From 7ed2c7e297db3cd90e7e3e952e5068eb24ec6aef Mon Sep 17 00:00:00 2001
From: Wolfgang Walther <walther@technowledgy.de>
Date: Tue, 14 Oct 2025 12:31:58 +0200
Subject: [PATCH] workflows/eval: run Lix in the merge queue

This change runs Lix on the target commit and Nix on the merged commit.
This does two things for us at once:
- We test both Lix and Nix.
- We ensure that both Lix and Nix produce the same output hashes.

If Lix and Nix were to produce different output hashes at some point,
this would show up as rebuilds in every PR.
---
 .github/workflows/eval.yml        | 9 +++++++--
 .github/workflows/merge-group.yml | 2 ++
 .github/workflows/pr.yml          | 1 +
 3 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/eval.yml b/.github/workflows/eval.yml
index daa587908f98..f2c7a2c13568 100644
--- a/.github/workflows/eval.yml
+++ b/.github/workflows/eval.yml
@@ -11,6 +11,9 @@ on:
       systems:
         required: true
         type: string
+      defaultVersion:
+        required: true
+        type: string
       testVersions:
         required: false
         default: false
@@ -105,7 +108,7 @@ jobs:
       - name: Evaluate the ${{ matrix.system }} output paths at the merge commit
         env:
           MATRIX_SYSTEM: ${{ matrix.system }}
-          MATRIX_VERSION: ${{ matrix.version || 'nixVersions.latest' }}
+          MATRIX_VERSION: ${{ matrix.version || inputs.defaultVersion }}
         run: |
           nix-build nixpkgs/untrusted/ci --arg nixpkgs ./nixpkgs/untrusted-pinned  -A eval.singleSystem \
             --argstr evalSystem "$MATRIX_SYSTEM" \
@@ -119,12 +122,14 @@ jobs:
         if: inputs.targetSha
         env:
           MATRIX_SYSTEM: ${{ matrix.system }}
+          # This must match the default version set in the Merge Queue.
+          VERSION: lixPackageSets.latest.lix
         # This is very quick, because it pulls the eval results from Cachix.
         run: |
           nix-build nixpkgs/trusted/ci --arg nixpkgs ./nixpkgs/trusted-pinned -A eval.singleSystem \
             --argstr evalSystem "$MATRIX_SYSTEM" \
             --arg chunkSize 8000 \
-            --argstr nixPath "nixVersions.latest" \
+            --argstr nixPath "$VERSION" \
             --out-link target
 
       - name: Compare outpaths against the target branch
diff --git a/.github/workflows/merge-group.yml b/.github/workflows/merge-group.yml
index 6ae96f0900f7..6298aaa4424d 100644
--- a/.github/workflows/merge-group.yml
+++ b/.github/workflows/merge-group.yml
@@ -55,6 +55,8 @@ jobs:
     with:
       mergedSha: ${{ inputs.mergedSha || github.event.merge_group.head_sha }}
       systems: ${{ needs.prepare.outputs.systems }}
+      # This must match the version in Eval's target step.
+      defaultVersion: lixPackageSets.latest.lix
 
   # This job's only purpose is to create the target for the "Required Status Checks" branch ruleset.
   # It "needs" all the jobs that should block the Merge Queue.
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index 9f4a2ba4d0b4..a9d40fcdcf5d 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -86,6 +86,7 @@ jobs:
       mergedSha: ${{ needs.prepare.outputs.mergedSha }}
       targetSha: ${{ needs.prepare.outputs.targetSha }}
       systems: ${{ needs.prepare.outputs.systems }}
+      defaultVersion: nixVersions.latest
       testVersions: ${{ contains(fromJSON(needs.prepare.outputs.touched), 'pinned') && !contains(fromJSON(needs.prepare.outputs.headBranch).type, 'development') }}
 
   labels: