From 2339d96dafd72eec32536d60f325a744311c6a63 Mon Sep 17 00:00:00 2001 From: Max Date: Mon, 6 Apr 2026 02:56:51 -0400 Subject: [PATCH 1/3] feat(nix): add Cachix binary cache to CI Replace magic-nix-cache (GitHub-local only) with cachix-action so build artifacts are pushed to a public binary cache. Nix users can then pull pre-built binaries instead of compiling from source (~25 min). Requires repo owner to: 1. Create the cache: cachix create handy 2. Add CACHIX_AUTH_TOKEN to GitHub repo secrets --- .github/workflows/nix-check.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nix-check.yml b/.github/workflows/nix-check.yml index 5814b4a69..90e744699 100644 --- a/.github/workflows/nix-check.yml +++ b/.github/workflows/nix-check.yml @@ -4,7 +4,7 @@ # so compilation-breaking edits are caught by flake eval. # 2. Full nix build (~25 min) only runs when nix packaging files change. # -# Setting up a Cachix binary cache would further reduce full-build times. +# Build artifacts are pushed to Cachix so Nix users can skip local compilation. name: "nix build check" on: @@ -48,7 +48,10 @@ jobs: with: nix_path: nixpkgs=channel:nixos-unstable - - uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13 + - uses: cachix/cachix-action@v15 + with: + name: handy + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' # Regenerate .nix/bun.nix from bun.lock and check if it matches # what's committed. A diff means the developer forgot to run @@ -121,7 +124,7 @@ jobs: # sandbox issues, compilation failures) that flake eval alone misses. # On PRs: only runs when nix packaging files change (~25 min with cold cache). # On push to main and workflow_dispatch: always runs so every commit on - # main has a verified nix build before release. + # main has a verified nix build. cachix-action auto-pushes artifacts. - name: Build handy if: steps.bun-check.outputs.outdated != 'true' && steps.eval.outputs.failed != 'true' && (steps.nix-files.outputs.changed == 'true' || github.event_name == 'workflow_dispatch' || github.event_name == 'push') run: nix build .#handy -L --show-trace From 9f80d6c9015403fecb5601fa3410750dbfc34603 Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 15 Apr 2026 12:48:21 -0400 Subject: [PATCH 2/3] style: fix prettier formatting in nix-check.yml --- .github/workflows/nix-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-check.yml b/.github/workflows/nix-check.yml index 90e744699..66f0dd3b9 100644 --- a/.github/workflows/nix-check.yml +++ b/.github/workflows/nix-check.yml @@ -51,7 +51,7 @@ jobs: - uses: cachix/cachix-action@v15 with: name: handy - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" # Regenerate .nix/bun.nix from bun.lock and check if it matches # what's committed. A diff means the developer forgot to run From c6239d0cab17fc294f4847964dd0689f96f5cb05 Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 15 Apr 2026 12:56:06 -0400 Subject: [PATCH 3/3] fix(nix): use correct cache name 'handy-computer' --- .github/workflows/nix-check.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-check.yml b/.github/workflows/nix-check.yml index 66f0dd3b9..45af40019 100644 --- a/.github/workflows/nix-check.yml +++ b/.github/workflows/nix-check.yml @@ -50,7 +50,7 @@ jobs: - uses: cachix/cachix-action@v15 with: - name: handy + name: handy-computer authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" # Regenerate .nix/bun.nix from bun.lock and check if it matches