Release 0.16.0: Strict-inputs fixes and child pipelines

Summary

This release improves gitlab-ci with critical validator fixes and new testing capabilities:

Fix strict-inputs validator bug

• Bug Fix: Validator was checking wrong node when input names differed from node keys
• Now correctly follows root.inputs[name] -> nodes[nodeKey] indirection in flake.lock
• This fixes false positives where transitive dependencies' refs were checked instead of direct ones
• Example: If root.inputs.nixpkgs = "nixpkgs_3", now checks nodes.nixpkgs_3 instead of nodes.nixpkgs

Child pipeline module

• New generic module for triggering downstream CI pipelines
• Creates generate-{name} and {name} trigger jobs for each child pipeline
• Supports expectFailure option for negative testing
• Import via inputs.gitlab-ci.modules.gitlab-ci.child-pipeline

Strict-inputs negative test

• Verifies validator correctly rejects invalid refs like nixos-unstable
• Uses child pipeline with artifact-based verification
• Child pipeline has validation job (allow_failure) + verify job that confirms it failed

Improved job extensibility

• Fixed job merging to support extending auto-generated jobs
• Changed from shallow merge (//) to recursiveUpdate
• Can now add after_script, artifacts, etc. to existing jobs without losing original configuration

Generate stage ordering

• Added generate = 0 to stageOrder defaults
• Ensures generate stage runs before validate/build/test stages

Changes

• Fix flake-strict-inputs.nix validator node indirection (jq query)
• Add child-pipeline.nix module for generic child pipeline support
• Add test/strict-inputs-should-fail negative test with artifact verification
• Change job merging from // to lib.recursiveUpdate in gitlab-ci.nix
• Add generate stage to stageOrder
• Update ChangeLog to 0.16.0

🤖 Generated with Claude Code