mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-26 01:01:40 +00:00
dbc11abcb6
* fix(ci): pin floating GitHub Actions tags and ascii-guard to explicit versions Actions pinned to @main pull whatever is at that ref at execution time, so a compromised upstream org could execute arbitrary code in CI. - Pin DeterminateSystems/nix-installer-action to commit SHA (v22) - Pin DeterminateSystems/magic-nix-cache-action to commit SHA (v13) - Pin ascii-guard to 2.3.0 in docs-site-checks workflow SHA comments include the version tag for human readability; Renovate or Dependabot can keep these updated automatically. * Add skill metadata extraction step in workflow Add step to extract skill metadata for dashboard in CI workflow. --------- Co-authored-by: Siddharth Balyan <52913345+alt-glitch@users.noreply.github.com>
40 lines
1 KiB
YAML
40 lines
1 KiB
YAML
name: Nix
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
paths:
|
|
- 'flake.nix'
|
|
- 'flake.lock'
|
|
- 'nix/**'
|
|
- 'pyproject.toml'
|
|
- 'uv.lock'
|
|
- 'hermes_cli/**'
|
|
- 'run_agent.py'
|
|
- 'acp_adapter/**'
|
|
|
|
concurrency:
|
|
group: nix-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
nix:
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: DeterminateSystems/nix-installer-action@ef8a148080ab6020fd15196c2084a2eea5ff2d25 # v22
|
|
- uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
|
|
- name: Check flake
|
|
if: runner.os == 'Linux'
|
|
run: nix flake check --print-build-logs
|
|
- name: Build package
|
|
if: runner.os == 'Linux'
|
|
run: nix build --print-build-logs
|
|
- name: Evaluate flake (macOS)
|
|
if: runner.os == 'macOS'
|
|
run: nix flake show --json > /dev/null
|