From 15adaed2d7da7f5a4ec97e5c45de3c336708a375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Tue, 19 Nov 2019 11:50:49 +0100 Subject: [PATCH 1/4] expose nix executables also for runner user --- .github/workflows/test.yml | 3 +++ lib/main.js | 2 +- src/main.ts | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f3d3e3f..5a60b42 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,3 +18,6 @@ jobs: - name: Install Nix uses: ./ - run: nix-build test.nix + - run: nix-env -iA cachix -f https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde + # cachix should be available + - run: which cachix \ No newline at end of file diff --git a/lib/main.js b/lib/main.js index 5cbd39e..14d234a 100644 --- a/lib/main.js +++ b/lib/main.js @@ -46,7 +46,7 @@ function run() { // TODO: retry due to all the things that go wrong const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install'); yield exec.exec("sh", [nixInstall, "--daemon"]); - core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin`); + core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin`); core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`); if (os_1.type() == "Darwin") { // macOS needs certificates hints diff --git a/src/main.ts b/src/main.ts index e6f82fc..7df8ec2 100644 --- a/src/main.ts +++ b/src/main.ts @@ -35,7 +35,7 @@ async function run() { // TODO: retry due to all the things that go wrong const nixInstall = await tc.downloadTool('https://nixos.org/nix/install'); await exec.exec("sh", [nixInstall, "--daemon"]); - core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin`) + core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin`) core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`) if (type() == "Darwin") { From 9420096b1d1bc8dbefa255cdc0eba2cbc0b93b6a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Tue, 19 Nov 2019 12:03:06 +0100 Subject: [PATCH 2/4] allow binary caches for runner user --- .github/workflows/test.yml | 5 +++-- lib/main.js | 2 ++ src/main.ts | 6 ++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 5a60b42..543d0b6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -19,5 +19,6 @@ jobs: uses: ./ - run: nix-build test.nix - run: nix-env -iA cachix -f https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde - # cachix should be available - - run: which cachix \ No newline at end of file + - run: cat /etc/nix/nix.conf + # cachix should be available and be able to configure a cache + - run: cachix use cachix \ No newline at end of file diff --git a/lib/main.js b/lib/main.js index 14d234a..9c9f33b 100644 --- a/lib/main.js +++ b/lib/main.js @@ -30,6 +30,8 @@ function run() { yield exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]); // Set jobs to number of cores yield exec.exec("sudo", ["sh", "-c", "echo max-jobs = auto >> /etc/nix/nix.conf"]); + // Allow binary caches for runner user + yield exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]); // Catalina workaround https://github.com/NixOS/nix/issues/2925 if (os_1.type() == "Darwin") { yield exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]); diff --git a/src/main.ts b/src/main.ts index 7df8ec2..119bd32 100644 --- a/src/main.ts +++ b/src/main.ts @@ -1,8 +1,7 @@ import * as core from '@actions/core'; import * as exec from '@actions/exec'; import * as tc from '@actions/tool-cache'; -import {homedir, userInfo, type} from 'os'; -import {existsSync} from 'fs'; +import {type} from 'os'; async function run() { try { @@ -16,6 +15,9 @@ async function run() { // Set jobs to number of cores await exec.exec("sudo", ["sh", "-c", "echo max-jobs = auto >> /etc/nix/nix.conf"]); + // Allow binary caches for runner user + await exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]); + // Catalina workaround https://github.com/NixOS/nix/issues/2925 if (type() == "Darwin") { await exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]); From 16107722cdd5ae952c25003c94aa0c576b33f400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Tue, 19 Nov 2019 12:35:01 +0100 Subject: [PATCH 3/4] re-setup nix.conf after installation --- .github/workflows/test.yml | 4 ++-- lib/main.js | 23 ++++++++++++++++------- src/main.ts | 22 ++++++++++++++++------ 3 files changed, 34 insertions(+), 15 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 543d0b6..2c5fed6 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,8 +17,8 @@ jobs: - run: yarn test - name: Install Nix uses: ./ - - run: nix-build test.nix - run: nix-env -iA cachix -f https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde - run: cat /etc/nix/nix.conf # cachix should be available and be able to configure a cache - - run: cachix use cachix \ No newline at end of file + - run: cachix use cachix + - run: nix-build test.nix \ No newline at end of file diff --git a/lib/main.js b/lib/main.js index 9c9f33b..0c351bf 100644 --- a/lib/main.js +++ b/lib/main.js @@ -20,18 +20,23 @@ const core = __importStar(require("@actions/core")); const exec = __importStar(require("@actions/exec")); const tc = __importStar(require("@actions/tool-cache")); const os_1 = require("os"); +function nixConf() { + return __awaiter(this, void 0, void 0, function* () { + // Workaround a segfault: https://github.com/NixOS/nix/issues/2733 + yield exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]); + yield exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]); + // Set jobs to number of cores + yield exec.exec("sudo", ["sh", "-c", "echo max-jobs = auto >> /etc/nix/nix.conf"]); + // Allow binary caches for runner user + yield exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]); + }); +} function run() { return __awaiter(this, void 0, void 0, function* () { try { const PATH = process.env.PATH; const INSTALL_PATH = '/opt/nix'; - // Workaround a segfault: https://github.com/NixOS/nix/issues/2733 - yield exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]); - yield exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]); - // Set jobs to number of cores - yield exec.exec("sudo", ["sh", "-c", "echo max-jobs = auto >> /etc/nix/nix.conf"]); - // Allow binary caches for runner user - yield exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]); + yield nixConf(); // Catalina workaround https://github.com/NixOS/nix/issues/2925 if (os_1.type() == "Darwin") { yield exec.exec("sudo", ["sh", "-c", `echo \"nix\t${INSTALL_PATH}\" >> /etc/synthetic.conf`]); @@ -48,6 +53,10 @@ function run() { // TODO: retry due to all the things that go wrong const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install'); yield exec.exec("sh", [nixInstall, "--daemon"]); + // write nix.conf again as installation overwrites it, reload the daemon to pick up changes + yield nixConf(); + yield exec.exec("sudo", ["pkill", "-HUP", "nix-daemon"]); + // setup env core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin`); core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`); if (os_1.type() == "Darwin") { diff --git a/src/main.ts b/src/main.ts index 119bd32..7ceeeda 100644 --- a/src/main.ts +++ b/src/main.ts @@ -3,11 +3,7 @@ import * as exec from '@actions/exec'; import * as tc from '@actions/tool-cache'; import {type} from 'os'; -async function run() { - try { - const PATH = process.env.PATH; - const INSTALL_PATH = '/opt/nix'; - +async function nixConf() { // Workaround a segfault: https://github.com/NixOS/nix/issues/2733 await exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]); await exec.exec("sudo", ["sh", "-c", "echo http2 = false >> /etc/nix/nix.conf"]); @@ -17,6 +13,14 @@ async function run() { // Allow binary caches for runner user await exec.exec("sudo", ["sh", "-c", "echo trusted-users = root runner >> /etc/nix/nix.conf"]); +} + +async function run() { + try { + const PATH = process.env.PATH; + const INSTALL_PATH = '/opt/nix'; + + await nixConf(); // Catalina workaround https://github.com/NixOS/nix/issues/2925 if (type() == "Darwin") { @@ -37,13 +41,19 @@ async function run() { // TODO: retry due to all the things that go wrong const nixInstall = await tc.downloadTool('https://nixos.org/nix/install'); await exec.exec("sh", [nixInstall, "--daemon"]); + + // write nix.conf again as installation overwrites it, reload the daemon to pick up changes + await nixConf(); + await exec.exec("sudo", ["pkill", "-HUP", "nix-daemon"]); + + // setup env core.exportVariable('PATH', `${PATH}:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin`) core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/root/channels`) - if (type() == "Darwin") { // macOS needs certificates hints core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt'); } + } catch (error) { core.setFailed(`Action failed with error: ${error}`); throw(error); From c9b9c77f3b4dfe61fb75c39af48d928bef898f94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Tue, 19 Nov 2019 12:59:36 +0100 Subject: [PATCH 4/4] wait for nix-daemon socket --- lib/main.js | 4 ++++ src/main.ts | 5 +++++ 2 files changed, 9 insertions(+) diff --git a/lib/main.js b/lib/main.js index 0c351bf..d5999ad 100644 --- a/lib/main.js +++ b/lib/main.js @@ -62,6 +62,10 @@ function run() { if (os_1.type() == "Darwin") { // macOS needs certificates hints core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt'); + // TODO: nc doesn't work correctly on macOS :( + //await exec.exec("sh", ["-c", "while ! nc -zU /nix/var/nix/daemon-socket/socket; do sleep 0.5; done"]); + // macOS needs time to reload the daemon :( + yield exec.exec("sleep", ["10"]); } } catch (error) { diff --git a/src/main.ts b/src/main.ts index 7ceeeda..d6434db 100644 --- a/src/main.ts +++ b/src/main.ts @@ -52,6 +52,11 @@ async function run() { if (type() == "Darwin") { // macOS needs certificates hints core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt'); + + // TODO: nc doesn't work correctly on macOS :( + //await exec.exec("sh", ["-c", "while ! nc -zU /nix/var/nix/daemon-socket/socket; do sleep 0.5; done"]); + // macOS needs time to reload the daemon :( + await exec.exec("sleep", ["10"]); } } catch (error) {