ci(nix): Add NixOS package distribution

.github/workflows/nix-build.yml

@@ -0,0 +1,119 @@
+name: Nix Build Verification
+
+on:
+  pull_request:
+    branches:
+      - main
+    paths:
+      - 'nix/**'
+      - 'go.mod'
+      - 'go.sum'
+      - '**.go'
+      - '.github/workflows/nix-build.yml'
+  push:
+    branches:
+      - main
+    paths:
+      - 'nix/**'
+      - 'go.mod'
+      - 'go.sum'
+      - '**.go'
+      - '.github/workflows/nix-build.yml'
+  workflow_dispatch:
+
+jobs:
+  nix-build:
+    name: Build on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-24.04
+            platform: linux-amd64
+          - os: ubuntu-24.04
+            platform: linux-arm64
+          - os: macos-15-intel
+            platform: darwin-amd64
+          - os: macos-latest
+            platform: darwin-arm64
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+            accept-flake-config = true
+
+      - name: Build with Nix
+        run: |
+          nix-build nix/default.nix --show-trace
+
+      - name: Verify binary
+        run: |
+          result/bin/infer version
+          result/bin/infer --help
+
+      - name: Check binary size
+        run: |
+          ls -lh result/bin/infer
+          size=$(stat -c%s result/bin/infer 2>/dev/null || stat -f%z result/bin/infer)
+          echo "Binary size: $(numfmt --to=iec $size 2>/dev/null || echo $size bytes)"
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: infer-${{ matrix.platform }}
+          path: result/bin/infer
+          retention-days: 7
+
+  nix-fmt-check:
+    name: Check Nix formatting
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+
+      - name: Check Nix formatting
+        run: |
+          nix-shell -p nixpkgs-fmt --run "nixpkgs-fmt --check nix/"
+
+      - name: Evaluate Nix expression
+        run: |
+          nix-instantiate --eval --strict nix/default.nix --show-trace
+
+  summary:
+    name: Build Summary
+    runs-on: ubuntu-24.04
+    needs:
+      - nix-build
+      - nix-fmt-check
+    if: always()
+
+    steps:
+      - name: Check build results
+        run: |
+          if [ "${{ needs.nix-build.result }}" != "success" ]; then
+            echo "::error::Nix build failed"
+            exit 1
+          fi
+
+          if [ "${{ needs.nix-fmt-check.result }}" != "success" ]; then
+            echo "::error::Nix formatting check failed"
+            exit 1
+          fi
+
+          echo "✅ All Nix build checks passed!"

.github/workflows/nix-version-sync.yml

@@ -0,0 +1,147 @@
+name: Nix Version Sync
+
+on:
+  release:
+    types:
+      - published
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Version to sync (e.g., 0.76.1)'
+        required: true
+        type: string
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  update-nix-version:
+    name: Update Nix package version
+    runs-on: ubuntu-24.04
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v31
+        with:
+          nix_path: nixpkgs=channel:nixos-unstable
+          extra_nix_config: |
+            experimental-features = nix-command flakes
+
+      - name: Determine version
+        id: version
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            VERSION="${{ inputs.version }}"
+          else
+            VERSION="${{ github.event.release.tag_name }}"
+            VERSION="${VERSION#v}"
+          fi
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Version to sync: $VERSION"
+
+      - name: Calculate source hash
+        id: source-hash
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          URL="https://github.com/inference-gateway/cli/archive/refs/tags/v${VERSION}.tar.gz"
+
+          echo "Downloading source from: $URL"
+          HASH=$(nix-prefetch-url --unpack "$URL")
+          echo "Source hash: $HASH"
+          echo "hash=$HASH" >> $GITHUB_OUTPUT
+
+      - name: Update version in Nix expression
+        run: |
+          VERSION="${{ steps.version.outputs.version }}"
+          HASH="${{ steps.source-hash.outputs.hash }}"
+          sed -i "s/version = \"[0-9.]*\";/version = \"$VERSION\";/" nix/infer.nix
+          sed -i "s|hash = \"sha256-[A-Za-z0-9+/=]*\";|hash = \"sha256-$HASH\";|" nix/infer.nix
+          echo "Updated nix/infer.nix with version $VERSION"
+          cat nix/infer.nix | grep -A2 "version ="
+
+      - name: Calculate vendor hash
+        id: vendor-hash
+        run: |
+          echo "Attempting build to calculate vendorHash..."
+          sed -i 's|vendorHash = "sha256-[A-Za-z0-9+/=]*";|vendorHash = "";|' nix/infer.nix
+          BUILD_OUTPUT=$(nix-build nix/infer.nix 2>&1 || true)
+          VENDOR_HASH=$(echo "$BUILD_OUTPUT" | grep -oP "got:\s+sha256-\K[A-Za-z0-9+/=]+" | head -1)
+
+          if [ -z "$VENDOR_HASH" ]; then
+            echo "::error::Failed to calculate vendorHash"
+            echo "$BUILD_OUTPUT"
+            exit 1
+          fi
+
+          echo "Vendor hash: sha256-$VENDOR_HASH"
+          echo "hash=$VENDOR_HASH" >> $GITHUB_OUTPUT
+
+      - name: Update vendor hash in Nix expression
+        run: |
+          VENDOR_HASH="${{ steps.vendor-hash.outputs.hash }}"
+          sed -i "s|vendorHash = \"[^\"]*\";|vendorHash = \"sha256-$VENDOR_HASH\";|" nix/infer.nix
+          echo "Updated vendorHash in nix/infer.nix"
+
+      - name: Verify build
+        run: |
+          echo "Building with updated hashes to verify..."
+          nix-build nix/infer.nix --show-trace
+
+          echo "Verifying binary..."
+          result/bin/infer version
+
+      - name: Format Nix file
+        run: |
+          nix-shell -p nixpkgs-fmt --run "nixpkgs-fmt nix/infer.nix"
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: 'chore(nix): Update package to v${{ steps.version.outputs.version }}'
+          title: 'chore(nix): Update package to v${{ steps.version.outputs.version }}'
+          body: |
+            ## Automated Nix Package Update
+
+            This PR updates the Nix package expression to version **${{ steps.version.outputs.version }}**.
+
+            ### Changes
+            - ✅ Updated `version` to `${{ steps.version.outputs.version }}`
+            - ✅ Updated source `hash` to `sha256-${{ steps.source-hash.outputs.hash }}`
+            - ✅ Updated `vendorHash` to `sha256-${{ steps.vendor-hash.outputs.hash }}`
+            - ✅ Verified build succeeds
+            - ✅ Formatted with nixpkgs-fmt
+
+            ### Verification
+            ```bash
+            nix-build nix/infer.nix
+            result/bin/infer version
+            ```
+
+            ### Related
+            - Release: ${{ github.event.release.html_url || 'Manual trigger' }}
+
+            ---
+            🤖 Auto-generated by `.github/workflows/nix-version-sync.yml`
+          branch: chore/nix-update-v${{ steps.version.outputs.version }}
+          delete-branch: true
+          labels: |
+            nix
+            dependencies
+            automated
+
+      - name: Summary
+        run: |
+          echo "## ✅ Nix Package Updated" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "- **Version**: ${{ steps.version.outputs.version }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Source Hash**: sha256-${{ steps.source-hash.outputs.hash }}" >> $GITHUB_STEP_SUMMARY
+          echo "- **Vendor Hash**: sha256-${{ steps.vendor-hash.outputs.hash }}" >> $GITHUB_STEP_SUMMARY
+          echo "" >> $GITHUB_STEP_SUMMARY
+          echo "A pull request has been created to merge these changes." >> $GITHUB_STEP_SUMMARY

.gitignore

@@ -10,6 +10,11 @@ flox.*-linux.*
 /.task
 infer
 
+# Nix build artifacts
+result
+result-*
+*.drv
+
 # IDE's
 .vscode
 .idea