Skip to content

ci: add Copilot cloud agent setup workflow#10

Merged
sigma merged 1 commit into
mainfrom
copilot-cloud-agent-setup
May 16, 2026
Merged

ci: add Copilot cloud agent setup workflow#10
sigma merged 1 commit into
mainfrom
copilot-cloud-agent-setup

Conversation

@sigma
Copy link
Copy Markdown
Member

@sigma sigma commented May 16, 2026

Summary

Adds .github/workflows/copilot-setup-steps.yml so Copilot's cloud agent boots into a working dev shell with cached toolchain artifacts.

Per the docs, the file must live at this exact path and contain a job named copilot-setup-steps; its steps run on ubuntu-latest before each agent session, and the resulting filesystem is snapshotted as the agent's starting state.

What the workflow does

  1. Install Nix with flakes (DeterminateSystems/nix-installer-action).
  2. Wire firefly-toolbox as a substituter via cachix/cachix-action@v15 — read-only, no auth token, written to /etc/nix/nix.conf so nix develop pulls toolchain artifacts from the cache instead of building them.
  3. Pre-fetch the dev-shell closure into /nix/store (nix develop --command true).
  4. Install direnv + nix-direnv.
  5. Trigger the turnkey enterShell hook via direnv exec . true — this materializes the .turnkey/* cell symlinks, links .buckconfig to the Nix-generated config, and syncs go-deps.toml / rust-deps.toml. Sanity check verifies buck2, bw, tk, jj, go, cargo are all on PATH.
  6. Export the shell's PATH + a few env vars to $GITHUB_ENV so the agent can invoke tools without prefixing every command with direnv exec.

Why

  • The cachix substituter is the single biggest cold-start win — without it the agent rebuilds the world.
  • Triggering the enterShell hook ourselves means the agent's first buck2 build doesn't have to wait on cell materialization or deps-file regeneration.
  • Wiring cachix at the system nix.conf level (instead of relying on the flake's nixConfig) avoids the trusted-users prompt, which the agent can't answer.

Test plan

  • Push triggers the workflow on main and it completes successfully.
  • Trigger a Copilot agent session and confirm buck2, bw, tk, jj, go, cargo are on PATH from the agent's first command.
  • Confirm the agent can run buck2 build //experimental/... without re-fetching toolchain artifacts.
  • Verify cachix is actually being used (look for "copying path … from 'https://firefly-toolbox.cachix.org'" in the workflow log).

Follow-ups worth verifying after first run

  • Whether $GITHUB_ENV survives into the agent session via the snapshot; if not, AGENTS.md should add guidance to prefix commands with direnv exec . ….
  • Whether the snapshot job setting persists /nix/store between sessions (would make cachix fetches a one-time cost).

@sigma sigma force-pushed the copilot-cloud-agent-setup branch 3 times, most recently from 1286eca to 1a96b3f Compare May 16, 2026 17:51
@sigma sigma force-pushed the copilot-cloud-agent-setup branch from 1a96b3f to 9d35e26 Compare May 16, 2026 17:54
@sigma sigma merged commit 18f8e14 into main May 16, 2026
1 check passed
@sigma sigma deleted the copilot-cloud-agent-setup branch May 16, 2026 19:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sigma