feat(nix): Replace standalone package.nix with flake.nix#508
Merged
Conversation
Adds a flake.nix at the repo root and removes the standalone
nix/package.nix in favor of it. This lets downstream users install
infer via flake refs from any Nix-based toolchain — most notably as a
Flox manifest entry:
[install]
infer.flake = "github:inference-gateway/cli"
Also runnable directly: `nix run github:inference-gateway/cli`.
The flake derivation is functionally equivalent to the previous
nix/package.nix (same buildGoModule shape, proxyVendor, darwin
SwiftUI helper preBuild, shell completions) but builds from `self`
rather than fetchFromGitHub, so consumers always get the exact ref
they pin.
CI workflows migrated:
- nix-build.yml: path filter, build command, and lint targets
switched to flake.nix / `nix build .#infer` / `nix flake check
--all-systems`.
- nix-version-sync.yml: dropped the source-hash step (no longer
needed since the flake builds from `self`); now bumps only
`version` and `vendorHash` in flake.nix.
edenreich
changed the title
Adds .github/workflows/nix-fix-hashes.yml: on every PR touching go.mod/go.sum/flake.nix, runs `nix flake check -L`; on hash mismatch, runs `determinate-nixd fix hashes --auto-apply` and commits the fix back to the PR branch with a `[dependabot skip]` prefix so Dependabot won't clobber it on rebase. Pushes via the BOT GitHub App token (not GITHUB_TOKEN, whose pushes don't retrigger downstream workflows and would leave the verification gate stale). Extends nix-build.yml path filters to include go.mod/go.sum so the verification gate runs on the auto-fixed commits. Moves version bumping into the release commit via @semantic-release/exec + a sed prepareCmd that updates `version =` in flake.nix before @semantic-release/git commits it alongside CHANGELOG.md. The sed uses bracket-negation to handle prerelease versions from rc/* branches. Release pipeline gains one npm package install (~3s) but no Nix install — pure sed. Adds goSum = ./go.sum; to buildGoModule attrs to derive the module list from go.sum rather than running `go mod download` blind, per Determinate Systems guidance for improved reliability across nixpkgs upgrades. Removes nix-version-sync.yml: its responsibilities are now distributed across nix-fix-hashes.yml (vendorHash on PRs) and the release prepareCmd (version in tagged commits). Pattern source: https://docs.determinate.systems/guides/automatically-fix-hashes-in-github-actions/ NOTE: nix-build.yml should be set as a required status check on main in repo settings for this model to hold — otherwise PRs with stale vendorHash could merge and break the next release commit. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Replaces the per-PR auto-fix workflow with in-release synchronization. The release pipeline now installs Determinate Nix and the prepareCmd runs `determinate-nixd fix hashes --auto-apply flake.nix` alongside the version sed, so the release commit always has both correct `version =` and correct `vendorHash`. Tags become self-consistent, which is what's needed for cross-repo Flox manifests pinning to `github:inference-gateway/cli/v<tag>`. Reverts the nix-build.yml path filter additions for go.mod/go.sum. Without the auto-fix workflow, those filters would just produce noisy red CI on every Dependabot PR. nix-build now only runs when flake.nix itself changes. Removes nix-fix-hashes.yml. Dependabot PRs no longer auto-resolve vendorHash on the PR branch — `main` may have stale vendorHash between releases, but each release pipeline refreshes it. Trade-off: `nix build github:inference-gateway/cli` (default branch) may fail mid-cycle; pin to tags for reliability. Release pipeline cost: ~30-60s for Determinate Nix install + a few seconds for `fix hashes` (mostly cached after first release).
Adds a Nix Flake section to the release body template alongside the existing curl, binary download, and container image options. Shows both `nix run` for one-shot execution and the Flox manifest entry for cross-repo consumption, both pinned to the released tag.
inference-gateway-releaser-bot Bot
pushed a commit
that referenced
this pull request
May 13, 2026
## [0.109.4](v0.109.3...v0.109.4) (2026-05-13) ### 🐛 Bug Fixes * Adapt to sdk v1.16.2 nullable tool call chunk fields ([2a049a7](2a049a7)) ### ♻️ Code Refactoring * Remove nix ([aabde54](aabde54)) ### 👷 CI/CD * Enable display report for Claude Code action ([ee2f92f](ee2f92f)) * Fix deprecation warning ([597ab8e](597ab8e)) * **nix:** Fix release workflow ([03e0c52](03e0c52)) * **nix:** Replace standalone package.nix with flake.nix ([#508](#508)) ([bd4920f](bd4920f)) ### 🧹 Maintenance * Add codeowners ([319754d](319754d)) * Add dependabot for weekly dependecies checks ([fcc6880](fcc6880)) * **deps:** Bump actions/create-github-app-token from 3.0.0 to 3.2.0 ([#506](#506)) ([be15d7f](be15d7f)) * **deps:** Bump actions/setup-node from 6.3.0 to 6.4.0 ([#505](#505)) ([6b0c406](6b0c406)) * **deps:** Bump anthropics/claude-code-action from 1.0.114 to 1.0.121 ([#503](#503)) ([a0ec1b7](a0ec1b7)) * **deps:** Bump github.com/fsnotify/fsnotify from 1.10.0 to 1.10.1 ([#499](#499)) ([e3d2074](e3d2074)) * **deps:** Bump github.com/inference-gateway/adk from 0.17.1 to 0.17.3 ([#497](#497)) ([f1cd5a1](f1cd5a1)) * **deps:** Bump github.com/inference-gateway/sdk from 1.16.0 to 1.16.2 ([#501](#501)) ([6eecc6e](6eecc6e)) * **deps:** Bump golang.org/x/crypto from 0.50.0 to 0.51.0 ([#498](#498)) ([6d9067f](6d9067f)) * **deps:** Bump golang.org/x/image from 0.39.0 to 0.40.0 ([#500](#500)) ([672e213](672e213)) * **deps:** Bump golangci-lint to latest ([ffc9694](ffc9694)) * **deps:** Bump modernc.org/sqlite from 1.50.0 to 1.50.1 ([#504](#504)) ([6407369](6407369)) * **deps:** Bump peter-evans/create-pull-request from 7 to 8 ([#502](#502)) ([07d0d86](07d0d86)) * **deps:** Bump sigstore/cosign-installer from 4.1.1 to 4.1.2 ([#507](#507)) ([ad31edf](ad31edf)) * **nix:** Update package to v0.109.3 ([#496](#496)) ([8b0658f](8b0658f))
Contributor
|
🎉 This PR is included in version 0.109.4 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds Nix flake support for consuming
inferfrom any flake-aware tool — most notably as a Flox manifest entry across other repos. Replaces the standalonenix/package.nixwith a singleflake.nixat the repo root, and syncsversion+vendorHashas part of each release commit so tags are self-consistent.Pin from Flox
Tag pins are the reliable path — the release commit refreshes both
version =andvendorHash, so every tagged version builds cleanly in a fresh checkout.Changes
flake.nix— multi-platform (aarch64/x86_64×linux/darwin)buildGoModulederivation.proxyVendor = true(still required byrobotgo's CGO header layout) andgoSum = ./go.sum;for reliability across nixpkgs upgrades. Exposespackages.<system>.{default,infer},apps.default, anddevShells.default.nix/folder —package.nix,default.nix,update-hashes.sh, and thenixpkgs-submission/scaffolding. Single source of truth.nix-build.yml— switched fromnix-buildtonix build .#infer+nix flake check --all-systems. Only triggers onflake.nix/flake.lockchanges.release.yml+.releaserc.yaml— added Determinate Nix install +@semantic-release/execwith aprepareCmdthat:version =inflake.nixdeterminate-nixd fix hashes --auto-apply flake.nixto refreshvendorHashflake.nixis committed alongsideCHANGELOG.mdvia@semantic-release/git'sassetsnix-version-sync.yml— its job is now done inside the release commit itself, not in a follow-up PR.Release pipeline impact
~30-60s for Determinate Nix install + a few seconds for
fix hashesper release. Subsequent releases are mostly cached.Mid-cycle staleness (known trade-off)
Between releases,
mainmay have stalevendorHashif Dependabot bumpedgo.mod/go.sum.nix build github:inference-gateway/cli(default branch) may fail during these windows. Each release pipeline refreshes it. Pin to tags for reliability — this is the recommended consumption pattern for cross-repo Flox manifests anyway.Test plan
nix flake check --all-systems --no-buildevaluates cleanly on all 4 platformsnix build .#infersucceeds locally →result/bin/infer versionreports0.109.3nixfmt --check flake.nix+statix check flake.nixpasspath:ref):flox activate -- infer versionworks against working treegithub:ref):flox activate -- infer versionworks against this pushed branchNix Build Verificationmatrix passes on all 4 platformsCHANGELOG.mdandflake.nixupdates, andnix build github:inference-gateway/cli/v<new>#infersucceeds in a clean checkout🤖 Generated with Claude Code