Add extra-nix-conf

[RossComputerGuy]

Makes it easy to configure anything extra

Summary by CodeRabbit

• New Features

  • Added new extra-nix-conf workflow input to allow passing additional Nix configuration during builds.

• Documentation

  • Updated README with documentation for the new extra-nix-conf configuration option.

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request introduces a new optional workflow input extra-nix-conf to the GitHub Actions workflow that enables passing extra Nix configuration to the Determinate Nix action. This input is integrated into the build job's Determinate Nix step and documented in the README.

Changes

Cohort / File(s)	Summary
Workflow Configuration Enhancement .github/workflows/workflow.yml, README.md	Add new workflow input extra-nix-conf (string, optional, default empty) to allow users to pass additional Nix configuration to the Determinate Nix action during builds, with corresponding documentation update in README.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Suggested reviewers

• colemickens

Poem

🐰 A new config option hops into view,
Extra Nix settings, now passed straight through!
From workflow to Determinate, clean and bright,
One carrot of change makes the build just right! 🥕

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description is incomplete and vague. While it includes the required formatting instruction template, the substantive description 'Makes it easy to configure anything extra' lacks detail about what was added and why.	Expand the description to explain the purpose of the extra-nix-conf input, its use case, and how it improves the workflow configuration flexibility.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Add extra-nix-conf' directly matches the main change: adding a new workflow input parameter for extra Nix configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch RossComputerGuy/extra-nix-conf

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

README.md (1)

62-62: Clarify extra-nix-conf formatting expectations.

Since this value is injected verbatim into the Nix extra-conf block, callers will likely need to pass a multiline | string in nix.conf syntax. A short clarification here will prevent misuse.

✍️ Suggested doc tweak

-| `extra-nix-conf`   | Extra Nix configuration to pass to Determinate Nix                                                                                                    |                                                                                                           |
+| `extra-nix-conf`   | Extra Nix configuration (nix.conf syntax; multiline supported) to pass to Determinate Nix                                                            |                                                                                                           |

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` at line 62, The README entry for the configuration key
extra-nix-conf is unclear about expected formatting; update the description for
extra-nix-conf to state that its value is injected verbatim into Nix's
extra-conf block and therefore should be provided as a multiline string using
Nix/nix.conf syntax (for example a pipe-prefixed | heredoc or equivalent
multiline string) so callers know to pass newline-separated configuration lines
rather than a single-line comma/space-delimited value; mention that it must
contain valid nix.conf entries and preserve newlines.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/workflow.yml:
- Around line 133-135: The Determinate Nix invocations only include the
extra-conf block in the build job; mirror that same extra-conf block (containing
"extra-experimental-features = provenance" and "${{ inputs.extra-nix-conf }}")
on the other Determinate Nix action steps so inventory and success/publish runs
receive the same settings—update the Determinate Nix steps in the inventory job
and the success/publish job to include the identical extra-conf block used in
the build job.

---

Nitpick comments:
In `@README.md`:
- Line 62: The README entry for the configuration key extra-nix-conf is unclear
about expected formatting; update the description for extra-nix-conf to state
that its value is injected verbatim into Nix's extra-conf block and therefore
should be provided as a multiline string using Nix/nix.conf syntax (for example
a pipe-prefixed | heredoc or equivalent multiline string) so callers know to
pass newline-separated configuration lines rather than a single-line
comma/space-delimited value; mention that it must contain valid nix.conf entries
and preserve newlines.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d2e96a6 and e289b20.

📒 Files selected for processing (2)

• .github/workflows/workflow.yml
• README.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Show all Determinate Nix action usages and their surrounding context.
rg -n -C3 'DeterminateSystems/determinate-nix-action@v3' .github/workflows/workflow.yml

Repository: DeterminateSystems/ci

Length of output: 1449

---

Propagate extra-nix-conf to all Determinate Nix steps.

The extra-conf block with extra-experimental-features = provenance and ${{ inputs.extra-nix-conf }} is only applied in the build job (lines 131-135). The inventory job (line 103) and success/publish job (line 171) also run Determinate Nix without this config, which can break workflows that rely on extra Nix settings before build or during publish. Apply the same extra-conf block to all Determinate Nix action invocations.

Suggested fix (apply extra-conf consistently)

@@
-      - uses: DeterminateSystems/determinate-nix-action@v3
+      - uses: DeterminateSystems/determinate-nix-action@v3
+        with:
+          extra-conf: |
+            extra-experimental-features = provenance
+            ${{ inputs.extra-nix-conf }}
@@
-      - uses: DeterminateSystems/determinate-nix-action@v3
+      - uses: DeterminateSystems/determinate-nix-action@v3
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
+        with:
+          extra-conf: |
+            extra-experimental-features = provenance
+            ${{ inputs.extra-nix-conf }}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/workflow.yml around lines 133 - 135, The Determinate Nix
invocations only include the extra-conf block in the build job; mirror that same
extra-conf block (containing "extra-experimental-features = provenance" and "${{
inputs.extra-nix-conf }}") on the other Determinate Nix action steps so
inventory and success/publish runs receive the same settings—update the
Determinate Nix steps in the inventory job and the success/publish job to
include the identical extra-conf block used in the build job.