Nix flake update to latest green Hydra?

I am once again unable to build my config with the latest nixos-25.05 commit because of a broken build. In this case it’s specifically devenv (see also Build failure: devenv · Issue #459720 · NixOS/nixpkgs · GitHub for the issue tracking the breakage), but it has been other packages before.

So far as I can tell, there are some tests which are required to pass which does not include all packages, though I’m not sure exactly how all the CI bits work. devenv seems to be in the list of packages that must work for master to be merged to unstable, but from what I see in nixpkgs there’s a totally different mechanism for determining whether a merge can be done to a nixos-* branch.

Regardless of all that, I’m sure I have and will always have some packages that nixpkgs does not consider to be critical. I’m wondering if, instead of nix flake update, it would be possible to automatically find the latest commit for which all packages I care about are working. Ideally, the set of packages I care about would be determined automatically by what my config installs. I would accept “what my config installs with the current flake output”, but ideally this would cover a configurable set of flake outputs.

Is there some way to do this?

Hey!

devenv is a blocker for nixpkgs release, but not for nixos releases.

nixos release doesn’t inherit nixpkgs blockers, would be great if someone makes that happen.

In general, I’d really like to see more maintainers step up and provide guarantees about packages being addressed in swift response by making them a blocker for releases.

devenv build failure is adddressed in [25.05] devenv: 1.9.1 -> 1.10 by domenkozar · Pull Request #459771 · NixOS/nixpkgs · GitHub

I’m not an experienced nixpkgs dev, so please correct me if I’m wrong here. It looks like the blockers for releases use a totally different mechanism. nixpkgs uses a collection of Hydra jobs that are listed, while nixos release uses tests in the nixos/tests/ directory. At least, I assume that there won’t be a merge from release-25.05 to nixos-25.05 unless that build is clean.

Constituents are in the file you linked, or can be seen at Making sure you're not a bot!.

So if we wanted nixos-25.05 releases (or in the near future 25.11) to be gated by devenv working, we’d want to add (onFullSupported nixpkgs.devenv) to that job’s constituents, right? The devenv package has minimal tests but that would at least guarantee that it builds and can run.

I’m not sure how the NixOS project decides which packages should be required for a release. Obviously nixpkgs contains many broken packages in any given release - the lowest I can find for release-25.05 is 2999. But it should still be the case that the vast majority of packages are working.

@smolwaffle I recently made a tool called npc to solve exactly this problem, if I understand correctly; does this work for you? Npc - CLI to view and bisect Nixpkgs channel history

I will try it out right now, looks amazing!

No, the mechanism is the same. NixOS adds VM tests, yes, but packages are there as well. You can easily view it, too, e.g. here on Hydra.

GitHub - nix-community/hydra-check: check hydra for the build status of a package [maintainer=@makefu,@Artturin,@bryango] is also a thing, it has a --json output flag so you could manipulate the output with tools like jq.

Worst case if no one puts something like that together, I’ll give it a go next week.

I’ve taken a look at this and it looks trivial to block nixos-unstable on nixpkgs-unstable blockers.

See include nixpkgs-unstable release-critical jobs in nixos-unstable by domenkozar · Pull Request #460097 · NixOS/nixpkgs · GitHub