Skip to content
determinatesystems

GitHub Action

Publish Nix flakes to FlakeHub

v3 Latest version

Publish Nix flakes to FlakeHub

determinatesystems

Publish Nix flakes to FlakeHub

Find, install, and publish Nix Flakes with FlakeHub

Installation

Copy and paste the following snippet into your .yml file.

              
- name: Publish Nix flakes to FlakeHub

              
  uses: DeterminateSystems/flakehub-push@v3
Learn more about this action in DeterminateSystems/flakehub-push

Choose a version

flakehub-push

A GitHub Action for pushing Nix flakes to FlakeHub. Create a YAML configuration, push it to your repo, and you're ready to go.

Configuration

There are two ways to get started configuring this Action:

  1. Use our wizard to create a configuration.
  2. Configure the Action manually.

Guided wizard

Although the flakehub-push Action requires little configuration, you may benefit from assembling it with our friendly UI at flakehub.com/new.

Manual configuration

The example workflow configuration below pushes new tags matching the conventional format—such as v1.0.0 or v0.1.0-rc4—to Flakehub:

# .github/workflows/flakehub-publish-tagged.yml
name: Publish tags to FlakeHub

on:
  push:
    tags:
      - "v?[0-9]+.[0-9]+.[0-9]+*"

jobs:
  flakehub:
    runs-on: ubuntu-22.04
    permissions:
      id-token: write # Necessary for authenticating against FlakeHub
      contents: read
    steps:
      - uses: actions/checkout@v4
        with:
          ref: "${{ (inputs.tag != null) && format('refs/tags/{0}', inputs.tag) || '' }}"
      - name: Install Nix
        uses: DeterminateSystems/nix-installer-action@main
      - name: Push to flakehub
        uses: determinatesystems/flakehub-push@main
        with:
          # For the flake's visibility, you can also select "unlisted" if you don't want
          # it to show up in search results and general listings on flakehub.com
          visibility: "public"

Available parameters

Parameter Description Type Required? Default
visibility public, unlisted, or private. Private flakes are in private beta, contact [email protected] to sign up. enum
repository The GitHub repository containing your flake in the format of {org}/{repo}. string ${{ github.repository }}
name The name of your published flake in the format of {org}/{name}. The {org} must match your organization's GitHub root name or the publish will fail. Specify this only if you want to publish under a different name from the {org}/{repo}. string
mirror Whether the repository is mirrored via DeterminateSystems' mirror functionality. This is only usable by DeterminateSystems. Boolean false
directory The path of your flake relative to the root of the repository. Useful for subflakes. relative path
tag The Git tag to use for non-rolling releases. This must be the character v followed by a SemVer version, such as v0.1.1. string
rolling For untagged releases, use a rolling versioning scheme. When this is enabled, the default versioning scheme is 0.1.[commit count]+rev-[git sha]. To customize the SemVer minor version, set the rolling-minor option. Boolean false
rolling-minor Specify the SemVer minor version of your rolling releases. All releases will follow the versioning scheme 0.[rolling-minor].[commit count]+rev-[git sha]. string
git-root The root directory of your Git repository. relative path .
extra-labels flakehub-push automatically uses the GitHub repo's topics as labels. This extra-labels parameter enables you to add extra labels beyond that as a comma-separated string. Only alphanumeric characters and hyphens are allowed in labels and the maximum length of labels is 50 characters. You can specify a maximum of 20 extra labels, and have a maximum of 25 labels, including those that we retrieve from GitHub. Any labels after the 25th will be ignored. string ""
spdx-expression A valid SPDX license expression. This will be used in place of what GitHub claims your repository's spdxIdentifier is. string ""
error-on-conflict Whether to error if a release for the same version has already been uploaded. Boolean false
github-token The GitHub token for making authenticated GitHub API requests. string ${{ github.token }}
host The FlakeHub server to use. URL https://api.flakehub.com
logger The logger to use. Options are pretty, json, full and compact. enum full
log-directives A comma-separated list of tracing directives. -s are replaced with _s (such as nix_installer=trace). string flakehub_push=info
source-binary Run a version of the flakehub-push binary from somewhere already on disk. Conflicts with all other source-* options. string
source-branch The branch of flakehub-push to use. Conflicts with all other source-* options. string main
source-pr The pull request for flakehub-push to use. Conflicts with all other source-* options. integer
source-revision The revision of flakehub-push to use. Conflicts with all other source-* options. string
source-tag The tag of flakehub-push to use. Conflicts with all other source-* options. string
source-url A URL pointing to a flakehub-push binary. Overrides all other source-* options. string

Development against a local Flakehub server

Assuming the dev environment is running as described in the flakehub repo:

export FLAKEHUB_PUSH_GITHUB_TOKEN="<secret>"
cargo run -- \
  --visibility public \
  --tag v0.1.0 \
  --repository DeterminateSystems/nix-installer \
  --git-root ../nix-installer \
  --jwt-issuer-uri http://localhost:8081/jwt/token \
  --host http://localhost:8080