Why do my Nix flake builds fail on CI but work on my desktop?

[Elizabeth36]

I’ve been trying to set up a reproducible build environment for my project using Nix, but I keep hitting weird issues where the exact same flake works on my desktop but fails on a fresh CI runner. It feels like I’m missing something fundamental about how it manages dependencies. Has anyone else wrestled with this kind of inconsistency?

[FrankBP]

I ran into the same thing. Desktop builds would happily complete while CI would fail with missing inputs or odd fetch errors. The practical fix was to force a completely clean slate on CI: pin inputs in the lock, ensure substituters are wired up, and avoid letting CI reuse a partially built store. It cut down the drift, but it wasn’t a perfect fix and the rest still felt brittle.

[JohnJR]

For me the killer turned out to be a transitive fetch that CI couldn’t hit because of network limits. I added a local cache mirror and configured substituters so the cache was used consistently. After that, the CI failure mode disappeared for the same code, though I still saw occasional timeouts.

[PenelopeHS]

Have you checked the runner architecture and kernel version? I once saw a mismatch where a dev with a newer glibc would run into a derivation that the CI with an older glibc couldn't, and it looked like a dependency problem until we aligned those pieces.

[EleanorC]

I wonder if the real issue is not the dependencies but how the repo is mounted or how overlays are resolved. One time a local overlay changed during a run and the CI didn’t pick it up in the same way, which made the build diverge even with the same inputs.