fix(nix): replace magic-nix-cache with Cachix#17928
Merged
alt-glitch merged 2 commits intomainfrom Apr 30, 2026
Merged
Conversation
magic-nix-cache caused recurring CI failures (TwirpErrorResponse ResourceExhausted) by hitting GitHub Actions Cache's 10 GB limit and 200 req/min rate limit. This was flagged as 'unfixable infra flake' in #17836 but is actually a fixable architecture choice. Switch to Cachix (dedicated binary cache, no GHA quota dependency): - Replace DeterminateSystems/magic-nix-cache-action with cachix/cachix-action - Add cachix-auth-token input to nix-setup composite action - Pass CACHIX_AUTH_TOKEN secret through all three nix workflows - continue-on-error: true so cache failures never block CI Cache 'hermes-agent' is public at hermes-agent.cachix.org. Devs can pull locally with: cachix use hermes-agent
alt-glitch
added
type/bug
donald131
pushed a commit
to donald131/hermes-agent
that referenced
this pull request
May 2, 2026
* fix(nix): replace magic-nix-cache with Cachix magic-nix-cache caused recurring CI failures (TwirpErrorResponse ResourceExhausted) by hitting GitHub Actions Cache's 10 GB limit and 200 req/min rate limit. This was flagged as 'unfixable infra flake' in NousResearch#17836 but is actually a fixable architecture choice. Switch to Cachix (dedicated binary cache, no GHA quota dependency): - Replace DeterminateSystems/magic-nix-cache-action with cachix/cachix-action - Add cachix-auth-token input to nix-setup composite action - Pass CACHIX_AUTH_TOKEN secret through all three nix workflows - continue-on-error: true so cache failures never block CI Cache 'hermes-agent' is public at hermes-agent.cachix.org. Devs can pull locally with: cachix use hermes-agent * fix: correct cachix-action commit SHA pin --------- Co-authored-by: Hermes Agent <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Nix CI has been flaky due to
DeterminateSystems/magic-nix-cache-actionhitting GitHub Actions Cache infrastructure limits:TwirpErrorResponse { code: ResourceExhausted }— GHA's 10 GB per-repo cache quota exceededThis caused 10 consecutive Nix failures on main (Apr 29–30) and was declared 'unfixable infra flake' in #17836. It's actually a fixable architecture choice — DeterminateSystems themselves no longer use magic-nix-cache on their own repos.
Solution
Replace magic-nix-cache with Cachix — a dedicated Nix binary cache not subject to GHA's limits.
continue-on-error: trueso cache failures are never fatalcachix use hermes-agentWhat other Nix-heavy repos do
Changes
.github/actions/nix-setup/action.yml— swap magic-nix-cache for cachix-action v17.github/workflows/nix.yml— passCACHIX_AUTH_TOKENsecret.github/workflows/nix-lockfile-check.yml— same.github/workflows/nix-lockfile-fix.yml— same (both jobs)First-run note
The cache starts empty — the first CI run after merge will be slightly slower (fetching from
cache.nixos.org) but will populate the Cachix cache. Subsequent runs pull from Cachix at full speed.