ci: add test-nix Linux job using Nix devshell (W50 PR-B)#81
Merged
Conversation
Second step in W50 / Plan B sub-3 (CI Nix-ify). Promotes `scripts/gate-commit.sh` from a developer-only entrypoint to the Linux CI Commit Gate, run inside the Nix devshell. The flake.nix devshell already provides version-pinned Zig (0.16.0), WASI SDK 30, wasm-tools 1.246.1, wasmtime 42.0.1 (the last two pinned via PR-A's URL+sha256 entries), TinyGo, Go, hyperfine — i.e. the same toolchain Mac/Linux developers get from `direnv allow`. CI now runs that exact toolchain instead of a parallel set of per-tool install steps. Rust still comes from the runner image's pre-installed rustup; that mirrors the local-developer story (`rustup target add wasm32-wasip1` on top of the Nix devshell). PATH inheritance through `nix develop --command` carries `~/.cargo/bin` into the shell. - New `test-nix` job (ubuntu-latest only): nix-installer-action + magic-nix-cache-action + `nix develop --command bash -c 'bash scripts/gate-commit.sh'`. Sanity-prints `zig / wasm-tools / wasmtime / WASI_SDK_PATH` versions before the gate so failures are easy to attribute. - Existing `test` job matrix narrowed from `[ubuntu, macos, windows]` → `[macos, windows]`. macOS migrates in PR-C, Windows in PR-D (via `pwsh windows/install-tools.ps1`). - size-matrix and benchmark jobs untouched (separate jobs; their nix-ification is out of scope here). CI-only test plan — no behaviour change for embedders or local devs.
chaploud
added a commit
that referenced
this pull request
Apr 29, 2026
Third step in W50 / Plan B sub-3 (CI Nix-ify). Adds macOS to the Nix-based test job that landed in PR-B (#81). Same flake.nix devshell, same gate-commit entrypoint, same Rust-from-runner arrangement — only the runner OS changes. - test-nix matrix expanded from `[ubuntu-latest]` → `[ubuntu-latest, macos-latest]`. Job display name uses `${{ matrix.os }}` so the GitHub UI distinguishes the two. - test job matrix narrowed from `[macos-latest, windows-latest]` → `[windows-latest]`. PR-D migrates Windows. - Zig cache key already used `runner.os`, so `Linux` and `macOS` caches stay separate naturally; updated the literal `Linux` prefix to `runner.os` to match. CI-only test plan — no behaviour change for embedders. Risk note: macos-latest + nix-installer-action has had occasional flakes in the past per W50 design notes. PR-B's success on Linux gives confidence the gate-commit path inside the devshell is sound; if macOS-specific flake behaviour surfaces, leave the PR as draft and surface for inspection rather than retry-spam.
chaploud
added a commit
that referenced
this pull request
Apr 29, 2026
5 tasks
chaploud
added a commit
that referenced
this pull request
Apr 29, 2026
Third step in W50 / Plan B sub-3 (CI Nix-ify). Adds macOS to the Nix-based test job that landed in PR-B (#81). Same flake.nix devshell, same gate-commit entrypoint, same Rust-from-runner arrangement — only the runner OS changes. - test-nix matrix expanded from `[ubuntu-latest]` → `[ubuntu-latest, macos-latest]`. Job display name uses `${{ matrix.os }}` so the GitHub UI distinguishes the two. - test job matrix narrowed from `[macos-latest, windows-latest]` → `[windows-latest]`. PR-D migrates Windows. - Zig cache key already used `runner.os`, so `Linux` and `macOS` caches stay separate naturally; updated the literal `Linux` prefix to `runner.os` to match. CI-only test plan — no behaviour change for embedders. Risk note: macos-latest + nix-installer-action has had occasional flakes in the past per W50 design notes. PR-B's success on Linux gives confidence the gate-commit path inside the devshell is sound; if macOS-specific flake behaviour surfaces, leave the PR as draft and surface for inspection rather than retry-spam.
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Second step in W50 / Plan B sub-3 (CI Nix-ify). Promotes `scripts/gate-commit.sh` from a developer-only entrypoint to the Linux CI Commit Gate, run inside the Nix devshell.
The flake.nix devshell already provides version-pinned Zig (0.16.0), WASI SDK 30, wasm-tools 1.246.1, wasmtime 42.0.1 (last two pinned via PR-A #80), TinyGo, Go, hyperfine — i.e. the same toolchain Mac/Linux developers get from `direnv allow`. CI now runs that exact toolchain instead of a parallel set of per-tool install steps.
Rust still comes from the runner image's pre-installed rustup; that mirrors the local-developer story (`rustup target add wasm32-wasip1` on top of the Nix devshell). PATH inheritance through `nix develop --command` carries `~/.cargo/bin` into the shell.
What changed
Why split macOS off into PR-C
`magic-nix-cache-action` had a 2025 outage and `macos-latest + nix-installer-action` has occasional flakes per the W50 design notes. Linux is the stablest path; landing it first means PR-C/D inherit a known-good `test-nix` shape and any flake-induced failure stays local to its own PR.
Test plan
CI is the test:
If this PR fails
Stop conditions per session: two non-flaky failures on the same PR → leave as draft, move on. Likely failure modes: