From 46b194b95ef761f6eafded1ff723e327aeb107a5 Mon Sep 17 00:00:00 2001
From: Daniel McCarney <daniel@binaryparadox.net>
Date: Tue, 12 Mar 2024 17:23:42 -0400
Subject: [PATCH] ci: add Nix coverage

This commit adds a new `nix` workflow that:

1. Installs Nix
2. Sets up caching of the Nix store
3. Runs `nix flake check --all-systems`
4. Runs `nix build` for the two output packages

This will ensure that the Flake continues to evaluate and that all of
its outputs build.

It doesn't exercise the whole dev environment but should catch simple
errors and bitrot.
---
 .github/workflows/nix.yml | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/nix.yml

diff --git a/.github/workflows/nix.yml b/.github/workflows/nix.yml
new file mode 100644
index 00000000..27efd461
--- /dev/null
+++ b/.github/workflows/nix.yml
@@ -0,0 +1,34 @@
+on:
+  push:
+  pull_request:
+  merge_group:
+  schedule:
+    - cron: '0 18 * * *'
+
+name: Nix
+permissions:
+  contents: read
+
+jobs:
+  flake:
+    name: Nix Flake
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Setup Nix Caching
+        uses: DeterminateSystems/magic-nix-cache-action@main
+
+      - name: Check Flake & Outputs
+        run: nix flake check --all-systems
+
+      - name: Build default package
+        run: nix build .#
+
+      - name: Build debug package
+        run: nix build .#rustls-platform-verifier-dbg