ops(flake-review): add flake-review workflow

[ojsef39]

No description provided.

[Copilot]

Pull request overview

This PR adds a new GitHub Actions workflow that integrates flake-review for automated Nix flake validation on pull requests. The workflow uses a reusable workflow from an external repository to review Nix flake changes across both macOS (aarch64-darwin) and Linux (x86_64-linux) platforms, which aligns with this project's Nix flake-based architecture.

Changes:

• Added flake-review workflow triggered on pull requests to master and dev branches
• Configured appropriate permissions for reading repository contents and commenting on pull requests
• Set up matrix builds for both Darwin and Linux systems to ensure cross-platform compatibility

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Inrixia]

Please review failing builds

[xaiyadev]

3 Minutes for a check step sounds really ruff tbf...

Also the conflict will happen until #141 is not fixed

[ojsef39]

3 Minutes for a check step sounds really ruff tbf...

Also the conflict will happen until #141 is not fixed

yeah, nix install takes forever on macOS, unfortunately and a bigger runner costs money :(
also in that run the package wasnt cached since i had something changed, maybe ill change the workflow to just use the script directly instead of nix packaged that should be wayyy faster

[Inrixia]

@xaiyadev thx thought so. I'll consider this blocked by that then just to verify

[Inrixia]

@ojsef39 yea ideally runtime should be ~30s like Linux.

Caching and using preinstalled things where possible would be preferable.

[ojsef39]

@ojsef39 yea ideally runtime should be ~30s like Linux.

Caching and using preinstalled things where possible would be preferable.

I'll try my best, not sure how much i can do tho since most of the time is used by installing nix itself, ill give an update tomorrow :)

edit just looked again and yeah majority of time is in the review step itself, maybe i can get rid of some dependencies or something to make that faster

edit2 the pipeline failed because i had wrong cache entries in cachix, seems like the native-linux-builder features works against me with this so i started using a vm but forgot about the cache

[Inrixia]

FYI I don't get notifications on comment edits. Idm it but might be nicer to just add new comments

[ojsef39]

Sorry I haven't responded until now, I've tried some things, but the results were always pretty much the same, but i still have one or two ideas i want to try this weekend :)

[Inrixia]

No problem and no rush :)

[Inrixia]

@frostplexx see failing runs, may be a red herring though

[ojsef39]

@frostplexx see failing runs, may be a red herring though

This is just a fluke probably, since the branch here is outdated. I will take another look into it today evening since the other PR made it easier to get this working nicely :)

[frostplexx]

The Hash for the DMG thats failing in nix darwin review should be the correct one:

❯ nix-hash --type sha256 --to-sri $(nix-prefetch-url https://download.tidal.com/desktop/TIDAL.arm64.dmg --type sha256)
path is '/nix/store/gkciyxjizjpmhriyv6lkysncw3ca8x47-TIDAL.arm64.dmg'
sha256-77Z5i4m2nQtfw7CAZqWNybYzpUZG+mEqltlK/llKQJ0=

No idea where the workflow is getting sha256-w5tQscUkhxpWOToAP4oIJJstCNFIdosebTyDI1zFIAE= from.

As for the failing has its the exact same one that was used previous for linux (sha256-Oj34rQbKbsHnqPdVv+ti8z+gZTT+VOsDxg/MQ22sLRQ=) so no idea why it thinks its wrong.

Maybe @ojsef39 has more insight?

[ojsef39]

Maybe @ojsef39 has more insight?

it probably also broke because its using the main branch here, while i have some changes in other branches n branch here, while i have some changes in other branches. Ill see later :)