workflows/eval: run Lix in the merge queue

This change runs Lix on the target commit and Nix on the merged commit.
This does two things for us at once:
- We test both Lix and Nix.
- We ensure that both Lix and Nix produce the same output hashes.

If Lix and Nix were to produce different output hashes at some point,
this would show up as rebuilds in every PR.

.github/workflows/eval.yml

@@ -11,6 +11,9 @@ on:
       systems:
         required: true
         type: string
+      defaultVersion:
+        required: true
+        type: string
       testVersions:
         required: false
         default: false
@@ -105,7 +108,7 @@ jobs:
       - name: Evaluate the ${{ matrix.system }} output paths at the merge commit
         env:
           MATRIX_SYSTEM: ${{ matrix.system }}
-          MATRIX_VERSION: ${{ matrix.version || 'nixVersions.latest' }}
+          MATRIX_VERSION: ${{ matrix.version || inputs.defaultVersion }}
         run: |
           nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned  -A eval.singleSystem \
             --argstr evalSystem "$MATRIX_SYSTEM" \
@@ -119,12 +122,14 @@ jobs:
         if: inputs.targetSha
         env:
           MATRIX_SYSTEM: ${{ matrix.system }}
+          # This must match the default version set in the Merge Queue.
+          VERSION: lixPackageSets.latest.lix
         # This is very quick, because it pulls the eval results from Cachix.
         run: |
           nix-build nixpkgs/trusted/ci --arg nixpkgs ./nixpkgs/trusted-pinned -A eval.singleSystem \
             --argstr evalSystem "$MATRIX_SYSTEM" \
             --arg chunkSize 8000 \
-            --argstr nixPath "nixVersions.latest" \
+            --argstr nixPath "$VERSION" \
             --out-link target
 
       - name: Compare outpaths against the target branch

.github/workflows/merge-group.yml

@@ -55,6 +55,8 @@ jobs:
     with:
       mergedSha: ${{ inputs.mergedSha || github.event.merge_group.head_sha }}
       systems: ${{ needs.prepare.outputs.systems }}
+      # This must match the version in Eval's target step.
+      defaultVersion: lixPackageSets.latest.lix
 
   # This job's only purpose is to create the target for the "Required Status Checks" branch ruleset.
   # It "needs" all the jobs that should block the Merge Queue.

.github/workflows/pr.yml

@@ -86,6 +86,7 @@ jobs:
       mergedSha: ${{ needs.prepare.outputs.mergedSha }}
       targetSha: ${{ needs.prepare.outputs.targetSha }}
       systems: ${{ needs.prepare.outputs.systems }}
+      defaultVersion: nixVersions.latest
       testVersions: ${{ contains(fromJSON(needs.prepare.outputs.touched), 'pinned') && !contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development') }}
 
   labels: