From b69643c3823fcf3c4caf8d9518363e32e2ae9f60 Mon Sep 17 00:00:00 2001 From: Ricardo Valero de la Rosa <55701657+ricardo-valero@users.noreply.github.com> Date: Thu, 15 Jan 2026 14:23:41 -0600 Subject: [PATCH 1/5] fix: update hix hashes for all systems --- .github/workflows/update-nix-hashes.yml | 69 +++++++++++++------------ 1 file changed, 37 insertions(+), 32 deletions(-) diff --git a/.github/workflows/update-nix-hashes.yml b/.github/workflows/update-nix-hashes.yml index 46ea12d1870..fb0b5e39a72 100644 --- a/.github/workflows/update-nix-hashes.yml +++ b/.github/workflows/update-nix-hashes.yml @@ -17,11 +17,11 @@ on: - "packages/*/package.json" jobs: - update-linux: + update-flake: if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository - runs-on: blacksmith-4vcpu-ubuntu-2404 + runs-on: ubuntu-latest env: - SYSTEM: x86_64-linux + TITLE: flake.lock steps: - name: Checkout repository @@ -40,32 +40,25 @@ jobs: git config --global user.email "action@github.com" git config --global user.name "Github Action" - - name: Update flake.lock + - name: Update ${{ env.TITLE }} run: | set -euo pipefail - echo "📦 Updating flake.lock..." + echo "📦 Updating $TITLE..." nix flake update - echo "✅ flake.lock updated successfully" + echo "✅ $TITLE updated successfully" - - name: Update node_modules hash for x86_64-linux - run: | - set -euo pipefail - echo "🔄 Updating node_modules hash for x86_64-linux..." - nix/scripts/update-hashes.sh - echo "✅ node_modules hash for x86_64-linux updated successfully" - - - name: Commit Linux hash changes + - name: Commit ${{ env.TITLE }} changes env: TARGET_BRANCH: ${{ github.head_ref || github.ref_name }} run: | set -euo pipefail - echo "🔍 Checking for changes in tracked Nix files..." + echo "🔍 Checking for changes in tracked files..." summarize() { local status="$1" { - echo "### Nix Hash Update (x86_64-linux)" + echo "### Nix $TITLE" echo "" echo "- ref: ${GITHUB_REF_NAME}" echo "- status: ${status}" @@ -75,11 +68,10 @@ jobs: fi echo "" >> "$GITHUB_STEP_SUMMARY" } - - FILES=(flake.lock flake.nix nix/node-modules.nix nix/hashes.json) + FILES=(flake.lock flake.nix) STATUS="$(git status --short -- "${FILES[@]}" || true)" if [ -z "$STATUS" ]; then - echo "✅ No changes detected. Hashes are already up to date." + echo "✅ No changes detected." summarize "no changes" exit 0 fi @@ -89,7 +81,7 @@ jobs: echo "🔗 Staging files..." git add "${FILES[@]}" echo "💾 Committing changes..." - git commit -m "Update Nix flake.lock and x86_64-linux hash" + git commit -m "Update $TITLE" echo "✅ Changes committed" BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}" @@ -101,12 +93,25 @@ jobs: summarize "committed $(git rev-parse --short HEAD)" - update-macos: - needs: update-linux + update-node-modules-hash: + needs: update-flake if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository - runs-on: macos-latest + strategy: + fail-fast: false + matrix: + include: + - system: x86_64-linux + host: ubuntu-latest + - system: aarch64-linux + host: ubuntu-22.04-arm + - system: x86_64-darwin + host: macos-15-intel + - system: aarch64-darwin + host: macos-latest + runs-on: ${{ matrix.host }} env: - SYSTEM: aarch64-darwin + SYSTEM: ${{ matrix.system }} + TITLE: node_modules hash (${{ matrix.system }}) steps: - name: Checkout repository @@ -132,25 +137,25 @@ jobs: BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}" git pull origin "$BRANCH" - - name: Update node_modules hash for aarch64-darwin + - name: Update ${{ env.TITLE }} run: | set -euo pipefail - echo "🔄 Updating node_modules hash for aarch64-darwin..." + echo "🔄 Updating $TITLE..." nix/scripts/update-hashes.sh - echo "✅ node_modules hash for aarch64-darwin updated successfully" + echo "✅ $TITLE updated successfully" - - name: Commit macOS hash changes + - name: Commit ${{ env.TITLE }} changes env: TARGET_BRANCH: ${{ github.head_ref || github.ref_name }} run: | set -euo pipefail - echo "🔍 Checking for changes in tracked Nix files..." + echo "🔍 Checking for changes in tracked files..." summarize() { local status="$1" { - echo "### Nix Hash Update (aarch64-darwin)" + echo "### Nix $TITLE" echo "" echo "- ref: ${GITHUB_REF_NAME}" echo "- status: ${status}" @@ -164,7 +169,7 @@ jobs: FILES=(nix/hashes.json) STATUS="$(git status --short -- "${FILES[@]}" || true)" if [ -z "$STATUS" ]; then - echo "✅ No changes detected. Hash is already up to date." + echo "✅ No changes detected." summarize "no changes" exit 0 fi @@ -174,7 +179,7 @@ jobs: echo "🔗 Staging files..." git add "${FILES[@]}" echo "💾 Committing changes..." - git commit -m "Update aarch64-darwin hash" + git commit -m "Update $TITLE" echo "✅ Changes committed" BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}" From bddacd45e1f1f8392478d423a0fbf1b894164668 Mon Sep 17 00:00:00 2001 From: Ricardo Valero de la Rosa <55701657+ricardo-valero@users.noreply.github.com> Date: Thu, 15 Jan 2026 15:20:31 -0600 Subject: [PATCH 2/5] replace nix installer --- .github/workflows/update-nix-hashes.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/update-nix-hashes.yml b/.github/workflows/update-nix-hashes.yml index fb0b5e39a72..20d7d5d9d7f 100644 --- a/.github/workflows/update-nix-hashes.yml +++ b/.github/workflows/update-nix-hashes.yml @@ -33,7 +33,7 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Setup Nix - uses: DeterminateSystems/nix-installer-action@v20 + uses: nixbuild/nix-quick-install-action@v34 - name: Configure git run: | @@ -123,7 +123,7 @@ jobs: repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Setup Nix - uses: DeterminateSystems/nix-installer-action@v20 + uses: nixbuild/nix-quick-install-action@v34 - name: Configure git run: | From 2b5ed1e0f5ddf772b8e2dca3b95964f56d4fd542 Mon Sep 17 00:00:00 2001 From: Ricardo Valero de la Rosa <55701657+ricardo-valero@users.noreply.github.com> Date: Thu, 15 Jan 2026 15:24:50 -0600 Subject: [PATCH 3/5] add hash placeholders --- nix/hashes.json | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nix/hashes.json b/nix/hashes.json index c89b60ef97a..e304be629cd 100644 --- a/nix/hashes.json +++ b/nix/hashes.json @@ -1,6 +1,8 @@ { "nodeModules": { "x86_64-linux": "sha256-4ndHIlS9t1ynRdFszJ1nvcu3YhunhuOc7jcuHI1FbnM=", - "aarch64-darwin": "sha256-C0E9KAEj3GI83HwirIL2zlXYIe92T+7Iv6F51BB6slY=" + "aarch64-linux": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "aarch64-darwin": "sha256-C0E9KAEj3GI83HwirIL2zlXYIe92T+7Iv6F51BB6slY=", + "x86_64-darwin": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } } From 362de101e2a98727361735d709e21c6d1784110c Mon Sep 17 00:00:00 2001 From: Github Action Date: Thu, 15 Jan 2026 21:27:41 +0000 Subject: [PATCH 4/5] Update node_modules hash (aarch64-linux) --- nix/hashes.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/hashes.json b/nix/hashes.json index e304be629cd..c2062a8fe01 100644 --- a/nix/hashes.json +++ b/nix/hashes.json @@ -1,7 +1,7 @@ { "nodeModules": { "x86_64-linux": "sha256-4ndHIlS9t1ynRdFszJ1nvcu3YhunhuOc7jcuHI1FbnM=", - "aarch64-linux": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", + "aarch64-linux": "sha256-H9eUk/yVrQqVrAYONlb6As7mjkPXtOauBVfMBeVAmRo=", "aarch64-darwin": "sha256-C0E9KAEj3GI83HwirIL2zlXYIe92T+7Iv6F51BB6slY=", "x86_64-darwin": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" } From fd34aa3a97c226f4f8ae7e692249884ef66afb47 Mon Sep 17 00:00:00 2001 From: Github Action Date: Thu, 15 Jan 2026 21:33:20 +0000 Subject: [PATCH 5/5] Update node_modules hash (x86_64-darwin) --- nix/hashes.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/hashes.json b/nix/hashes.json index c2062a8fe01..652b24feceb 100644 --- a/nix/hashes.json +++ b/nix/hashes.json @@ -3,6 +3,6 @@ "x86_64-linux": "sha256-4ndHIlS9t1ynRdFszJ1nvcu3YhunhuOc7jcuHI1FbnM=", "aarch64-linux": "sha256-H9eUk/yVrQqVrAYONlb6As7mjkPXtOauBVfMBeVAmRo=", "aarch64-darwin": "sha256-C0E9KAEj3GI83HwirIL2zlXYIe92T+7Iv6F51BB6slY=", - "x86_64-darwin": "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" + "x86_64-darwin": "sha256-wj5fZnyfu6Sf1HcqvsQM3M7dl5BKRAHmoqm1Ai1cL2M=" } }