Change link checking setup

[lucperkins]

Summary by CodeRabbit

• Documentation

  • Updated README to point the Terraform link to developer.hashicorp.com.

• Chores

  • CI: Broadened Nix formatting check to validate all Nix files.
  • CI: Replaced the external-link job to use the project-provided check-external-links command.
  • Repo Hygiene: Ignored the link checker cache file to prevent it from being tracked.

• Dev Experience

  • Added a dev tool to verify external links with caching and reduced concurrency.
  • Included a formatter in development shells for consistent code formatting.

[coderabbitai]

Walkthrough

Replaces the CI link-check step to run a Nix devShell helper (check-external-links), adds .lycheecache to .gitignore, updates a Terraform URL in README, and refactors flake.nix outputs and devShells, introducing a public formatter attribute and a writeShellApplication-backed check-external-links tool.

Changes

Cohort / File(s)	Summary of changes
CI workflow .github/workflows/publish.yml	Replaces the Lychee invocation with a Nix devShell call that runs check-external-links (uses `git ls-files '*.nix'
Flake outputs & dev tooling flake.nix	Reworks outputs to multiline signatures; adds public formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-rfc-style); adds a check-external-links writeShellApplication (runs lychee against README with --cache, --max-concurrency 2, --verbose); includes self.formatter.${system} and the new helper in devShells; conditional input for Linux AMI upload-ami preserved.
Git ignore .gitignore	Adds comment and entry to ignore Lychee cache file .lycheecache.
Docs README.md	Updates [terraform] reference URL to https://developer.hashicorp.com/terraform.
Build artifact file result	Adds a file containing a single Nix store path line (/nix/store/93rkfkf9arhvawzk6y9fq59m7bd0gij3-nix-shell).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    actor CI as CI / Developer
    participant Nix as Nix devShell
    participant Helper as check-external-links
    participant Lychee as lychee
    participant File as README.md
    participant Net as External Sites

    CI->>Nix: nix develop -c check-external-links
    Nix->>Helper: launch helper (writeShellApplication)
    Helper->>Lychee: lychee --cache --max-concurrency 2 --verbose README.md
    Lychee->>File: parse README links
    Lychee->>Net: request URLs (concurrent, cached)
    Net-->>Lychee: responses
    Lychee-->>Helper: report + exit status
    Helper-->>Nix: return status
    Nix-->>CI: command result

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

I twitch my whiskers, links to chase,
In Nixy burrow, scripts in place.
Cache crumbs tucked, concurrency hops,
I probe each URL—no dead-ends, no props.
README gleams; CI hums, I thump with grace. 🐇🔗

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "Change link checking setup" is a concise, single-sentence summary that accurately reflects the primary changes in this PR (modifying the link-check workflow/devShell, adding .lycheecache to .gitignore, and README link updates), so it clearly communicates the main intent to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch use-link-checking-cache

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

• Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.
• Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.

Please see the documentation for more information.

Example:

reviews:
  pre_merge_checks:
    custom_checks:
      - name: "Undocumented Breaking Changes"
        mode: "warning"
        instructions: |
          Pass/fail criteria: All breaking changes to public APIs, CLI flags, environment variables, configuration keys, database schemas, or HTTP/GraphQL endpoints must be documented in the "Breaking Change" section of the PR description and in CHANGELOG.md. Exclude purely internal or private changes (e.g., code not exported from package entry points or explicitly marked as internal).

Please share your feedback with us on this Discord post.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

flake.nix (1)

64-66: Optional: avoid duplicating Lychee in the devShell

Lychee is already provided via runtimeInputs for the helper; consider removing it from the top-level packages list to slim the shell.

-          packages = with pkgs; [
-            lychee
+          packages = with pkgs; [
             (writeShellApplication {
               name = "check-external-links";
               runtimeInputs = with pkgs; [ lychee ];

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3818d47 and 17e5238.

📒 Files selected for processing (4)

• .github/workflows/publish.yml (1 hunks)
• .gitignore (1 hunks)
• README.md (1 hunks)
• flake.nix (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Upload NixOS AMI (aarch64-linux, UbuntuLatest32Cores128GArm)
• GitHub Check: Upload NixOS AMI (x86_64-linux, ubuntu-latest)

🔇 Additional comments (3)

.gitignore (1)

1-2: LGTM: ignore Lychee cache

Good addition; prevents committing .lycheecache.

README.md (1)

88-88: LGTM: updated Terraform link

New canonical URL looks good.

.github/workflows/publish.yml (1)

42-44: LGTM: use devShell helper for link checking

Cleaner than invoking Lychee directly. Note: this depends on the flake helper being fixed per my flake.nix comment.

[coderabbitai]

⚠️ Potential issue

Fix two bugs in link-check helper: wrong filename and broken line continuation

• Uses README.me instead of README.md (will 404).
• Backslash before an inline # comment (--max-concurrency 2 \ # ...) breaks continuation and can inject a stray arg.

Apply:

-              text = ''
-                lychee \
-                  --cache \
-                  --max-concurrency 2 \ # prevents 429 errors
-                  --verbose \
-                  README.me
-              '';
+              text = ''
+                set -euo pipefail
+                # Keep concurrency low to reduce 429s
+                lychee \
+                  --cache \
+                  --max-concurrency 2 \
+                  --verbose \
+                  README.md
+              '';

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	(writeShellApplication {
	name = "check-external-links";
	runtimeInputs = with pkgs; [ lychee ];
	text = ''
	lychee \
	--cache \
	--max-concurrency 2 \ # prevents 429 errors
	--verbose \
	README.me
	'';
	})
	(writeShellApplication {
	name = "check-external-links";
	runtimeInputs = with pkgs; [ lychee ];
	text = ''
	set -euo pipefail
	# Keep concurrency low to reduce 429s
	lychee \
	--cache \
	--max-concurrency 2 \
	--verbose \
	README.md
	'';
	})

🤖 Prompt for AI Agents

In flake.nix around lines 66 to 76, the link-check helper mistakenly references
README.me (should be README.md) and has a broken line continuation due to an
inline comment following a trailing backslash on the `--max-concurrency 2 \ #
...` line; change the filename to README.md and remove the inline `#` comment
from the same continued line (either move the explanatory comment to its own
line above or remove it) so the backslash properly escapes the newline and no
stray argument is injected.

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

flake.nix (1)

102-107: Fix link checker: wrong filename; add safer shell options

README.me will 404 (should be README.md). Also add set -euo pipefail to fail fast. Inline-comment/backslash issue noted previously is resolved—thanks.

-                  text = ''
-                    lychee \
+                  text = ''
+                    set -euo pipefail
+                    lychee \
                       --cache \
                       --max-concurrency 2 \
                       --verbose \
-                      README.me
+                      README.md
                   '';

🧹 Nitpick comments (3)

flake.nix (3)

22-33: Consider passing self into forSystems closures

Forwarding self enables consumers to reference self.* inside the per-system function without free-variable capture. Optional, but future-proof.

Apply:

-      forSystems =
-        systems: f:
-        inputs.nixpkgs.lib.genAttrs systems (
-          system:
-          f {
+      forSystems =
+        systems: f:
+        inputs.nixpkgs.lib.genAttrs systems (
+          system:
+          f {
             inherit system;
             pkgs = import inputs.nixpkgs {
               inherit system;
             };
-            lib = inputs.nixpkgs.lib;
+            lib = inputs.nixpkgs.lib;
+            self = self;
           }
         );

---

42-76: Tighten assertion message for faster debugging

Include the actual label in the failure to speed up diagnosis.

-                    message = "nixos image label is incorrect";
+                    message = "nixos image label is incorrect: ${toString config.system.nixos.label}";

---

85-116: Avoid duplicate lychee in the devShell

check-external-links already declares lychee in runtimeInputs. Keeping lychee also in packages is redundant unless you want direct lychee CLI access. If not needed, drop it.

-              [
-                lychee
+              [
                 (writeShellApplication {
                   name = "check-external-links";
                   runtimeInputs = with pkgs; [ lychee ];

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 17e5238 and 2af9bc7.

⛔ Files ignored due to path filters (1)

• flake.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• .github/workflows/publish.yml (2 hunks)
• flake.nix (2 hunks)
• result (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• result

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/publish.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: Upload NixOS AMI (x86_64-linux, ubuntu-latest)
• GitHub Check: Upload NixOS AMI (aarch64-linux, UbuntuLatest32Cores128GArm)
• GitHub Check: Basic Nix checks

🔇 Additional comments (5)

flake.nix (5)

10-11: Outputs arg pattern LGTM

Using { self, ... } @ inputs is clear and flexible.

---

13-20: System sets look good

Linux/Darwin split is explicit and maintainable.

---

78-83: diskImages wiring LGTM

Deriving aws from the corresponding system’s amazonImage is correct.

---

120-125: apps pass-through LGTM

Re-exporting smoke-test from nixos-amis per system is straightforward.

---

118-118: Confirm formatter availability across systems — manual verification required

nix not available in the verification environment (/bin/bash: nix: command not found). Run locally and paste the output:

#!/usr/bin/env bash
set -euo pipefail
for sys in x86_64-linux aarch64-linux x86_64-darwin aarch64-darwin; do
  echo "Checking formatter for $sys"
  nix eval --json ".#formatter.${sys}.pname" | jq -r .
done

File: flake.nix (line 118):

      formatter = forAllSystems ({ pkgs, ... }: pkgs.nixfmt-rfc-style);