Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Grahamc/determinate argument #123

Merged
merged 30 commits into from
Sep 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
14ae9da
Add determinate param to the Action
lucperkins Aug 9, 2024
bb4ad94
Add DN fact and info log
lucperkins Aug 9, 2024
18cc545
Fix if/else logic for pushing args
lucperkins Aug 9, 2024
1ba1eff
Add setting to README table
lucperkins Aug 12, 2024
fff456e
Drop the flakehub param to deprecated, use determinate, and log in to…
grahamc Sep 13, 2024
57c23b1
Test with determinate
grahamc Sep 13, 2024
6bdf449
oops
grahamc Sep 13, 2024
8220cbf
More matrix
grahamc Sep 13, 2024
83aebe6
derp my local installed deps were outdated
grahamc Sep 13, 2024
eaec105
Test the various macs
grahamc Sep 13, 2024
982b859
disable 12
grahamc Sep 13, 2024
d62a02a
Run dnixd in the docker shim
grahamc Sep 13, 2024
d05bad1
Cut down suite for digging
grahamc Sep 13, 2024
86a561d
debug..
grahamc Sep 13, 2024
c345631
log in after docker starts
grahamc Sep 13, 2024
c2eead0
Revert "debug.."
grahamc Sep 13, 2024
90a7405
Revert "Cut down suite for digging"
grahamc Sep 13, 2024
d8bd583
Unify the macOS and Linux tests
grahamc Sep 13, 2024
3d22686
Don't run the zsh test if zsh isn't installed
grahamc Sep 13, 2024
769631f
Merge the macos and linux tests
grahamc Sep 13, 2024
5fdad1f
Fixup the zsh test
grahamc Sep 13, 2024
718521a
derp
grahamc Sep 13, 2024
739c104
Install Nix & determinate, no id token
grahamc Sep 13, 2024
3916fa2
gdi
grahamc Sep 13, 2024
456e2a3
Don't print we're logging in if we can't, don't die if we fail
grahamc Sep 13, 2024
7f304d1
Make the names more clear
grahamc Sep 13, 2024
7efe659
derp
grahamc Sep 13, 2024
3c6bad2
Update README.md
grahamc Sep 13, 2024
cf9e6ea
Remove source-tag, add determinate arg to subsequent installs
grahamc Sep 13, 2024
815a428
Use nix config show to get all the nix.confs
grahamc Sep 13, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 29 additions & 88 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,9 @@ jobs:
runs-on: ubuntu-22.04
needs:
- check-dist-up-to-date
- install-nix-linux
- install-nix-macos
- install-nix
- install-with-non-default-source-inputs
- install-no-id-token
# NOTE(cole-h): GitHub treats "skipped" as "OK" for the purposes of required checks on branch
# protection, so we take advantage of this fact and fail if any of the dependent actions failed,
# or "skip" (which is a success for GHA's purposes) if none of them did.
Expand Down Expand Up @@ -44,14 +44,21 @@ jobs:
- name: Ensure no staged changes
run: git diff --exit-code

install-nix-linux:
name: Run test suite for Linux systems
install-nix:
name: "Test: ${{ matrix.runner }}${{ matrix.determinate && ' with determinate' || '' }}"
strategy:
matrix:
runner:
- ubuntu-latest
- nscloud-ubuntu-22.04-amd64-4x16
- namespace-profile-default-arm64
# - macos-12-large # determinate-nixd is broken on macos-12
- macos-13-large
- macos-14-large
- macos-14-xlarge # arm64
determinate:
- true
- false
runs-on: ${{ matrix.runner }}
permissions:
contents: read
Expand All @@ -65,6 +72,7 @@ jobs:
log-directives: nix_installer=trace
backtrace: full
_internal-strict-mode: true
determinate: ${{ matrix.determinate }}
- name: echo $PATH
run: echo $PATH

Expand All @@ -82,85 +90,6 @@ jobs:
nix store gc
nix run nixpkgs#hello

- name: Test bash
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
shell: bash --login {0}
- name: Test sh
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
shell: sh -l {0}
- name: Install Nix again (noop)
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
_internal-strict-mode: true
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
nix run nixpkgs#hello
nix profile install nixpkgs#hello
hello
nix store gc
nix run nixpkgs#hello
- name: Reinstall Nix
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
reinstall: true
extra-conf: |
use-sqlite-wal = true
_internal-strict-mode: true
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
nix run nixpkgs#hello
nix profile install nixpkgs#hello
hello
nix store gc
nix run nixpkgs#hello
- name: Verify the generated nix.conf
run: |
cat -n /etc/nix/nix.conf
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf

install-nix-macos:
name: Run test suite for macOS systems
strategy:
matrix:
runner:
# x86_64-darwin
- macos-12
# aarch64-darwin
- macos-latest-xlarge
runs-on: ${{ matrix.runner }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
_internal-strict-mode: true
- name: echo $PATH
run: echo $PATH
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
nix run nixpkgs#hello
nix profile install nixpkgs#hello
hello
nix store gc
nix run nixpkgs#hello
- name: Test bash
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
Expand All @@ -170,16 +99,16 @@ jobs:
if: success() || failure()
shell: sh -l {0}
- name: Test zsh
run: nix-instantiate -E 'builtins.currentTime' --eval
run: if (zsh --help > /dev/null); then zsh --login --interactive -c "nix-instantiate -E 'builtins.currentTime' --eval"; fi
if: success() || failure()
shell: zsh --login --interactive {0}
- name: Install Nix again (noop)
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
_internal-strict-mode: true
determinate: ${{ matrix.determinate }}
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
Expand All @@ -198,6 +127,7 @@ jobs:
extra-conf: |
use-sqlite-wal = true
_internal-strict-mode: true
determinate: ${{ matrix.determinate }}
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
Expand All @@ -208,9 +138,10 @@ jobs:
nix run nixpkgs#hello
- name: Verify the generated nix.conf
run: |
cat /etc/nix/nix.conf
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
nix config show
cat -n /etc/nix/nix.conf
nix config show | grep -E "^trusted-users = .*$USER"
nix config show | grep -E "^use-sqlite-wal = true"

install-with-non-default-source-inputs:
name: Install Nix using non-default source-${{ matrix.inputs.key }}
Expand All @@ -236,3 +167,13 @@ jobs:
_internal-strict-mode: true
- name: Ensure that the expected Nix version ${{ matrix.inputs.nix-version }} is installed via alternative source-${{ matrix.inputs.key }}
run: .github/verify-version.sh ${{ matrix.inputs.nix-version }}

install-no-id-token:
name: Install Nix without an ID token
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: ./
with:
_internal-strict-mode: true
determinate: true
7 changes: 4 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:

### With FlakeHub

To fetch private flakes from FlakeHub, update the `permissions` block and pass `flakehub: true`:
To fetch private flakes from FlakeHub and Nix builds from FlakeHub Cache, update the `permissions` block and pass `determinate: true`:

```yaml
on:
Expand All @@ -53,7 +53,7 @@ jobs:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
with:
flakehub: true
determinate: true
- run: nix build .
```

Expand Down Expand Up @@ -85,9 +85,10 @@ Differing from the upstream [Nix](https://github.com/NixOS/nix) installer script
| Parameter | Description | Type | Default |
| :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------- | :------------------------------------------------------------- |
| `backtrace` | The setting for [`RUST_BACKTRACE`][backtrace] | string | |
| `determinate` | Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches. | Boolean | `false` |
| `extra-args` | Extra arguments to pass to the planner (prefer using structured `with:` arguments unless using a custom [planner]!) | string | |
| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | string | |
| `flakehub` | Log in to FlakeHub to pull private flakes using the GitHub Actions [JSON Web Token](https://jwt.io) (JWT), which is bound to the `api.flakehub.com` audience. | Boolean | `false` |
| `flakehub` | Deprecated. Implies `determinate`. | Boolean | `false` |
| `force-docker-shim` | Force the use of Docker as a process supervisor. This setting is automatically enabled when necessary. | Boolean | `false` |
| `github-token` | A [GitHub token] for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | string | `${{ github.token }}` |
| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | string | `${{ github.server }}` |
Expand Down
6 changes: 5 additions & 1 deletion action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,18 @@ inputs:
backtrace:
description: The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)
required: false
determinate:
description: |
Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches.
default: false
extra-args:
description: Extra args to pass to the planner (prefer using structured `with:` arguments unless using a custom planner!)
required: false
extra-conf:
description: Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)
required: false
flakehub:
description: Automatically log in to your [FlakeHub](https://flakehub.com) account, for accessing private flakes.
description: Deprecated. Implies `determinate`.
required: false
default: false
force-docker-shim:
Expand Down
Loading