Skip to content
<open-source>
Oeiuwq Faith Blog OpenSource Porfolio

garnix-io/actions

Some useful or didactic garnix actions
Source code at GitHub null
garnix-io/actions.json
{
  "createdAt": "2025-11-10T15:35:06Z",
  "defaultBranch": "main",
  "description": "Some useful or didactic garnix actions",
  "fullName": "garnix-io/actions",
  "homepage": null,
  "language": "Nix",
  "name": "actions",
  "pushedAt": "2025-11-13T18:14:40Z",
  "stargazersCount": 2,
  "topics": [],
  "updatedAt": "2025-11-26T01:37:41Z",
  "url": "https://github.com/garnix-io/actions"
}

garnix actions

Section titled “garnix actions”

built with garnix

This repo includes some garnix actions that are generally useful, as well as helpers from writing your own actions.

The actions here, if they need some sort of setup (e.g., creating and encrypting secrets) follow the pattern of having a setup attribute which you can run. So if you have an app foo, nix run #foo.setup will generally help you set it up.

In order to run the action in garnix, you’ll also need to add them to garnix.yaml. For example:

actions:
  - on: push
    run: statix # Your action name here
    withRepoContents: true # Most actions here need this

Writing your own actions

Section titled “Writing your own actions”

An action is mostly just an app, so you already know how to write one! The two things that are more garnix-specific are the environment variables that are set, and how to handle secrets.

Additionally, we suggest following the convention of having another app in the .setup attribute which guides through any setup steps.

Actions

Section titled “Actions”

statix

Section titled “statix”
statix :
  { actionName,
    encryptedTokenFile,
    disabled ? [],
    ignore ? [],
    logLevel ? "info",
    } -> App

Run statix on your Nix files.

  • actionName: The name of the output this action is running as.
  • encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the .setup attribute of the resulting app.
  • disabled: A list of lints to disable. See here for more details. Default: [].
  • ignore: A list of paths (globs allowed) to not check. Default: [].
  • logLevel: How much to log. Options: debug, info, warning, error. Default: info.

Example:

{


  outputs = { ... }:
    apps.x86_64-linux.statix = actions.lib.statix
      { actionName = "statix";
        disabled = [ "useless_parens" ];
      }
}

Requires withRepoContents

clippy

Section titled “clippy”
clippy : { actionName, encryptedTokenFile, logLevel ? "info" } -> App

Run clippy on your files.

You can configure clippy in the lint section of your Cargo.toml.

  • actionName: The name of the action. Must match the key in outputs to which this action is assigned (apps.x86_64-linux.<name>).
  • encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the .setup attribute of the resulting app.
  • logLevel: How much to log. Options: debug, info, warning, error. Default: info.

Requires withRepoContents.

reviewDog

Section titled “reviewDog”
reviewDog :
{ linter,
  errorFormat ? "%f:$l%:%c: %m",
  format ? null,
  logLevel ? "info",
  encryptedTokenFile } -> App

Generic function for sending linting and other automated feedback to GitHub pull requests. Can be combined with a wide range of linters. Also supports code suggestions.

  • linter: A command that generates lints.
  • errorFormat: What format the linter outputs. See here for more details.
  • format: A built-in format. If set, takes precedence over errorFormat. Run reviewdog -list to see available ones.
  • logLevel: How much to log. Options: debug, info, warning, error. Default: info.
  • encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the .setup attribute of the resulting app.
  • actionName: The name of the action. Must match the key in outputs to which this action is assigned (apps.x86_64-linux.<name>).

If the linter exits non-zero, then the entire action will fail.

Example:

{


  outputs = { ... }:
    apps.x86_64-linux.statix = actions.lib.reviewDog
      { actionName = "statix";
        linter = "${pkgs.statix}/bin/statix check . -o errfmt";
        errorFormat = "%f>%l:%c:%.%#:%.%#:%m";
        encryptedTokenFile = ./secrets/reviewDogToken;
      }
}

Requires withRepoContents

Helpers

Section titled “Helpers”

getGitHubPAT

Section titled “getGitHubPAT”
getGitHubPAT :
  { appName,
    appDescription,
    actionName,
    encryptedTokenFile,
    extraRecipientsFile ? null
    } -> Executable

getGitHubPAT is a helper that gets and encrypts a GitHub Personal Access Token.

  • appName: What to call the app (used in labelling the PAT).
  • appDescription: Short description of the app (used in labelling the PAT).
  • encryptedTokenFile: The path to an encrypted GitHub Personal Access Token. Can be generated by running the .setup attribute of the resulting app.
  • extraRecipientsFile: Any other keys that secrets should be encrypted to. This allows you to easily run the app locally too.