chore(ci): switch to cache-nix-action for Nix store caching

[ryoppippi]

Replace cachix-action (numtide) with nix-community/cache-nix-action. This uses GitHub Actions cache to store /nix/store directly, providing faster CI builds without requiring external Cachix configuration.

Changes

• Update install-nix-action to v31.9.0
• Replace cachix-action with cache-nix-action v7
• Use OS-based cache key for broader cache hits

---

Summary by cubic

Switched CI Nix store caching from Cachix to GitHub Actions using nix-community/cache-nix-action. This speeds builds and removes external Cachix setup.

• Refactors

  • Replace cachix-action with cache-nix-action v7 to cache /nix/store directly.
  • Use OS-based cache key (nix-${{ runner.os }}) for broader cache hits.

• Dependencies

  • Bump cachix/install-nix-action to v31.9.0.

^{Written for commit 72132d6. Summary will update on new commits.}

[Copilot]

Pull request overview

This PR modernizes the Nix caching strategy in CI/CD by switching from the external Cachix service (numtide) to GitHub Actions' native cache storage via cache-nix-action. This simplifies the setup by eliminating the need for external Cachix configuration while leveraging GitHub's built-in caching infrastructure.

Key changes:

• Updated install-nix-action from v31.8.4 to v31.9.0
• Replaced cachix-action (numtide) with nix-community/cache-nix-action v7
• Simplified cache configuration using OS-based cache keys

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The cache key nix-${{ runner.os }} is too broad and doesn't include any dependency fingerprint. This means:

1. The cache won't be invalidated when flake.lock changes, potentially causing builds to use stale dependencies
2. Different jobs with different Nix store requirements will share the same cache, leading to cache thrashing

Consider including a hash of flake.lock in the key, such as nix-${{ runner.os }}-${{ hashFiles('flake.lock') }}, or use restore-keys to fall back to the OS-only key. The cache-nix-action documentation recommends including input hashes for proper cache invalidation.

Suggested change

	primary-key: nix-${{ runner.os }}
	primary-key: nix-${{ runner.os }}-${{ hashFiles('flake.lock') }}
	fallback-key: nix-${{ runner.os }}

[cubic-dev-ai]

1 issue found across 1 file

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name=".github/actions/setup-nix/action.yaml">

<violation number="1" location=".github/actions/setup-nix/action.yaml:14">
P2: Cache key should include a hash of Nix dependency files to ensure cache invalidation when dependencies change. Without this, updates to `flake.lock` won&#39;t trigger cache refresh, potentially causing CI to use stale dependencies.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: Cache key should include a hash of Nix dependency files to ensure cache invalidation when dependencies change. Without this, updates to flake.lock won't trigger cache refresh, potentially causing CI to use stale dependencies.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At .github/actions/setup-nix/action.yaml, line 14:

<comment>Cache key should include a hash of Nix dependency files to ensure cache invalidation when dependencies change. Without this, updates to `flake.lock` won&#39;t trigger cache refresh, potentially causing CI to use stale dependencies.</comment>

<file context>
@@ -1,18 +1,17 @@
       with:
-        name: numtide
-        authToken: &quot;&quot;
+        primary-key: nix-${{ runner.os }}
 
     - name: Load Nix development environment
</file context>

Suggested change

	primary-key: nix-${{ runner.os }}
	primary-key: nix-${{ runner.os }}-${{ hashFiles('flake.lock', 'flake.nix') }}