post-inventory command, plus a toggle to turn off cache.nixos.org

[grahamc]

Summary by CodeRabbit

• New Features

  • Run custom commands after the inventory step via a new post-inventory-commands option.
  • Option to disable use of the central cache during inventory/build checks.
  • CI now includes a pre-check that validates cache configuration and can block the pipeline.
  • CI success now waits for both inventory and build steps to complete.

• Documentation

  • README updated with usage and details for the new post-inventory-commands option.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a new DisabledCacheNixOSOrg validation job, introduces disable-cache-nixos-org and post-inventory-commands workflow inputs, runs optional post-inventory commands in the inventory job, and makes DeterminateCI depend on the new validation job.

Changes

Cohort / File(s)	Summary
Validate workflow .github/workflows/validate.yml	Added DisabledCacheNixOSOrg job that calls ./.github/workflows/workflow.yml with disable-cache-nixos-org and post-inventory-commands inputs and runs a post-inventory check for cache.nixos.org; added needs: DisabledCacheNixOSOrg to DeterminateCI.
Workflow template .github/workflows/workflow.yml	Added disable-cache-nixos-org (boolean) and post-inventory-commands (string) inputs to workflow_call; propagate disable-cache-nixos-org into inventory/build via extra-conf; added conditional Post-inventory commands step executed when post-inventory-commands is non-empty; updated success job needs to include inventory and build.
Documentation README.md	Documented post-inventory-commands option and adjusted parameter table formatting.

Sequence Diagram(s)

sequenceDiagram
  participant GH as GitHub Actions
  participant Disabled as DisabledCacheNixOSOrg Job
  participant Inventory as Inventory Step
  participant PostCmd as Post-inventory Commands
  participant Determinate as DeterminateCI Job
  participant Cache as cache.nixos.org

  GH->>Disabled: trigger DisabledCacheNixOSOrg
  Disabled->>Inventory: run inventory (with disable-cache-nixos-org=true)
  Inventory->>Cache: check substituters (cache may be disabled)
  Inventory-->>Disabled: report inventory results
  Disabled->>PostCmd: if post-inventory-commands non-empty, run commands
  PostCmd-->>Disabled: return exit status (fail if cache.nixos.org present)
  GH->>Determinate: DeterminateCI waits (needs DisabledCacheNixOSOrg)
  Disabled-->>Determinate: complete -> allow DeterminateCI to proceed

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I nibble through the YAML glade,
I hide the cache the ancients made,
I run a check when inventory's done,
I hop and catch the sneaky one,
CI twinkles — another job well-played.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description only contains the template comment about code formatting and lacks substantive information about the changes, objectives, or implementation details.	Add a meaningful description explaining the purpose of the post-inventory command and cache.nixos.org toggle, along with any relevant context or testing notes.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the two main changes: adding a post-inventory command feature and a toggle to disable cache.nixos.org, which directly match the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch push-nkykvqsyusno

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/workflow.yml:
- Around line 125-127: The "Post-inventory commands" step currently runs
commands from the repo root causing wrong paths for non-root flakes; update that
step to execute in the configured flake directory by either adding
working-directory: ${{ inputs.directory }} to the "Post-inventory commands" job
step or prefixing the run command with cd ${{ inputs.directory }} && ${{
inputs.post-inventory-commands }} so the step uses the same inputs.directory as
the inventory step.

In `@README.md`:
- Line 61: The README's `runner-map` example documents the `aarch64-linux`
default as "ubuntu-latest" which mismatches the workflow's actual default
"ubuntu-24.04-arm"; update the `runner-map` example entry for `aarch64-linux` to
"ubuntu-24.04-arm" so the docs match the workflow, ensuring any references to
`runner-map` or `aarch64-linux` consistently reflect the workflow default
`ubuntu-24.04-arm`.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 57a29b4 and 4ba4eee.

📒 Files selected for processing (3)

• .github/workflows/validate.yml
• .github/workflows/workflow.yml
• README.md

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Run post-inventory commands in the configured flake directory.

On Line 127, commands run from the repository root, but the inventory command runs in inputs.directory (Line 122). For non-root flakes, post-inventory commands can execute against the wrong path.

Suggested fix

       - name: Post-inventory commands
         if: ${{ inputs.post-inventory-commands != '' }}
+        working-directory: ${{ inputs.directory }}
         run: ${{ inputs.post-inventory-commands }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Post-inventory commands
	if: ${{ inputs.post-inventory-commands != '' }}
	run: ${{ inputs.post-inventory-commands }}
	- name: Post-inventory commands
	if: ${{ inputs.post-inventory-commands != '' }}
	working-directory: ${{ inputs.directory }}
	run: ${{ inputs.post-inventory-commands }}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/workflow.yml around lines 125 - 127, The "Post-inventory
commands" step currently runs commands from the repo root causing wrong paths
for non-root flakes; update that step to execute in the configured flake
directory by either adding working-directory: ${{ inputs.directory }} to the
"Post-inventory commands" job step or prefixing the run command with cd ${{
inputs.directory }} && ${{ inputs.post-inventory-commands }} so the step uses
the same inputs.directory as the inventory step.