From 17048f9a2a02f8b7583c95ffca6e740e803b15bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Benoit?= <jerome.benoit@piment-noir.org>
Date: Wed, 4 Feb 2026 19:40:26 +0100
Subject: [PATCH 1/4] feat: add nix-eval workflow for cross-platform flake
 evaluation

---
 .github/workflows/nix-desktop.yml.disabled | 46 ------------
 .github/workflows/nix-eval.yml             | 82 ++++++++++++++++++++++
 2 files changed, 82 insertions(+), 46 deletions(-)
 delete mode 100644 .github/workflows/nix-desktop.yml.disabled
 create mode 100644 .github/workflows/nix-eval.yml

diff --git a/.github/workflows/nix-desktop.yml.disabled b/.github/workflows/nix-desktop.yml.disabled
deleted file mode 100644
index 031eff6a691..00000000000
--- a/.github/workflows/nix-desktop.yml.disabled
+++ /dev/null
@@ -1,46 +0,0 @@
-name: nix-desktop
-
-on:
-  push:
-    branches: [dev]
-    paths:
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-      - "packages/app/**"
-      - "packages/desktop/**"
-      - ".github/workflows/nix-desktop.yml"
-  pull_request:
-    paths:
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-      - "packages/app/**"
-      - "packages/desktop/**"
-      - ".github/workflows/nix-desktop.yml"
-  workflow_dispatch:
-
-jobs:
-  nix-desktop:
-    strategy:
-      fail-fast: false
-      matrix:
-        os:
-          - blacksmith-4vcpu-ubuntu-2404
-          - blacksmith-4vcpu-ubuntu-2404-arm
-          - macos-15-intel
-          - macos-latest
-    runs-on: ${{ matrix.os }}
-    timeout-minutes: 60
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v6
-
-      - name: Setup Nix
-        uses: nixbuild/nix-quick-install-action@v34
-
-      - name: Build desktop via flake
-        run: |
-          set -euo pipefail
-          nix --version
-          nix build .#desktop -L
diff --git a/.github/workflows/nix-eval.yml b/.github/workflows/nix-eval.yml
new file mode 100644
index 00000000000..81795637e63
--- /dev/null
+++ b/.github/workflows/nix-eval.yml
@@ -0,0 +1,82 @@
+name: nix-eval
+
+on:
+  push:
+    branches: [dev]
+    paths:
+      - "flake.nix"
+      - "flake.lock"
+      - "nix/**"
+      - "packages/app/**"
+      - "packages/desktop/**"
+      - ".github/workflows/nix-eval.yml"
+  pull_request:
+    paths:
+      - "flake.nix"
+      - "flake.lock"
+      - "nix/**"
+      - "packages/app/**"
+      - "packages/desktop/**"
+      - ".github/workflows/nix-eval.yml"
+  workflow_dispatch:
+
+jobs:
+  nix-eval:
+    runs-on: blacksmith-4vcpu-ubuntu-2404
+    timeout-minutes: 15
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+
+      - name: Setup Nix
+        uses: nixbuild/nix-quick-install-action@v34
+
+      - name: Evaluate flake outputs (all systems)
+        run: |
+          set -euo pipefail
+          nix --version
+
+          echo "=== Flake metadata ==="
+          nix flake metadata
+
+          echo ""
+          echo "=== Flake structure ==="
+          nix flake show --all-systems
+
+          SYSTEMS="x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin"
+          PACKAGES="opencode desktop"
+
+          echo ""
+          echo "=== Evaluating all packages for all systems ==="
+          for system in $SYSTEMS; do
+            echo ""
+            echo "--- $system ---"
+            for pkg in $PACKAGES; do
+              printf "  %s: " "$pkg"
+              if nix eval ".#packages.$system.$pkg.drvPath" --raw > /dev/null 2>&1; then
+                echo "✓"
+              else
+                echo "✗"
+                echo "::error::Evaluation failed for packages.$system.$pkg"
+                nix eval ".#packages.$system.$pkg.drvPath" --raw
+                exit 1
+              fi
+            done
+          done
+
+          echo ""
+          echo "=== Evaluating devShells for all systems ==="
+          for system in $SYSTEMS; do
+            printf "%s: " "$system"
+            if nix eval ".#devShells.$system.default.drvPath" --raw > /dev/null 2>&1; then
+              echo "✓"
+            else
+              echo "✗"
+              echo "::error::Evaluation failed for devShells.$system.default"
+              nix eval ".#devShells.$system.default.drvPath" --raw
+              exit 1
+            fi
+          done
+
+          echo ""
+          echo "=== All evaluations passed ==="

From 1897f5604b501ea7848704bf4e2a4da23a9bc046 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Benoit?= <jerome.benoit@piment-noir.org>
Date: Wed, 4 Feb 2026 19:45:47 +0100
Subject: [PATCH 2/4] chore: remove path filters from nix-eval workflow

---
 .github/workflows/nix-eval.yml | 15 +--------------
 1 file changed, 1 insertion(+), 14 deletions(-)

diff --git a/.github/workflows/nix-eval.yml b/.github/workflows/nix-eval.yml
index 81795637e63..7b31ce92d83 100644
--- a/.github/workflows/nix-eval.yml
+++ b/.github/workflows/nix-eval.yml
@@ -3,21 +3,8 @@ name: nix-eval
 on:
   push:
     branches: [dev]
-    paths:
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-      - "packages/app/**"
-      - "packages/desktop/**"
-      - ".github/workflows/nix-eval.yml"
   pull_request:
-    paths:
-      - "flake.nix"
-      - "flake.lock"
-      - "nix/**"
-      - "packages/app/**"
-      - "packages/desktop/**"
-      - ".github/workflows/nix-eval.yml"
+    branches: [dev]
   workflow_dispatch:
 
 jobs:

From b315b83a540ec16a17b272b5a5c08816e92efa48 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Benoit?= <jerome.benoit@piment-noir.org>
Date: Wed, 4 Feb 2026 19:49:42 +0100
Subject: [PATCH 3/4] refactor: evaluate nix derivations once per iteration

---
 .github/workflows/nix-eval.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/nix-eval.yml b/.github/workflows/nix-eval.yml
index 7b31ce92d83..94887c9f1bc 100644
--- a/.github/workflows/nix-eval.yml
+++ b/.github/workflows/nix-eval.yml
@@ -40,12 +40,12 @@ jobs:
             echo "--- $system ---"
             for pkg in $PACKAGES; do
               printf "  %s: " "$pkg"
-              if nix eval ".#packages.$system.$pkg.drvPath" --raw > /dev/null 2>&1; then
+              if output=$(nix eval ".#packages.$system.$pkg.drvPath" --raw 2>&1); then
                 echo "✓"
               else
                 echo "✗"
                 echo "::error::Evaluation failed for packages.$system.$pkg"
-                nix eval ".#packages.$system.$pkg.drvPath" --raw
+                echo "$output"
                 exit 1
               fi
             done
@@ -55,12 +55,12 @@ jobs:
           echo "=== Evaluating devShells for all systems ==="
           for system in $SYSTEMS; do
             printf "%s: " "$system"
-            if nix eval ".#devShells.$system.default.drvPath" --raw > /dev/null 2>&1; then
+            if output=$(nix eval ".#devShells.$system.default.drvPath" --raw 2>&1); then
               echo "✓"
             else
               echo "✗"
               echo "::error::Evaluation failed for devShells.$system.default"
-              nix eval ".#devShells.$system.default.drvPath" --raw
+              echo "$output"
               exit 1
             fi
           done

From 06324d7fbba06be3732d9dfdce4d94eeed34fbc2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Benoit?= <jerome.benoit@piment-noir.org>
Date: Wed, 4 Feb 2026 19:51:59 +0100
Subject: [PATCH 4/4] chore: add concurrency and permissions to nix-eval
 workflow

---
 .github/workflows/nix-eval.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/nix-eval.yml b/.github/workflows/nix-eval.yml
index 94887c9f1bc..cde6ae53f3c 100644
--- a/.github/workflows/nix-eval.yml
+++ b/.github/workflows/nix-eval.yml
@@ -7,6 +7,13 @@ on:
     branches: [dev]
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
 jobs:
   nix-eval:
     runs-on: blacksmith-4vcpu-ubuntu-2404