Initial setup

[grahamc]

Summary by CodeRabbit

Release Notes

• New Features

  • Added GitHub Action for uploading store paths as artifacts with validation
  • Introduced new CI workflow for automated testing and building
  • Extended workflow capabilities with directory input support

• Documentation

  • Added comprehensive README documentation with usage examples and input reference tables for CI workflows

[coderabbitai]

📝 Walkthrough

Walkthrough

Introduces the public-slice-mirror tooling: a composite GitHub Action (upload-store-paths) that validates and uploads Nix store paths as an artifact, a callable subset-mirror workflow that pushes a flake to FlakeHub and propagates store path closures, a ci.yml orchestrating both, a tests/flake.nix as a demo build target, and a README.md documenting usage.

Changes

public-slice-mirror CI pipeline

Layer / File(s)	Summary
Example Nix flake package tests/flake.nix	Adds a multi-system flake with packages.<system>.default as an executable shell script (hello-script) used as the demo build target.
upload-store-paths composite action .github/actions/upload-store-paths/action.yml	Defines a composite action with store-paths and name inputs that writes paths to store-paths.txt, rejects any -source closure entries via nix path-info -r, and uploads the file as a GitHub artifact.
subset-mirror reusable workflow .github/workflows/subset-mirror.yml	Adds a workflow_call workflow accepting flake-name, artifact-name, directory, rolling, and tag; pushes the flake to FlakeHub privately; re-downloads and re-validates the store-paths artifact; sets up FlakeHub caching; generates and builds upload.nix to propagate store path closures.
CI orchestration and README .github/workflows/ci.yml, README.md	ci.yml defines phase-one (build, upload store paths, flake check) and a dependent subset-mirror job calling the reusable workflow. README.md documents the full pipeline with input reference tables and cross-repo usage examples.

Sequence Diagram(s)

sequenceDiagram
  rect rgba(173, 216, 230, 0.5)
    note over PhaseOne: phase-one job
    PhaseOne->>Nix: nix build ./tests#default
    Nix-->>PhaseOne: resolved store path
    PhaseOne->>UploadAction: store-paths input
    UploadAction->>UploadAction: write & validate store-paths.txt
    UploadAction->>GitHubArtifacts: upload store-paths.txt artifact
    PhaseOne->>Nix: nix flake check ./tests
  end
  rect rgba(144, 238, 144, 0.5)
    note over SubsetMirror: subset-mirror job (needs phase-one)
    SubsetMirror->>FlakeHubPush: push flake (directory: tests, private)
    SubsetMirror->>GitHubArtifacts: download store-paths.txt
    SubsetMirror->>SubsetMirror: nix path-info -r, reject -source
    SubsetMirror->>FlakeHubCache: setup cache (flake-name)
    SubsetMirror->>NixBuild: nix-build upload.nix (builtins.storePath entries)
  end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐇 Hoppity-hop through the Nix store we go,
Checking each path — no -source below!
We push to FlakeHub with a private key,
Then nix-build upload.nix, happy as can be.
The closure is clean, the cache is set right,
This little rabbit ships artifacts tonight! 🌙

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'Initial setup' is vague and generic, not clearly describing the specific changes introduced in this pull request.	Use a more descriptive title that captures the main purpose, such as 'Add public-slice-mirror GitHub Actions workflow and utilities' or 'Setup Nix flake release CI and FlakeHub integration'.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch push-tmpkumsrnlro

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/actions/upload-store-paths/action.yml:
- Line 36: Update the `actions/upload-artifact` version in the composite action
at `.github/actions/upload-store-paths/action.yml` line 36 to match the version
of `actions/download-artifact` used in `.github/workflows/subset-mirror.yml`
line 53. The upload-artifact is currently pinned to v7.0.1 while
download-artifact is v8.0.1; align both to the same major version (v8.0.1) to
ensure artifact handling compatibility across jobs and avoid potential breaking
changes introduced in major version updates.

In @.github/workflows/subset-mirror.yml:
- Around line 15-24: The GitHub workflow inputs `rolling` and `tag` are
documented as mutually exclusive but lack runtime validation. Add a validation
step in the workflow (before the FlakeHub push action) that checks if both
`rolling` is true AND `tag` is non-empty, and fails the workflow with a clear
error message if both conditions are met. This will enforce the mutual
exclusivity constraint and prevent undefined behavior when callers accidentally
provide both parameters.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 12699291-a37c-4053-85a5-8e7714256108

📥 Commits

Reviewing files that changed from the base of the PR and between 6be5896 and d715f93.

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .github/actions/upload-store-paths/action.yml
• .github/workflows/ci.yml
• .github/workflows/subset-mirror.yml
• README.md
• flake.nix

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/subset-mirror.yml:
- Line 33: The custom self-hosted runner label UbuntuLatest32Cores128G is used
in `.github/workflows/subset-mirror.yml` at line 33 and
`.github/workflows/ci.yml` at line 10, but is not documented or registered.
Create a new `.github/actionlint.yaml` configuration file to document this
custom runner label in the runner labels section. This will suppress actionlint
linter warnings and ensure proper documentation that the custom runner is
intentionally used. No changes are needed to the workflow files themselves; they
already correctly reference the custom runner, but the actionlint configuration
is required to validate and document its existence.

In `@README.md`:
- Around line 88-95: The `subset-mirror` workflow input table in the README is
missing documentation for the `directory` input parameter that is actually
defined in the workflow. Add a new row to the input table for the `directory`
parameter with the required status set to "no", default value set to ".", and
include an appropriate description explaining that it specifies the directory
path for the subset mirror operation.
- Around line 14-64: The documentation contradicts itself by recommending
pinning to a tag or commit SHA instead of `@main`, but the example uses `@main` in
two places. In the example YAML, replace `@main` with a specific version reference
(such as a version tag like `@v1` or a commit SHA) in both the upload-store-paths
action reference and the subset-mirror workflow reference. This will align the
example with the stated best practice and demonstrate the recommended versioning
approach to users.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 25dc8555-85e8-43c2-a1d5-d421caeba1b4

📥 Commits

Reviewing files that changed from the base of the PR and between d715f93 and 84d9e40.

⛔ Files ignored due to path filters (1)

• tests/flake.lock is excluded by !**/*.lock

📒 Files selected for processing (5)

• .github/actions/upload-store-paths/action.yml
• .github/workflows/ci.yml
• .github/workflows/subset-mirror.yml
• README.md
• tests/flake.nix

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/actions/upload-store-paths/action.yml