How NixOS is built: From Pull Request to your /nix/store
Let's follow the lifecycle of a change in Nixpkgs; from opening the Pull Request until the change makes it our local /nix/store. We'll explore all the CI systems involved in this process, how they interact, where and how they're defined in our codebases, and finally the security implications of each step.