set up CI, project templates, monorepo management #67
Conversation
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
- use nix build .#<package> to build a package - use nix and direnv to load dev shells Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
chore: set up dev shell Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
create a blank folder with a - README.md - CONTRIBUTE.md - .envrc - .gitignore - flake.nix Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
recurse through all projects, running - project-lint - project-build - project-test Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
every time a branch is pushed - project-lint - project-build - project-test Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
do not allow a branch to be merged if it is not already up to date with the branch it is merging into Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
- @designbyajay owns the entire repo Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
tag main iterates through commits merged to main, and tags every commit that contains a project with a semver bump Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
Signed-off-by: Ajay Ganapathy <ajay@incremental.design>
There was a problem hiding this comment.
Pull request overview
This PR establishes comprehensive CI/CD infrastructure and monorepo management tooling using Nix. It sets up automated validation pipelines, developer tooling, and project scaffolding capabilities to support multiple programming languages in a monorepo structure.
Key Changes:
- Nix-based development environment with cross-platform support (x86_64/aarch64 Linux/Darwin)
- GitHub Actions workflows for commit validation, linting, building, and testing across all platforms
- Git hooks for pre-push validation and commit message linting
- Project templating system for creating new language-specific projects
Reviewed changes
Copilot reviewed 27 out of 29 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| flake.nix | Root Nix flake defining development shells, schemas, and extensive educational documentation about Nix concepts |
| flake.lock | Lock file pinning flake-schemas and nixpkgs dependencies |
| README.md | Project overview with ASCII art branding |
| CONTRIBUTE.md | Comprehensive contribution guidelines covering monorepo structure, development workflow, and commit conventions |
| .gitignore | Whitelist-based ignore file for monorepo root |
| .envrc | Direnv integration for automatic environment loading |
| .github/workflows/push.yml | Multi-stage CI pipeline validating commits, linting, building, and testing on all platforms |
| .github/workflows/merge.yml | Enforces fast-forward merge requirement by checking rebase status |
| .github/workflows/tagMain.yml | Automatic semantic version tagging on main branch merges |
| .github/CODEOWNERS | Defines repository ownership |
| .config/devShell.nix | Core development shell configuration with wrapped project commands |
| .config/stubProject.nix | Project scaffolding system for creating new projects |
| .config/recurse.nix | Monorepo traversal script for running commands across projects |
| .config/lintCommit.nix | Commit message linting using conventional commits |
| .config/commitlintConfig.nix | Configuration for commit message validation |
| .config/installGitHooks.nix | Git hooks installer for commit-msg and pre-push validation |
| .config/importFromLanguageFolder.nix | Dynamic import system for language-specific configurations |
| .config/configVscode.nix | VSCode configuration generator merging language-specific settings |
| .config/configZed.nix | Zed editor configuration generator |
| .config/language-nix/* | Nix language support including devShell, IDE configs, and project template |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| <details> | ||
|
|
There was a problem hiding this comment.
The nested HTML comment structure here is problematic. Line 10 opens a comment block with the closing tag on line 11, but this is immediately inside another comment block that started on line 6. This creates malformed nested comments which may not render correctly in Markdown parsers.
| <details> |
| local dir="$*" | ||
| cd "$dir" | ||
|
|
||
| direnv allow |
There was a problem hiding this comment.
This script unconditionally runs direnv allow for every directory containing an .envrc, which bypasses direnv’s explicit trust model and executes arbitrary shell commands from any .envrc without prior user review. If an attacker can introduce or modify a .envrc in the repo (e.g., via a new subproject or a cloned untrusted repository), their code will run whenever recurse is invoked (including from the pre-push hook), allowing exfiltration of local secrets or arbitrary code execution on developer machines. Consider removing the automatic direnv allow and requiring manual approval, or at least restricting it to a vetted allowlist of directories and only using direnv exec after prior explicit approval.
| direnv allow |
set up a .config folder with nix scripts that make commands for creating projects, linting, building, testing and publishing them. Set up githooks for pre-push and commit msg. Set up .github actions folder for post-push, pre-merge, post-merge actions