In-repo Configuration

You can configure nix-ci on a per-commit basis by adding a nix-ci.nix file in your repository.

Validator

You can use this validator to validate your configuration without having to push a commit.

To get your configuration as a JSON string, you can run this command in your repository:

nix eval --json --file ./nix-ci.nix

Reference schema

# SuiteConfiguration
enable: # optional
  # default: true
  # Enable CI
  <boolean>
systems: # optional
  # Only build for these systems. By default these are computed based on which workers are available for the repository.
  # or null
  - <string>
onlyBuild: # optional
  # Only build these attributes.
  # or null
  - <string>
doNotBuild: # optional
  # Exclude these attributes.
  # or null
  - <string>
git-ssh-key: # optional
  # SSH Key to use for git-clone-ing
  # By default no SSH key is used so Nix will fail to clone private dependencies.
  # SshKeyConfiguration
  secret: # required
    # name of the secret on NixCI to use as the private key
    <string>
  public-key: # required
    # public key of the ssh key
    <string>
timeout: # optional
  # Maximum timeout, in seconds. Note that the actual timeout may depend on the workers' configuration.
  <number>
cache: # optional
  # Ssh Cache configuration
  # In order to push to the cache as well, the repository needs to have a SSH_CACHE_PRIVATE_KEY secret.
  # SshCacheConfiguration
  name: # optional
    # ssh cache name, for logging
    <string>
  # any of
  [ domain: # required
      # cache domain, example: cache.nix-ci.com
      <string>
  , url: # required
      # cache url, example: ssh://cache.nix-ci.com
      <string>
  ]
  user: # optional
    # ssh user, defaults to the worker user
    <string>
  host-key: # optional
    # ssh host key
    <string>
  public-key: # required
    # ssh public key
    <string>
  cache-public-key: # optional
    # cache verification public key
    <string>
cachix: # optional
  # Cachix configuration
  # In order to push to the cache as well, the repository needs to have a CACHIX_AUTH_TOKEN or CACHIX_SIGNING_KEY secret.
  # CachixConfiguration
  name: # required
    # cache name
    <string>
  public-key: # required
    # cache public key (for pulling)
    <string>
allow-import-from-derivation: # optional
  # Show with --allow-import-from-derivation
  # default: True
  <boolean>
impure: # optional
  # Build with --impure
  # default: False
  <boolean>
build-logs: # optional
  # Build with --print-build-logs
  # default: True
  <boolean>
fail-fast: # optional
  # Cancel the rest of a suite once one job fails
  # default: True
  <boolean>
auto-retry: # optional
  # Automatically retry every individual failed run in a suite once
  # default: True
  <boolean>
test: # optional
  # default: {}
  # Test Configurations
  <key>: 
    # TestConfiguration
    enable: # optional
      # default: true
      # enable this test
      <boolean>
    package: # required
      # package of which the main program will be run
      <string>
    system: # optional
      # system on which the test will be run
      <string>
    branches: # optional
      # default: any
      # branches from which may be tested
      # any of
      [ # Deploy from any branch
        any
      , # The same as "any"
        all
      , # Only deploy from the default branch
        default
      , # Deploy from any of this list of branches
        - <string>
      ]
    secrets: # optional
      # default: []
      # secrets provided to the test
      - <string>
    ssh-keys: # optional
      # default: []
      # ssh keys provided to the test
      - # SshKeyConfiguration
        secret: # required
          # name of the secret on NixCI to use as the private key
          <string>
        public-key: # required
          # public key of the ssh key
          <string>
deploy: # optional
  # default: {}
  # Deploy Configurations
  <key>: 
    # DeployConfiguration
    enable: # optional
      # default: true
      # enable this deployment
      <boolean>
    package: # required
      # package of which the main program will be run
      <string>
    system: # optional
      # system on which the deployment will be run
      <string>
    branches: # optional
      # default: default
      # branches from which may be deployed
      # any of
      [ # Deploy from any branch
        any
      , # The same as "any"
        all
      , # Only deploy from the default branch
        default
      , # Deploy from any of this list of branches
        - <string>
      ]
    secrets: # optional
      # default: []
      # secrets provided to the deployment
      - <string>
    ssh-keys: # optional
      # default: []
      # ssh keys provided to the deployment
      - # SshKeyConfiguration
        secret: # required
          # name of the secret on NixCI to use as the private key
          <string>
        public-key: # required
          # public key of the ssh key
          <string>