chore: try-nix-caching

Author: ryanbas21

.github/workflows/ci.yml

@@ -4,12 +4,11 @@ on:
 
 env:
   NX_CLOUD_ENCRYPTION_KEY: ${{ secrets.NX_CLOUD_ENCRYPTION_KEY }}
-  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.PR_NX_CLOUD_ACCESS_TOKEN }} # Read Only
+  NX_CLOUD_ACCESS_TOKEN: ${{ secrets.PR_NX_CLOUD_ACCESS_TOKEN }} # Read/Write in CI
   NX_CLOUD_DISTRIBUTED_EXECUTION: true
   CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
   CI: true
 
-# recommended to set a concurrency group
 concurrency:
   group: preview-pages-${{ github.ref }}
   cancel-in-progress: true
@@ -22,49 +21,53 @@ jobs:
       pull-requests: write
       contents: write
       id-token: write
+
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+
+      # ----- Nix + Cachix (used to hydrate pnpm store) -----
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@v10
 
-      - name: Configure Nix Cache
+      - name: Configure Nix Cache (Cachix)
         uses: cachix/cachix-action@v14
         with:
-          # TODO: Create a cache on cachix.org for your project and add the name here
           name: ping-javascript-sdk
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
-      - name: Install Dependencies
-        run: nix develop --command bash -c 'pnpm install --frozen-lockfile'
+      # Build the pnpm store from pnpm-lock.yaml (pushes/substitutes via Cachix)
+      - name: Build pnpm store (from lockfile)
+        id: pnpmstore
+        run: |
+          set -euo pipefail
+          OUT="$(nix build --print-out-paths .#pnpmStore)"
+          echo "PNPM_STORE_PATH_NIX=$OUT" >> "$GITHUB_ENV"
+          echo "out=$OUT" >> "$GITHUB_OUTPUT"
+
+      # Install deps offline using the hydrated store
+      - name: Install Dependencies (offline via pnpm store)
+        run: nix develop --command bash -lc 'export PNPM_STORE_PATH="$PNPM_STORE_PATH_NIX"; pnpm install --frozen-lockfile --offline'
+
+      # ----- Playwright via Nix (no network install, cached by binary cache) -----
+      - name: Use Playwright browsers from Nix
+        run: |
+          echo "PLAYWRIGHT_BROWSERS_PATH=$(nix build --no-link --print-out-paths nixpkgs#playwright-driver.browsers)/share/playwright" >> $GITHUB_ENV
+          echo "PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1" >> $GITHUB_ENV
 
-      # This line enables distribution
-      # The "--stop-agents-after" is optional, but allows idle agents to shut down once the "e2e-ci" targets have been requested
+      # ----- Nx Cloud (DTE) — unchanged -----
       - name: Start Nx Cloud CI Run
         run: nix develop --command bash -c 'pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"'
 
       - name: Check Sync
         run: nix develop --command bash -c 'pnpm nx sync:check'
 
-      - name: Cache Playwright browsers
-        uses: actions/cache@v4
-        with:
-          path: ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('**/pnpm-lock.yaml') }}
-          restore-keys: |
-            ${{ runner.os }}-playwright-
-
-      - name: Install Playwright Browsers
-        run: nix develop --command bash -c 'pnpm exec playwright install'
-
       - uses: nrwl/nx-set-shas@v4
-      # This line is needed for nx affected to work when CI is running on a PR
-      - run: git branch --track main origin/main
+      - run: git branch --track main origin/main || git branch -f main origin/main
 
       - name: Run Core Nx Commands
         run: |
-          nix develop --command bash -c '
+          nix develop --command bash -lc '
             pnpm exec nx-cloud record -- nx format:check
             pnpm exec nx affected -t build typecheck lint test e2e-ci
           '
@@ -91,7 +94,7 @@ jobs:
         run: nix develop --command bash -c 'NX_CLOUD_DISTRIBUTED_EXECUTION=false pnpm nx run-many -t build'
 
       - name: Preview Publish
-        run: nix develop --command bash -c 'pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm'
+        run: nix develop --command bash -c 'pnpm pkg-pr-new publish "./packages/*" "./packages/sdk-effects/*" --packageManager=pnpm'
 
       - name: build docs
         run: nix develop --command bash -c 'pnpm generate-docs'
@@ -120,18 +123,14 @@ jobs:
       - name: Calculate bundle sizes
         id: bundle-analysis
         run: |
-          nix develop --command bash -c '
-            # Make script executable
+          nix develop --command bash -lc '
             chmod +x ./scripts/bundle-sizes.sh
-            # Check if baseline exists
             if [ -f "previous_sizes.json" ]; then
               echo "✅ Using baseline size data from main branch"
-              echo "Baseline data preview:"
-              cat previous_sizes.json | head -5
+              head -5 previous_sizes.json || true
             else
               echo "⚠️ No baseline size data found - this will be the first measurement"
             fi
-            # Run the bundle size calculation
             ./scripts/bundle-sizes.sh
           '
 
@@ -177,7 +176,6 @@ jobs:
             - **Baseline**: Comparison against the latest build from the `main` branch
             - **Files included**: All build outputs except source maps and TypeScript build cache
             - **Exclusions**: `.map`, `.tsbuildinfo`, and `.d.ts.map` files
-
             </details>
 
             ---

.github/workflows/publish.yml

@@ -47,18 +47,22 @@ jobs:
         with:
           fetch-depth: 0
           token: ${{ secrets.GH_TOKEN }}
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v10
+      - uses: pnpm/action-setup@v4
+        with:
+          run_install: false
+      - uses: actions/setup-node@v4
+        id: cache
+        with:
+          node-version-file: '.node-version'
+          cache: 'pnpm'
+          registry-url: 'https://registry.npmjs.org'
 
-      - name: Install Dependencies
-        run: |
-          nix develop --command bash -c '
-            npm install -g npm@latest
-            pnpm install --frozen-lockfile
-          '
+      - name: Update npm
+        run: npm install -g npm@latest
+
+      - run: pnpm install --frozen-lockfile
 
-      - name: Start Nx Cloud CI Run
-        run: nix develop --command bash -c 'NX_CLOUD_DISTRIBUTED_EXECUTION=false pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"'
+      - run: pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"
 
       - name: Cache Playwright browsers
         uses: actions/cache@v4
@@ -68,13 +72,14 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-playwright-
 
-      - name: Install Browsers, Configure Pnpm, and Run Nx Affected
-        run: |
-          nix develop --command bash -c '
-            pnpm exec playwright install
-            pnpm config set store-dir $PNPM_CACHE_FOLDER
-            pnpm exec nx affected -t build lint test e2e-ci
-          '
+      - run: pnpm exec playwright install
+
+      - uses: nrwl/nx-set-shas@v4
+
+      - name: setup pnpm config
+        run: pnpm config set store-dir $PNPM_CACHE_FOLDER
+
+      - run: pnpm exec nx affected -t build lint test e2e-ci
 
       - uses: actions/upload-artifact@v4
         if: ${{ !cancelled() }}
@@ -89,8 +94,8 @@ jobs:
         uses: changesets/action@v1
         id: changesets
         with:
-          publish: nix develop --command bash -c 'pnpm ci:release'
-          version: nix develop --command bash -c 'pnpm ci:version'
+          publish: pnpm ci:release
+          version: pnpm ci:version
           title: Release PR
           branch: main
           commit: 'chore: version-packages'
@@ -99,6 +104,9 @@ jobs:
           HOME: ${{ github.workspace }}
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
 
+      - run: pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm --comment=off
+        if: steps.changesets.outputs.published == 'false'
+
       - name: Send GitHub Action data to a Slack workflow
         if: steps.changesets.outputs.published == 'true'
         uses: slackapi/[email protected]
@@ -108,21 +116,18 @@ jobs:
           webhook-type: webhook-trigger
           payload: steps.changesets.outputs.publishedPackages
 
-      - name: Preview Publish
-        if: steps.changesets.outputs.published == 'false'
-
-        run: nix develop --command bash -c 'pnpm pkg-pr-new publish './packages/*' './packages/sdk-effects/*' --packageManager=pnpm'
-
       - uses: codecov/codecov-action@v5
         with:
           files: ./packages/**/coverage/*.xml
           token: ${{ secrets.CODECOV_TOKEN }}
 
       - name: Ensure builds run
-        run: nix develop --command bash -c 'pnpm nx run-many -t build'
+        run: pnpm nx run-many -t build
+        env:
+          NX_CLOUD_DISTRIBUTED_EXECUTION: false
 
       - name: Build docs
-        run: nix develop --command bash -c 'pnpm generate-docs'
+        run: pnpm generate-docs
 
       - name: Publish api docs
         if: steps.changesets.outputs.published == 'true'
@@ -142,14 +147,12 @@ jobs:
 
       - name: Calculate baseline bundle sizes
         run: |
-          nix develop --command bash -c '
-            chmod +x ./scripts/bundle-sizes.sh
-            rm -f previous_sizes.json
-            echo "📊 Calculating fresh baseline bundle sizes for main branch"
-            ./scripts/bundle-sizes.sh
-            echo "✅ Baseline bundle sizes calculated"
-            cat previous_sizes.json
-          '
+          chmod +x ./scripts/bundle-sizes.sh
+          rm -f previous_sizes.json
+          echo "📊 Calculating fresh baseline bundle sizes for main branch"
+          ./scripts/bundle-sizes.sh
+          echo "✅ Baseline bundle sizes calculated"
+          cat previous_sizes.json
 
       - name: Upload baseline bundle sizes
         uses: actions/upload-artifact@v4
@@ -174,23 +177,20 @@ jobs:
         with:
           fetch-depth: 0
           ref: ${{ inputs.branch }}
+      - uses: pnpm/action-setup@v4
+        with:
+          run_install: false
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: '.node-version'
+          cache: 'pnpm'
 
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v10
+      - name: Update npm
+        run: npm install -g npm@latest
 
-      - name: Configure Nix Cache
-        uses: cachix/cachix-action@v14
-        with:
-          name: ping-javascript-sdk # Matches the cache name in ci.yml
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
+      - run: pnpm install --frozen-lockfile
 
-      - name: Install Dependencies and Start CI Run
-        run: |
-          nix develop --command bash -c '
-            npm install -g npm@latest
-            pnpm install --frozen-lockfile
-            pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"
-          '
+      - run: pnpm dlx nx-cloud start-ci-run --distribute-on=".nx/workflows/dynamic-changesets.yml" --stop-agents-after="e2e-ci" --with-env-vars="CODECOV_TOKEN"
 
       - name: Cache Playwright browsers
         uses: actions/cache@v4
@@ -200,13 +200,16 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-playwright-
 
-      - name: Install Browsers, Configure Pnpm, and Run Nx
-        run: |
-          nix develop --command bash -c '
-            pnpm exec playwright install
-            pnpm config set store-dir $PNPM_CACHE_FOLDER
-            pnpm exec nx run-many -t build test e2e-ci
-          '
+      - run: pnpm exec playwright install
+
+      - uses: nrwl/nx-set-shas@v4
+        with:
+          main-branch-name: main
+
+      - name: setup pnpm config
+        run: pnpm config set store-dir $PNPM_CACHE_FOLDER
+
+      - run: pnpm exec nx run-many -t build test e2e-ci
 
       - uses: actions/upload-artifact@v4
         if: ${{ !cancelled() }}
@@ -216,11 +219,11 @@ jobs:
             ./**/.playwright/**
           retention-days: 30
 
-      - name: Version and Publish Packages
-        run: |
-          nix develop --command bash -c '
-            pnpm changeset version --snapshot ${{ inputs.prerelease }}
-            pnpm publish -r --tag ${{ inputs.dist_tag }} --no-git-checks --access ${{ inputs.access }}
-          '
+      - name: Version Packages as prerelease
+        run: pnpm changeset version --snapshot ${{ inputs.prerelease }}
         env:
           GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+
+      # The actual npm publish that must occur in the authorized file
+      - name: Publish packages with dist-tag
+        run: pnpm publish -r --tag ${{ inputs.dist_tag }} --no-git-checks --access ${{ inputs.access }}