Add monthly release workflow and branch protection#169
Open
Add monthly release workflow and branch protection#169
Conversation
- develop: require PR, disallow force push and deletion - main: require PR with all CI status checks (flake-check, nix-build for all targets, container-build), disallow force push and deletion Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The maximize-build-space action mounts /nix owned by the runner user, causing systemd-tmpfiles to fail with an unsafe path transition error during Nix installation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f1a7237c81
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
The example homeConfiguration was missing the llm-agents overlay, causing pkgs.llm-agents.claude-code to fail during container build. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
github_branch_protection expects the GraphQL node ID, not the repository name. Use data.github_repository to look up the node_id. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add k8sWorkers.enable option to shime's k8s module and expose ciConfigurations.shime with VMs disabled to avoid fetching Ubuntu cloud images during CI (which fails due to SSL certificate issues). Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The extendModules definition conflicts with configuration.nix without explicit priority. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
builtins.currentSystem is not available in pure evaluation mode which is used by nix flake check and CI builds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add k8sVMs.enable option to emu k8s config and create ciConfigurations.emu with VMs disabled to avoid SSL certificate errors when downloading Ubuntu cloud images in CI. Consolidates master.nix, worker1.nix, worker2.nix into default.nix. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Google Drive dmg hash changed upstream. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Docker builds don't need the /nix mount optimization. The maximize-build-space action may have been causing issues. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
SOPS secrets are decrypted at activation time, not build time. nix build only creates derivations without decrypting secrets. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
No longer needed since nix build doesn't require SOPS decryption. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
prerelease.keybase.io has SSL certificate issues on GitHub Actions macOS runners. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Unity Hub dmg hash changed upstream. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Google Chrome dmg hash changed upstream. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Uses GitHub Actions built-in cache to share Nix builds between workflow runs. Expected to reduce CI time by 30-50%. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
GitHub Actions are pinned by commit hash for security, which conflicts with Dependabot's version-based updates. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Remove old Xcode versions, simulators, and Homebrew cache to free up disk space for darwin builds. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
libtmux tests fail intermittently in CI environments due to timing issues with tmux pane capture. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Previous override syntax was incorrect. pythonPackagesExtensions is the correct way to override Python packages across all Python versions in nixpkgs. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Zoom package causes "Illegal byte sequence" error when clearing file flags on macOS GitHub Actions runners. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Add site.home.ciMode option to exclude packages with CI build issues - Create ciConfigurations.uguisu for darwin CI builds - keybase (SSL cert error) and zoom (encoding error) excluded in CI - These packages still work normally in local builds Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
pythonPackagesExtensions doesn't work when packages are directly referenced via python311Packages.libtmux. Use overrideScope instead. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
doCheck doesn't affect derivation hash - it's a build-time flag. disabledTests actually changes the derivation and skips specific tests. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When there are no commits between main and develop (e.g., initial release), create an empty commit to allow PR creation. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
yy.mmrelease cycle with automated PR creation, CI checks, auto-merge, tag-based container publishingnix flake check,nix build(Linux + macOS), container builddevelopandmain(require PR, no force push)activitywatch-mcp-serverandbluesky-mcppackages tonix/packages/Workflow
Test plan
nix flake checkpasses in CInix buildruns for all targets (emu, shime, uguisu, example)workflow_dispatchforcreate-release.yaml🤖 Generated with Claude Code