From 07662f4c3e78d5b69d809e18582d44f6576ebe7c Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Tue, 16 Jun 2026 15:27:02 +0200 Subject: [PATCH 01/15] chore(nix): add development shell with pinned Rust toolchain Provide a Nix flake devshell so contributors can get a reproducible environment (rustc, cargo, rustfmt, clippy, cbindgen, cmake, autotools) without manual setup. The Rust toolchain is read from the existing rust-toolchain.toml via the rust-overlay input, so the devshell tracks the same channel as CI and rustup. --- flake.lock | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.nix | 46 ++++++++++++++++++++++++++ 2 files changed, 143 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000000..354ed9fc75 --- /dev/null +++ b/flake.lock @@ -0,0 +1,97 @@ +{ + "nodes": { + "flake-compat": { + "locked": { + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", + "revCount": 69, + "type": "tarball", + "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1778075060, + "narHash": "sha256-92Rkn1l444SJcZ/W34ZimhmzA38wUoW4UOehHHjxTCI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "d8176a9b6c86c609774bc698d9c5ee8649089c98", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "release-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "flake-compat": "flake-compat", + "flake-utils": "flake-utils", + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1781580018, + "narHash": "sha256-BlTedbM77FmesD2ZqR73vhFy+y77UrhefV7IYw1pDsk=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8bceba21a1ebea535c27c4dc723a0d5a4db9e386", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000000..54af30d663 --- /dev/null +++ b/flake.nix @@ -0,0 +1,46 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/release-25.11"; + + # cross-platform convenience + flake-utils.url = "github:numtide/flake-utils"; + + # backwards compatibility with nix-build and nix-shell + flake-compat.url = "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"; + + # pinned, exact upstream Rust toolchains + rust-overlay = { + url = "github:oxalica/rust-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, flake-utils, flake-compat, rust-overlay }: + # resolve for all platforms in turn + flake-utils.lib.eachDefaultSystem (system: + let + # packages for this system platform, with the rust-overlay applied + pkgs = import nixpkgs { + inherit system; + overlays = [ (import rust-overlay) ]; + }; + + # pinned Rust toolchain; single source of truth is ./rust-toolchain.toml + # (channel + components + profile), so the devshell matches CI and rustup. + rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; + in { + devShells.default = pkgs.stdenv.mkDerivation { + name = "libdatadog-devshell"; + + buildInputs = [ + rust # rustc + cargo + rustfmt + clippy, pinned via toolchain file + pkgs.rust-cbindgen + pkgs.cmake + pkgs.autoconf + pkgs.automake + pkgs.libtool + ]; + }; + } + ); +} From e826766bb7a5eb926d8ac2f2a56edf0a5fcfd0e6 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Tue, 16 Jun 2026 15:30:07 +0200 Subject: [PATCH 02/15] chore(nix): co-own Nix files with the nix guild Mirror the CODEOWNERS convention already used in dd-trace-rb and libdatadog-rb so the Nix guild reviews changes to the development shell alongside the existing tooling owners. --- .github/CODEOWNERS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 4836f91915..c32aec507d 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -95,6 +95,10 @@ tools/ @DataDog/apm-common-components-core windows/ @DataDog/libdatadog-core fuzz/ @DataDog/chaos-platform +# Nix +*.nix @DataDog/nix-guild @DataDog/apm-common-components-core +flake.* @DataDog/nix-guild @DataDog/apm-common-components-core + # Specific overrides (must come after their general patterns above) bin_tests/tests/test_the_tests.rs @DataDog/libdatadog-core bin_tests/src/bin/test_the_tests.rs @DataDog/libdatadog-core From ef3b098d84f13e5658050236ed7fb6a6fa2671b1 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Tue, 16 Jun 2026 15:34:02 +0200 Subject: [PATCH 03/15] ci(nix): build the workspace in the Nix devshell Add a GitHub Actions workflow that enters the Nix development shell and builds the workspace on Linux (x86_64, aarch64) and macOS (arm64), mirroring the Nix CI in dd-trace-rb and libdatadog-rb. This guards the devshell against bit-rot so contributors relying on it keep a working, toolchain-pinned environment. Co-own the workflow with the Nix guild. --- .github/CODEOWNERS | 1 + .github/workflows/nix.yml | 61 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) create mode 100644 .github/workflows/nix.yml diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index c32aec507d..3791b1563a 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -109,3 +109,4 @@ libdd-data-pipeline/tests/test_trace_exporter_otlp_export.rs @DataDog/apm-sdk-ca libdd-trace-utils/src/otlp_encoder/ @DataDog/apm-sdk-capabilities-rust datadog-sidecar/src/service/ffe_exposures_flusher.rs @DataDog/libdatadog-php @DataDog/libdatadog-apm @DataDog/feature-flagging-and-experimentation-sdk datadog-sidecar/src/service/ffe_metrics_flusher.rs @DataDog/libdatadog-php @DataDog/libdatadog-apm @DataDog/feature-flagging-and-experimentation-sdk +.github/workflows/nix.yml @DataDog/nix-guild @DataDog/apm-common-components-core diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml new file mode 100644 index 0000000000..ce5bc677b2 --- /dev/null +++ b/.github/workflows/nix.yml @@ -0,0 +1,61 @@ +name: Test Nix + +on: # yamllint disable-line rule:truthy + pull_request: + push: + branches: + - main + - mq-working-branch-* + +# Default permissions for all jobs +permissions: {} + +env: + CARGO_TERM_COLOR: always + +jobs: + test: + strategy: + fail-fast: false + matrix: + platform: + - os: darwin + cpu: arm64 + base: macos-15 # always arm64-darwin + - os: linux + cpu: x86_64 + base: ubuntu-24.04 # always x86_64-linux-gnu + - os: linux + cpu: aarch64 + base: ubuntu-24.04-arm # always aarch64-linux-gnu + + name: Test Nix (${{ matrix.platform.cpu }}-${{ matrix.platform.os }}) + runs-on: ${{ matrix.platform.base }} + + permissions: + contents: read + id-token: write + + steps: + - name: Check CPU arch + run: | + test "$(uname -m)" = "${{ matrix.platform.cpu }}" + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + - uses: cachix/install-nix-action@ab739621df7a23f52766f9ccc97f38da6b7af14f # v31.10.5 + - name: Print toolchain versions + run: | + nix develop --command rustc --version + nix develop --command cargo --version + nix develop --command cbindgen --version + - name: Build workspace + run: nix develop --command cargo build --workspace --exclude builder + + complete: + name: Nix (complete) + runs-on: ubuntu-24.04 + needs: + - test + steps: + - run: echo "DONE!" From efca305b12b4e9893ad081782c0bd4062f97a73f Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Tue, 16 Jun 2026 15:56:05 +0200 Subject: [PATCH 04/15] fix(nix): disable fortify hardening in the devshell The stdenv cc-wrapper injects -D_FORTIFY_SOURCE, which glibc rejects when compiling without optimization. spawn_worker's build script compiles its trampoline.c at -O0 with -Werror, turning the fortify #warning into a hard error and breaking a workspace build inside the devshell. Disable fortify hardening so these C build steps succeed. --- flake.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/flake.nix b/flake.nix index 54af30d663..5dcd218879 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,13 @@ devShells.default = pkgs.stdenv.mkDerivation { name = "libdatadog-devshell"; + # The stdenv cc-wrapper injects -D_FORTIFY_SOURCE, which glibc rejects + # when compiling without optimization. Some build scripts (e.g. + # spawn_worker's trampoline.c) compile C at -O0 with -Werror, so the + # resulting fortify #warning becomes a hard error. Disable fortify + # hardening in the shell so those builds succeed. + hardeningDisable = [ "fortify" "fortify3" ]; + buildInputs = [ rust # rustc + cargo + rustfmt + clippy, pinned via toolchain file pkgs.rust-cbindgen From e90b34e54b55fafba52e44ca2f64c622ad616692 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Wed, 17 Jun 2026 15:04:16 +0200 Subject: [PATCH 05/15] ci(nix): run only on main and merge-queue pushes The devshell is a rarely-changing safeguard, so gating every pull request on it is unnecessary. Drop the blanket pull_request trigger and keep the workflow on main and mq-working-branch-* pushes; devshell breakage will still surface in the main pipeline. --- .github/workflows/nix.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index ce5bc677b2..d4efc05b41 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -1,7 +1,6 @@ name: Test Nix on: # yamllint disable-line rule:truthy - pull_request: push: branches: - main From dfc56428a0689a2450845f265f0cc94a68507de8 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Wed, 17 Jun 2026 15:04:33 +0200 Subject: [PATCH 06/15] ci(nix): also run on PRs touching Nix files Keep the devshell guard responsive to changes that actually affect it: run on pull requests that modify the Nix files (paths mirror the Nix CODEOWNERS entries), rust-toolchain.toml (read by the flake), or this workflow. --- .github/workflows/nix.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index d4efc05b41..96d857c575 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -5,6 +5,15 @@ on: # yamllint disable-line rule:truthy branches: - main - mq-working-branch-* + # Also run on PRs that touch the devshell or what it reads. Paths mirror the + # Nix CODEOWNERS entries, plus rust-toolchain.toml (read by the flake) and + # this workflow itself. + pull_request: + paths: + - "*.nix" + - "flake.*" + - "rust-toolchain.toml" + - ".github/workflows/nix.yml" # Default permissions for all jobs permissions: {} From c2a77fefa4ea00ed9eed9e9594b0d3d407509607 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Wed, 17 Jun 2026 15:05:55 +0200 Subject: [PATCH 07/15] chore(nix): add a nightly devshell Add a non-default `.#nightly` devshell built from ./nightly-toolchain.toml (via rust-overlay's fromRustupToolchainFile), for the workflows that need a nightly compiler. Factor the shared shell definition into mkDevShell so default and nightly only differ by toolchain. --- flake.nix | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 5dcd218879..a67dba42ef 100644 --- a/flake.nix +++ b/flake.nix @@ -25,11 +25,9 @@ overlays = [ (import rust-overlay) ]; }; - # pinned Rust toolchain; single source of truth is ./rust-toolchain.toml - # (channel + components + profile), so the devshell matches CI and rustup. - rust = pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml; - in { - devShells.default = pkgs.stdenv.mkDerivation { + # A devshell for a given Rust toolchain (read from a toolchain file via + # rust-overlay), with the rest of the build dependencies. + mkDevShell = rust: pkgs.stdenv.mkDerivation { name = "libdatadog-devshell"; # The stdenv cc-wrapper injects -D_FORTIFY_SOURCE, which glibc rejects @@ -48,6 +46,14 @@ pkgs.libtool ]; }; + in { + # Default: the pinned stable toolchain (single source of truth is + # ./rust-toolchain.toml), matching CI and rustup. + devShells.default = mkDevShell (pkgs.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml); + + # Nightly toolchain (./nightly-toolchain.toml) for the jobs that + # genuinely need a nightly compiler. Use with `nix develop .#nightly`. + devShells.nightly = mkDevShell (pkgs.rust-bin.fromRustupToolchainFile ./nightly-toolchain.toml); } ); } From 1a2c4e4e4dcbeb3a086ba65e2077bcfb52100ce6 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:17:13 +0200 Subject: [PATCH 08/15] chore(nix): add license header to flake --- flake.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/flake.nix b/flake.nix index a67dba42ef..8f966c6724 100644 --- a/flake.nix +++ b/flake.nix @@ -1,3 +1,6 @@ +# Copyright 2026-Present Datadog, Inc. https://www.datadoghq.com/ +# SPDX-License-Identifier: Apache-2.0 + { inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-25.11"; From 6084791131510c27381819e469dac079dff9f3ba Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:18:14 +0200 Subject: [PATCH 09/15] chore(nix): add flake-compat shims --- default.nix | 14 ++++++++++++++ shell.nix | 14 ++++++++++++++ 2 files changed, 28 insertions(+) create mode 100644 default.nix create mode 100644 shell.nix diff --git a/default.nix b/default.nix new file mode 100644 index 0000000000..c84e9b9227 --- /dev/null +++ b/default.nix @@ -0,0 +1,14 @@ +# Copyright 2026-Present Datadog, Inc. https://www.datadoghq.com/ +# SPDX-License-Identifier: Apache-2.0 + +# flake-compat shim for usage without flakes +(import + ( + let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in + fetchTarball { + url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ./.; } +).defaultNix diff --git a/shell.nix b/shell.nix new file mode 100644 index 0000000000..f13c5a6659 --- /dev/null +++ b/shell.nix @@ -0,0 +1,14 @@ +# Copyright 2026-Present Datadog, Inc. https://www.datadoghq.com/ +# SPDX-License-Identifier: Apache-2.0 + +# flake-compat shim for usage without flakes +(import + ( + let lock = builtins.fromJSON (builtins.readFile ./flake.lock); in + fetchTarball { + url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } + ) + { src = ./.; } +).shellNix From 9a0cb69ba15bd1c0829903ee39017bf17a94bed5 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:19:25 +0200 Subject: [PATCH 10/15] chore(nix): use native build inputs in devshell --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 8f966c6724..fc9fc420e6 100644 --- a/flake.nix +++ b/flake.nix @@ -40,7 +40,7 @@ # hardening in the shell so those builds succeed. hardeningDisable = [ "fortify" "fortify3" ]; - buildInputs = [ + nativeBuildInputs = [ rust # rustc + cargo + rustfmt + clippy, pinned via toolchain file pkgs.rust-cbindgen pkgs.cmake From c97e301bae89b39c754d3873af890800f7e7976f Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:19:59 +0200 Subject: [PATCH 11/15] ci(nix): drop unused OIDC permission --- .github/workflows/nix.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 96d857c575..30ab7007ef 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -42,7 +42,6 @@ jobs: permissions: contents: read - id-token: write steps: - name: Check CPU arch From 788cf17f65a3fdce4cb41256b798c1de9dd9c7e5 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:20:57 +0200 Subject: [PATCH 12/15] ci(nix): cancel superseded workflow runs --- .github/workflows/nix.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 30ab7007ef..54484cc621 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -18,6 +18,10 @@ on: # yamllint disable-line rule:truthy # Default permissions for all jobs permissions: {} +concurrency: + group: ci-${{ github.ref == 'refs/heads/main' && github.run_id || github.ref }}-nix + cancel-in-progress: true + env: CARGO_TERM_COLOR: always From ede5caa0eb648135190e2c964c00ffafbb064fc8 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:22:27 +0200 Subject: [PATCH 13/15] ci(nix): free Linux runner disk space --- .github/workflows/nix.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 54484cc621..4aa926d458 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -51,6 +51,17 @@ jobs: - name: Check CPU arch run: | test "$(uname -m)" = "${{ matrix.platform.cpu }}" + - name: Free Disk Space (Linux only) + if: runner.os == 'Linux' + uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be # 1.3.1 + with: + tool-cache: true + android: true + dotnet: true + haskell: true + large-packages: false + docker-images: false + swap-storage: false - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: persist-credentials: false From 96ff489ed1ed73b7e03ee44cfd36ac52fc53660f Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 11:23:24 +0200 Subject: [PATCH 14/15] docs(nix): document devshell usage and troubleshooting --- README.md | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/README.md b/README.md index a82e33abe0..1336400045 100644 --- a/README.md +++ b/README.md @@ -93,6 +93,52 @@ We provide two Dev Container configurations: The container includes all necessary dependencies for building and testing `libdatadog`. +#### Nix development shell + +The Nix flake provides a reproducible, pinned shell with Rust, `cbindgen`, and native build tools. + +This works natively under both Linux and Darwin. + +##### Prerequisite: install Nix + +This one-liner installs Nix isolated in `/nix`: + +```bash +curl --proto '=https' --tlsv1.2 --location https://nixos.org/nix/install | sh -s -- --daemon +``` + +Enable the modern CLI and flakes in `/etc/nix/nix.conf`: + +```bash +echo "experimental-features = nix-command flakes" | sudo tee -a /etc/nix/nix.conf +``` + +See the [Nix manual](https://nix.dev/manual/nix/2.28/installation/index.html) for more information. + +##### Spawn an interactive shell + +Spawn a shell with an environment set up to expose the tooling: + +```bash +nix develop +``` + +Note: legacy `nix-shell` and `nix-build` are also available via the `flake-compat` shims. + +##### Run commands + +Alternatively, run individual commands: + +```bash +nix develop --command cargo build --workspace --exclude builder +nix develop .#nightly --command cargo fmt --all -- --check +``` + +##### Debugging CI failures + +- Reproduce the Nix CI build with `nix develop --command cargo build --workspace --exclude builder`. +- After an MSRV or nightly bump, update `rust-toolchain.toml` or `nightly-toolchain.toml`, then refresh `flake.lock` with `nix flake update`. + #### Docker container A dockerfile is provided to run tests in a Ubuntu linux environment. This is particularly useful for running and debugging linux-only tests on macOS. From cfb9257fa8522cae3cd815e70a440d87bc25f8e6 Mon Sep 17 00:00:00 2001 From: Loic Nageleisen Date: Thu, 18 Jun 2026 12:46:01 +0200 Subject: [PATCH 15/15] ci(nix): smoke-test nightly devshell --- .github/workflows/nix.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml index 4aa926d458..9c8b92dbe8 100644 --- a/.github/workflows/nix.yml +++ b/.github/workflows/nix.yml @@ -6,13 +6,14 @@ on: # yamllint disable-line rule:truthy - main - mq-working-branch-* # Also run on PRs that touch the devshell or what it reads. Paths mirror the - # Nix CODEOWNERS entries, plus rust-toolchain.toml (read by the flake) and + # Nix CODEOWNERS entries, plus the toolchain files (read by the flake) and # this workflow itself. pull_request: paths: - "*.nix" - "flake.*" - "rust-toolchain.toml" + - "nightly-toolchain.toml" - ".github/workflows/nix.yml" # Default permissions for all jobs @@ -71,6 +72,8 @@ jobs: nix develop --command rustc --version nix develop --command cargo --version nix develop --command cbindgen --version + - name: Check nightly formatter toolchain + run: nix develop .#nightly --command cargo fmt --version - name: Build workspace run: nix develop --command cargo build --workspace --exclude builder