllSystems helper LGTM.nix/templates/pkg/golang/flake.nix (2)
8-9: outputs header rewrap is fine.
20-27: forAllSystems helper LGTM.nix/templates/dev/python/flake.nix (1)
11-30: Outputs/forAllSystems refactor looks goodStructure is cleaner; semantics unchanged.
flake.nix (3)
146-147: Formatter wiring LGTMPer-system nixfmt-rfc-style is the right target for nix fmt.
140-143: Nice: mkShellNoCC for default dev shellGood closure-size win for docs/website work; compiling toolchains aren’t usually needed here.
34-54: General devShells restructuring LGTMCommon packages and scripts factoring reads well.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
flake.nix (1)
35-55: devShells: formatter reference is correct nowself.formatter.${system} is valid since system is in scope.
🧹 Nitpick comments (18)
nix/templates/dev/javascript/flake.nix (1)
23-30: Optional: align helper naming with repo-wide pattern and keep Node pointer consistent.
- If the repo now favors forEachSupportedSystem/supportedSystems, consider renaming for parity.
- This template uses nodejs_20 while nix/shell/example.nix uses nodejs_latest; consider standardizing.
Apply within this hunk:
- forAllSystems = + forEachSupportedSystem = f: - nixpkgs.lib.genAttrs allSystems ( + nixpkgs.lib.genAttrs supportedSystems ( system: f { pkgs = import nixpkgs { inherit system; }; } );- devShells = forAllSystems ( + devShells = forEachSupportedSystem ( { pkgs }: { default = pkgs.mkShell {Outside the selected lines, if you want the rename too:
- allSystems = [ + supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];Also applies to: 34-44
nix/shell/example.nix (1)
90-95: Minor consistency: Node pointer differs from JS dev template.This file uses nodejs_latest while nix/templates/dev/javascript/flake.nix uses nodejs_20. Consider standardizing to reduce confusion in docs/examples.
nix/templates/dev/haskell/flake.nix (1)
23-30: Optional: adopt forEachSupportedSystem/supportedSystems for consistency.Keeps semantics but matches naming used elsewhere in the repo.
- forAllSystems = + forEachSupportedSystem = f: - nixpkgs.lib.genAttrs allSystems ( + nixpkgs.lib.genAttrs supportedSystems ( system: f { pkgs = import nixpkgs { inherit system; }; } );- devShells = forAllSystems ( + devShells = forEachSupportedSystem (Outside this hunk:
- allSystems = [ + supportedSystems = [Also applies to: 34-45
nix/templates/dev/python/flake.nix (1)
42-53: Harden Python env hermeticity (no user site-packages).Set PYTHONNOUSERSITE=1 to prevent accidental leakage from user site dirs.
pkgs.mkShell { # The Nix packages provided in the environment packages = [ # Python plus helper tools (python.withPackages ( ps: with ps; [ virtualenv # Virtualenv pip # The pip installer ] )) ]; + PYTHONNOUSERSITE = "1"; };nix/templates/dev/golang/flake.nix (1)
23-30: Optional: align helper naming with other templates.- forAllSystems = + forEachSupportedSystem = f: - nixpkgs.lib.genAttrs allSystems ( + nixpkgs.lib.genAttrs supportedSystems (- devShells = forAllSystems ( + devShells = forEachSupportedSystem (Outside this hunk:
- allSystems = [ + supportedSystems = [Also applies to: 34-34
nix/templates/pkg/cpp/flake.nix (1)
31-54: Package derivation polish: pname/version, strictDeps, use $CXX, safer install.Improves Nix packaging hygiene without changing behavior.
default = let binName = "zero-to-nix-cpp"; cppDependencies = with pkgs; [ boost gcc poco ]; in pkgs.stdenv.mkDerivation { - name = "zero-to-nix-cpp"; + pname = "zero-to-nix-cpp"; + version = "0.1.0"; src = self; buildInputs = cppDependencies; - buildPhase = "c++ -std=c++17 -o ${binName} ${./main.cpp} -lPocoFoundation -lboost_system"; + strictDeps = true; + buildPhase = '' + ${CXX} -std=c++17 -o ${binName} ${./main.cpp} -lPocoFoundation -lboost_system + ''; installPhase = '' mkdir -p $out/bin - cp ${binName} $out/bin/ + install -Dm755 ${binName} $out/bin/${binName} ''; };nix/templates/pkg/golang/flake.nix (1)
30-41: Go packaging nits: prefer pname/version and add common flags.This aligns with Nix conventions and produces leaner binaries.
- default = pkgs.buildGoModule { - name = "zero-to-nix-go"; + default = pkgs.buildGoModule { + pname = "zero-to-nix-go"; + version = "0.1.0"; src = self; vendorHash = "sha256-JQ3vwk2F8aPy89I9E+phfUwCqe+ZeAJGPLpJ1ksiR18="; goSum = ./go.sum; subPackages = [ "cmd/zero-to-nix-go" ]; + ldflags = [ "-s" "-w" ]; + CGO_ENABLED = 0; };src/content/start/3.nix-develop.mdx (1)
404-404: Replace hardcoded /nix/store paths with the NixStorePath componentUse the existing NixStorePath (as used for curl) instead of hardcoded, versioned Nix store paths.
Occurrences in src/content/start/3.nix-develop.mdx:
- 359: gcc is /nix/store/nbrvvx1gyq3as3ghmjz62wlgd8f3zfpf-gcc-wrapper-11.3.0/bin/gcc
- 374: ghc is /nix/store/f3qnvw5gxgxxpr275kf97pfcy2n1gv79-ghc-9.2.4/bin/ghc
- 389: node is /nix/store/i88kh2fd03f5fsd3a948s19gliggd2wd-nodejs-18.12.1/bin/node
- 404: python is /nix/store/a9mmam4km4bjnkzl62533w7d0wyrhrj9-python3-3.13.6/bin/python
- 419: go is /nix/store/5bcx8rv6sy33xsf5dzkp9q8lfdqrsiwa-go-1.19.4/bin/go
- 434: cargo is /nix/store/zc1nr87147gvmg5nqci8q5cfnzg82vwp-rust-default-1.64.0/bin/cargo
- 449: sbt is /nix/store/p0hca7x8g45p5hnh0xjzy5s2bcpy1i9l-sbt-1.7.3/bin/sbt
Example replacement (still applicable for the python line):
-python is /nix/store/a9mmam4km4bjnkzl62533w7d0wyrhrj9-python3-3.13.6/bin/python +<NixStorePath pkg="python3" bin="python" />nix/templates/dev/rust/flake.nix (1)
51-65: Add rust-analyzer to the dev shell for better IDE support.Apply:
- packages = - (with pkgs; [ + packages = + (with pkgs; [ # The package provided by our custom overlay. Includes cargo, Clippy, cargo-fmt, # rustdoc, rustfmt, and other tools. - rustToolchain + rustToolchain + rust-analyzer ])nix/templates/dev/cpp/flake.nix (1)
34-45: Consider including common C++ tooling in the dev shell.Add CMake (and optionally pkg-config/gdb) to smooth the out-of-the-box experience:
- packages = with pkgs; [ - boost # The Boost libraries - gcc # The GNU Compiler Collection - ]; + packages = with pkgs; [ + boost # The Boost libraries + gcc # The GNU Compiler Collection + cmake # Ubiquitous C++ build system + # pkg-config # Uncomment if your sample needs it + # gdb # Uncomment for debugging + ];scripts/update-template-inputs.sh (2)
5-5: Message no longer matches behavior (now updates dev and pkg).-echo "Updating flake inputs for dev shell templates" +echo "Updating flake inputs for dev and pkg templates"
7-16: Harden loop: quote paths, skip non-dirs/missing flakes, avoid echo escapes.-for kind in dev pkg; do - for template in ${root}/nix/templates/${kind}/*; do - ( - echo "\_ updating ${template}" - cd $template - nix flake update - nix flake check --all-systems - echo "\_ updated ${template} ✅" - ) - done +for kind in dev pkg; do + for template in "${root}/nix/templates/${kind}"/*; do + [ -d "${template}" ] || continue + [ -f "${template}/flake.nix" ] || continue + ( + printf '_ updating %s\n' "${template}" + cd -- "${template}" + nix flake update + nix flake check --all-systems + printf '_ updated %s ✅\n' "${template}" + ) + doneAdditionally, add a shebang so pipefail and arrays behave as expected across shells:
#!/usr/bin/env bashnix/templates/dev/scala/flake.nix (1)
49-60: Optionally include scala-cli in the dev shell.- packages = with pkgs; [ - # Uses the JRE/JDK version set up by the overlay. - sbt - ]; + packages = with pkgs; [ + # Uses the JRE/JDK version set up by the overlay. + sbt + scala-cli + ];nix/templates/pkg/rust/flake.nix (2)
45-48: Consider pinning the Rust toolchain for reproducibilityUsing “stable.latest” is convenient but non-reproducible. Pinning to a specific version avoids surprise rebuilds.
Example:
- rustToolchain = final.rust-bin.stable.latest.default; + rustToolchain = final.rust-bin.stable."1.80.1".default;
50-68: Use pname/version instead of name in buildRustPackageNixpkgs conventions prefer pname/version; name is deprecated in many builders.
- rustPlatform.buildRustPackage { - name = "zero-to-nix-rust"; + rustPlatform.buildRustPackage { + pname = "zero-to-nix-rust"; + version = "0.1.0"; src = ./.; cargoLock = { lockFile = ./Cargo.lock; }; };nix/templates/pkg/javascript/flake.nix (3)
37-39: Prefer LTS node and nativeBuildInputsnodejs_latest may vary and can break builds; also use nativeBuildInputs for tools.
- buildInputs = with pkgs; [ - nodejs_latest - ]; + nativeBuildInputs = [ pkgs.nodejs ];
41-41: Align src style with other templatesRust template uses ./.; for consistency, use the same here.
- src = self; + src = ./.;
70-74: Use CI=1 instead of ENV=ciMost toolchains look for CI, not ENV.
- ENV=ci pnpm run build + CI=1 pnpm run build
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (14)
nix/templates/dev/cpp/flake.lockis excluded by!**/*.locknix/templates/dev/golang/flake.lockis excluded by!**/*.locknix/templates/dev/haskell/flake.lockis excluded by!**/*.locknix/templates/dev/javascript/flake.lockis excluded by!**/*.locknix/templates/dev/python/flake.lockis excluded by!**/*.locknix/templates/dev/rust/flake.lockis excluded by!**/*.locknix/templates/dev/scala/flake.lockis excluded by!**/*.locknix/templates/pkg/cpp/flake.lockis excluded by!**/*.locknix/templates/pkg/golang/flake.lockis excluded by!**/*.locknix/templates/pkg/haskell/flake.lockis excluded by!**/*.locknix/templates/pkg/javascript/flake.lockis excluded by!**/*.locknix/templates/pkg/python/flake.lockis excluded by!**/*.locknix/templates/pkg/rust/flake.lockis excluded by!**/*.locknix/templates/pkg/scala/flake.lockis excluded by!**/*.lock
📒 Files selected for processing (19)
flake.nix(1 hunks)nix/shell/example.nix(5 hunks)nix/templates/dev/cpp/flake.nix(2 hunks)nix/templates/dev/golang/flake.nix(2 hunks)nix/templates/dev/haskell/flake.nix(2 hunks)nix/templates/dev/javascript/flake.nix(2 hunks)nix/templates/dev/python/flake.nix(2 hunks)nix/templates/dev/rust/flake.nix(2 hunks)nix/templates/dev/scala/flake.nix(2 hunks)nix/templates/pkg/cpp/flake.nix(2 hunks)nix/templates/pkg/golang/flake.nix(2 hunks)nix/templates/pkg/haskell/flake.nix(2 hunks)nix/templates/pkg/javascript/flake.nix(2 hunks)nix/templates/pkg/python/flake.nix(2 hunks)nix/templates/pkg/rust/flake.nix(2 hunks)nix/templates/pkg/scala/flake.nix(2 hunks)scripts/update-template-inputs.sh(1 hunks)src/content/start/3.nix-develop.mdx(1 hunks)src/content/start/4.nix-build.mdx(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: test
🔇 Additional comments (30)
nix/templates/dev/javascript/flake.nix (1)
11-12: LGTM: formatting-only change; no semantic impact.nix/shell/example.nix (1)
7-11: LGTM: formatting refactor and Python bump (python3) look good across shells.Also applies to: 25-28, 36-39, 55-55, 71-74, 90-95
nix/templates/dev/haskell/flake.nix (1)
11-12: LGTM: outputs reflow only.nix/templates/dev/python/flake.nix (2)
11-12: LGTM: outputs formatting change.
34-55: LGTM: switch to pkgs.python3; pip/virtualenv via withPackages is fine.nix/templates/dev/golang/flake.nix (1)
34-45: LGTM: go + gotools; formatting-only change.nix/templates/pkg/cpp/flake.nix (1)
9-10: LGTM: outputs section reflow.nix/templates/pkg/golang/flake.nix (1)
8-9: Minor: unify nixpkgs input across templates.Most templates use nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0"; found exceptions — confirm intent or standardize to /0.
- nix/templates/pkg/golang/flake.nix — nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1" (suggest change to /0).
- nix/templates/pkg/scala/flake.nix — nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.2305.491812" (verify if this specific pin is required).
If you choose to align, update inputs (outside this hunk):
- nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1"; + nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0";nix/templates/dev/rust/flake.nix (2)
13-18: Formatting-only outputs change looks good.
40-47: Helper refactor reads clean; behavior unchanged.nix/templates/dev/cpp/flake.nix (2)
11-12: Outputs formatting change is fine.
23-30: Helper block reflow is OK.nix/templates/pkg/python/flake.nix (2)
9-10: Outputs formatting change is fine.
31-46: ```shell
#!/usr/bin/env bash
set -euo pipefailecho "=== Environment ==="
echo "PWD: $(pwd)"
echo "rg version:"
rg --version 2>/dev/null || echo "rg not installed"echo
echo "=== Top-level files (first 200 lines) ==="
ls -la | sed -n '1,200p' || trueecho
echo "=== Show few tracked files (if git present) ==="
if command -v git >/dev/null 2>&1 && [ -d .git ]; then
git rev-parse --abbrev-ref HEAD || true
git ls-files | sed -n '1,200p' || true
else
echo "No .git directory or git not available"
fiecho
echo "=== ripgrep debug search (patterns: python39, python39Packages, python3) ==="
rg --debug -n -uu -S -e '\bpython39\b|\bpython39Packages\b|\bpython3[0-9]{1,2}\b' || trueecho
echo "=== ripgrep broader search for 'python3' and 'pkgs.python3' ==="
rg -n --hidden -uu -S -e '\bpython3\b' || echo "no matches for plain 'python3'"
rg -n --hidden -uu -S -e '\bpkgs.python3\b' || echo "no matches for 'pkgs.python3'"</blockquote></details> <details> <summary>src/content/start/4.nix-build.mdx (1)</summary><blockquote> `321-321`: **Doc update to pkgs.python3 matches the template change.** </blockquote></details> <details> <summary>nix/templates/pkg/haskell/flake.nix (2)</summary><blockquote> `9-10`: **Outputs formatting change is fine.** --- `31-44`: **Package block unchanged semantically; LGTM.** </blockquote></details> <details> <summary>nix/templates/dev/scala/flake.nix (2)</summary><blockquote> `11-12`: **Outputs formatting change is fine.** --- `16-26`: **Overlay reflow is clear; behavior preserved.** </blockquote></details> <details> <summary>nix/templates/pkg/scala/flake.nix (3)</summary><blockquote> `16-22`: **Outputs parameter list reformat: OK.** --- `37-45`: **forAllSystems helper reflow is fine; explicit inherit system is nice.** --- `49-82`: **Confirm depsSha256 still matches after input updates** Verification couldn't run in the sandbox — 'nix' is not installed (error: "/bin/bash: line 5: nix: command not found"). Run the provided script in a Nix-enabled environment (local or CI) and update depsSha256 if it changes. </blockquote></details> <details> <summary>nix/templates/pkg/rust/flake.nix (2)</summary><blockquote> `11-16`: **Outputs arg list reformat is fine** No semantic change; keeps inputs explicit. --- `27-42`: **forAllSystems helper looks correct** Overlay stacking order and pkgs import per-system are sound. </blockquote></details> <details> <summary>nix/templates/pkg/javascript/flake.nix (2)</summary><blockquote> `9-10`: **Outputs arg list reformat is fine** No behavior change; keeps inputs explicit. --- `21-28`: **forAllSystems helper is correct** Per-system pkgs import matches the root pattern. </blockquote></details> <details> <summary>flake.nix (4)</summary><blockquote> `21-29`: **forEachSupportedSystem helper looks solid** Per-system argument passing is correct; pkgs/system are in scope for consumers. --- `98-104`: **nixfmt invocation is fine** Binary name matches nixfmt-rfc-style; check flag support across systems if you change formatter. If you ever switch formatter, ensure --check exists. --- `140-141`: **Formatter export LGTM** Per-system formatter enables nix fmt and scripting; good public surface. --- `31-33`: **Remove unused helper `runPkg` from flake.nix** Defined in flake.nix (lines 31–33); confirm there are no references and remove to reduce noise. Verify with: rg -n --hidden --no-ignore --glob '!flake.nix' '\brunPkg\b' -S -C2 If the command returns no matches, delete the helper. </blockquote></details> </blockquote></details> </details> <!-- This is an auto-generated comment by CodeRabbit for review status -->
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (3)
.github/workflows/update-flake-lock.yml (2)
26-32: Add workflow/job concurrency to avoid overlapping runs.Prevent concurrent template‑update runs from racing (schedule + manual). Add:
nix-flake-update-templates: + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false
19-19: Pin actions off@mainto tags/SHAs.For reproducibility, avoid
@mainon:
- DeterminateSystems/update-flake-lock (use a stable tag)
- DeterminateSystems/flakehub-cache-action
Pin to a released tag or full SHA.
Also applies to: 36-36
src/content/start/4.nix-build.mdx (1)
321-321: Approve — keep pkgs.python3; add brief note about pinningTemplates already use pkgs.python3 (nix/templates/pkg/python/flake.nix:36). Add a short note in src/content/start/4.nix-build.mdx that the exact Python version is determined by the pinned nixpkgs (flake.lock) and show how to pin a specific major (e.g., use pkgs.python311 or pin/override the nixpkgs input).
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (6)
.github/workflows/ci.yml(3 hunks).github/workflows/flakehub-cache.yml(1 hunks).github/workflows/flakehub-publish-rolling.yml(1 hunks).github/workflows/update-flake-lock.yml(2 hunks)nix/templates/pkg/javascript/flake.nix(2 hunks)src/content/start/4.nix-build.mdx(3 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- nix/templates/pkg/javascript/flake.nix
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: test
🔇 Additional comments (7)
.github/workflows/ci.yml (1)
19-19: Checkout v5 upgrade looks good; verify repo needs and pin where possible.
- If you rely on submodules/LFS or need >1 commit history, set fetch-depth/submodules/LFS explicitly; defaults may differ from what you expect.
- Consider pinning actions to SHAs and bumping actions/cache to v4 in this workflow for Node20 and supply‑chain hygiene.
Also applies to: 65-65, 88-88
.github/workflows/flakehub-cache.yml (1)
23-23: LGTM on actions/checkout@v5; consider pinning.Recommend pinning to a commit SHA for checkout and other actions in this job for better provenance.
.github/workflows/flakehub-publish-rolling.yml (1)
15-15: LGTM on checkout v5; consider pinning to SHA.No functional concerns. Pinning actions reduces supply‑chain risk.
.github/workflows/update-flake-lock.yml (2)
6-6: Cron runs in UTC; confirm intended cadence/time."30 1 1,15 * *" executes at 01:30 UTC on the 1st and 15th. If you meant a local timezone, adjust via an extra job-timezone step or document UTC explicitly.
17-17: Checkout v5 upgrade is fine.No functional change expected; keep as is.
src/content/start/4.nix-build.mdx (2)
310-310: Incorrect — template installs to $out/sharenix/templates/pkg/javascript/flake.nix (lines 49–51) creates "$out/share" and copies dist/. into it, so leave the docs pointing to result/share/index.html.
Likely an incorrect or invalid review comment.
215-216: Incorrect — template already installs the C++ binary to $out/bin; update the docs instead.nix/templates/pkg/cpp/flake.nix already runs
mkdir -p $out/binandcp ${binName} $out/bin/(lines 49–50). Replace the dist -> $out/share snippet in src/content/start/4.nix-build.mdx (lines 215–216) with the same install steps.Likely an incorrect or invalid review comment.
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (1)
.github/workflows/update-flake-lock.yml (1)
41-49: Bug: wrong step output referenced; committer format invalid.Use outputs from the detect step and fix committer to “Name ”.
- - name: Detect potential changes + - name: Detect potential changes + id: detect run: | if git diff --quiet && git diff --cached --quiet; then echo "changed=false" >> "$GITHUB_OUTPUT" else echo "changed=true" >> "$GITHUB_OUTPUT" fi - name: Create pull request for changes - if: ${{ steps.update.outputs.changed == 'true' }} + if: ${{ steps.detect.outputs.changed == 'true' }} uses: peter-evans/create-pull-request@v7 with: @@ - committer: github-actions[bot] github-actions[bot]@users.noreply.github.com + committer: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"Also applies to: 58-58
🧹 Nitpick comments (4)
scripts/update-template-inputs.sh (3)
3-3: Quote command substitution for safety.-root=$(git rev-parse --show-toplevel) +root="$(git rev-parse --show-toplevel)"
7-16: Harden loop: handle empty dirs, non-dirs, and paths with spaces; quote vars.-for kind in dev pkg; do - for template in ${root}/nix/templates/${kind}/*; do - ( - echo "\_ updating ${template}" - cd $template - nix flake update - nix flake check --all-systems - echo "\_ updated ${template} ✅" - ) - done +for kind in dev pkg; do + for template in "${root}/nix/templates/${kind}"/*; do + [ -d "$template" ] || continue + ( + echo "\_ updating ${template}" + cd "$template" + nix flake update + nix flake check --all-systems + echo "\_ updated ${template} ✅" + ) + done done
13-13: Optional: avoid heavy builds in CI by evaluating only.- nix flake check --all-systems + nix flake check --all-systems --no-build.github/workflows/update-flake-lock.yml (1)
26-33: Least privilege: drop unused permissions (e.g., id-token) if not required.If OIDC isn’t used in this job, consider:
permissions: contents: write - id-token: write issues: write pull-requests: write
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (13)
nix/templates/dev/cpp/flake.lockis excluded by!**/*.locknix/templates/dev/golang/flake.lockis excluded by!**/*.locknix/templates/dev/haskell/flake.lockis excluded by!**/*.locknix/templates/dev/javascript/flake.lockis excluded by!**/*.locknix/templates/dev/python/flake.lockis excluded by!**/*.locknix/templates/dev/rust/flake.lockis excluded by!**/*.locknix/templates/dev/scala/flake.lockis excluded by!**/*.locknix/templates/pkg/cpp/flake.lockis excluded by!**/*.locknix/templates/pkg/golang/flake.lockis excluded by!**/*.locknix/templates/pkg/haskell/flake.lockis excluded by!**/*.locknix/templates/pkg/javascript/flake.lockis excluded by!**/*.locknix/templates/pkg/python/flake.lockis excluded by!**/*.locknix/templates/pkg/rust/flake.lockis excluded by!**/*.lock
📒 Files selected for processing (2)
.github/workflows/update-flake-lock.yml(2 hunks)scripts/update-template-inputs.sh(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)
- GitHub Check: build-pkg-templates (x86_64-darwin, macos-latest-xlarge)
- GitHub Check: build-example-dev-shells (x86_64-darwin, macos-latest-xlarge)
- GitHub Check: build-example-dev-shells (x86_64-linux, UbuntuLatest32Cores128G)
- GitHub Check: build-pkg-templates (aarch64-darwin, macos-latest-xlarge)
- GitHub Check: build-pkg-templates (x86_64-linux, UbuntuLatest32Cores128G)
- GitHub Check: build-example-dev-shells (aarch64-darwin, macos-latest-xlarge)
🔇 Additional comments (2)
.github/workflows/update-flake-lock.yml (2)
17-17: Approve actions/checkout@v5 — released and recommended (no changes needed).
Confirmed: actions/checkout@v5 is the current recommended major version as of September 18, 2025; it requires Actions Runner ≥ v2.327.1 and uses the Node.js 24 runtime.
36-36: Pin DeterminateSystems actions to explicit stable tagsReplace DeterminateSystems/update-flake-lock@main → @v27 (tagged Jul 14, 2025) and DeterminateSystems/flakehub-cache-action@main → @v2 (tagged May 15, 2025).
Locations: .github/workflows/update-flake-lock.yml — line 19 (update-flake-lock), line 36 (flakehub-cache-action)
2 participants
Fixes #455 and creates an automatic update for every two weeks.
Summary by CodeRabbit
New Features
Documentation
Refactor/Style
Chores / CI