From e252a8d43713a92f46281bdbcda766b532cf922d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 06:35:59 +0000 Subject: [PATCH 1/4] Initial plan From 9c87627db62057fdf9238c1ee8defbc783633d66 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 06:37:46 +0000 Subject: [PATCH 2/4] ci: add github actions nix and home-manager validation workflow Agent-Logs-Url: https://github.com/Uliboooo/dotfiles/sessions/8224d389-028e-4924-937e-05585a4e01a5 Co-authored-by: Uliboooo <190558756+Uliboooo@users.noreply.github.com> --- .github/workflows/nix-validate.yml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 .github/workflows/nix-validate.yml diff --git a/.github/workflows/nix-validate.yml b/.github/workflows/nix-validate.yml new file mode 100644 index 0000000..1896533 --- /dev/null +++ b/.github/workflows/nix-validate.yml @@ -0,0 +1,25 @@ +name: Validate Nix flake and configs + +on: + pull_request: + push: + +jobs: + validate: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v31 + + - name: Validate flake checks + run: nix flake check --show-trace + + - name: Validate NixOS configuration evaluation + run: nix eval .#nixosConfigurations.desktop.config.system.build.toplevel.drvPath --show-trace + + - name: Validate Home Manager evaluation + run: nix eval .#nixosConfigurations.desktop.config.home-manager.users.alice.home.activationPackage.drvPath --show-trace From 7464becbeebe43a1d3442f7b2bf5f6cf8dedde70 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 06:38:23 +0000 Subject: [PATCH 3/4] ci: restrict workflow token permissions Agent-Logs-Url: https://github.com/Uliboooo/dotfiles/sessions/8224d389-028e-4924-937e-05585a4e01a5 Co-authored-by: Uliboooo <190558756+Uliboooo@users.noreply.github.com> --- .github/workflows/nix-validate.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/nix-validate.yml b/.github/workflows/nix-validate.yml index 1896533..564f3cf 100644 --- a/.github/workflows/nix-validate.yml +++ b/.github/workflows/nix-validate.yml @@ -4,6 +4,9 @@ on: pull_request: push: +permissions: + contents: read + jobs: validate: runs-on: ubuntu-latest From c32301f2fcba8cf0424d4662d3b9937cca85bd18 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 07:03:58 +0000 Subject: [PATCH 4/4] ci: tighten nix workflow triggers and harden action pins Agent-Logs-Url: https://github.com/Uliboooo/dotfiles/sessions/3f94f674-9aaf-4216-a2b0-81027ea0fff4 Co-authored-by: Uliboooo <190558756+Uliboooo@users.noreply.github.com> --- .github/workflows/nix-validate.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/nix-validate.yml b/.github/workflows/nix-validate.yml index 564f3cf..7750d57 100644 --- a/.github/workflows/nix-validate.yml +++ b/.github/workflows/nix-validate.yml @@ -3,6 +3,8 @@ name: Validate Nix flake and configs on: pull_request: push: + branches: + - main permissions: contents: read @@ -10,19 +12,20 @@ permissions: jobs: validate: runs-on: ubuntu-latest + timeout-minutes: 30 steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Install Nix - uses: cachix/install-nix-action@v31 + uses: cachix/install-nix-action@8aa03977d8d733052d78f4e008a241fd1dbf36b3 # v31 - name: Validate flake checks - run: nix flake check --show-trace + run: nix flake check --system x86_64-linux - name: Validate NixOS configuration evaluation - run: nix eval .#nixosConfigurations.desktop.config.system.build.toplevel.drvPath --show-trace + run: nix eval .#nixosConfigurations.desktop.config.system.build.toplevel.drvPath - name: Validate Home Manager evaluation - run: nix eval .#nixosConfigurations.desktop.config.home-manager.users.alice.home.activationPackage.drvPath --show-trace + run: nix eval .#nixosConfigurations.desktop.config.home-manager.users.alice.home.activationPackage.drvPath