Nix: 2.15.1 -> 2.16.1

use system certs
feat: Configure editors
2023-06-16 19:57:30 +01:00 · 2023-06-16 19:57:30 +01:00 · 2023-06-07 08:15:55 +12:00 · 2023-05-24 13:31:13 +01:00 · 2023-05-05 17:27:03 +01:00 · 2023-05-04 10:15:12 +01:00
5 changed files with 66 additions and 51 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,15 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+
+[LICENSE]
+indent_size = unset
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -16,7 +16,7 @@ jobs:
    - name: Install Nix
      uses: ./
      with:
-        nix_path: nixpkgs=channel:nixos-20.03
+        nix_path: nixpkgs=channel:nixos-22.11
    - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
    - run: cat /etc/nix/nix.conf
    # cachix should be available and be able to configure a cache
@@ -46,7 +46,7 @@ jobs:
    - name: Install Nix
      uses: ./
      with:
-        nix_path: nixpkgs=channel:nixos-20.03
+        nix_path: nixpkgs=channel:nixos-22.11
        extra_nix_config: |
          sandbox = relaxed
    - run: cat /etc/nix/nix.conf
@@ -73,7 +73,7 @@ jobs:
    - name: Install Nix
      uses: ./
      with:
-        nix_path: nixpkgs=channel:nixos-22.05
+        nix_path: nixpkgs=channel:nixos-22.11
        install_options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve
        install_url: https://nixos-nix-install-tests.cachix.org/serve/s62m7lc0q0mz2mxxm9q0kkrcg90njzhq/install
    - run: nix-build test.nix
@@ -88,7 +88,7 @@ jobs:
    - name: Install Nix
      uses: ./
      with:
-        nix_path: nixpkgs=channel:nixos-22.05
+        nix_path: nixpkgs=channel:nixos-22.11
        install_url: https://releases.nixos.org/nix/nix-2.8.0/install
    - run: nix-build test.nix

--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # install-nix-action

-![github actions badge](https://github.com/cachix/install-nix-action/workflows/install-nix-action%20test/badge.svg)
+![GitHub Actions badge](https://github.com/cachix/install-nix-action/workflows/install-nix-action%20test/badge.svg)

 Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platforms: Linux and macOS.

@@ -13,12 +13,12 @@ or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs.html)

 - Quick installation (~4s on Linux, ~20s on macOS)
 - Multi-User installation (with sandboxing enabled only on Linux)
- [Self-hosted github runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
+- [Self-hosted GitHub runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
 - Allows specifying Nix installation URL via `install_url` (the oldest supported Nix version is 2.3.5)
- Allows specifying extra Nix configration options via `extra_nix_config`
+- Allows specifying extra Nix configuration options via `extra_nix_config`
 - Allows specifying `$NIX_PATH` and channels via `nix_path`
 - Share `/nix/store` between builds using [cachix-action](https://github.com/cachix/cachix-action) for simple binary cache setup to speed up your builds and share binaries with your team
- Enables `flakes` and `nix-command` experimental features by default (to disable, set ``experimental-features`` via ``extra_nix_config``) 
+- Enables `flakes` and `nix-command` experimental features by default (to disable, set `experimental-features` via `extra_nix_config`)

 ## Usage

@@ -34,13 +34,12 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
-    - uses: cachix/install-nix-action@v18
+    - uses: cachix/install-nix-action@v20
      with:
        nix_path: nixpkgs=channel:nixos-unstable
    - run: nix-build
 ```

-
 ## Usage with Flakes

 ```yaml
@@ -53,7 +52,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
-    - uses: cachix/install-nix-action@v18
+    - uses: cachix/install-nix-action@v20
      with:
        github_access_token: ${{ secrets.GITHUB_TOKEN }}
    - run: nix build
@@ -66,11 +65,11 @@ To install Nix from any commit, go to [the corresponding installer_test action](

 - `extra_nix_config`: append to `/etc/nix/nix.conf`

- `github_access_token`: configure nix to pull from github using the given github token. This helps work around rate limit issues.
+- `github_access_token`: configure Nix to pull from GitHub using the given GitHub token. This helps work around rate limit issues. Has no effect when `access-tokens` is also specified in `extra_nix_config`.

- `install_url`: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix for example https://releases.nixos.org/nix/nix-2.3.7/install)
+- `install_url`: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix, for example https://releases.nixos.org/nix/nix-2.3.7/install)

- `install_options`: Additional installer flags passed to the installer script.
+- `install_options`: additional installer flags passed to the installer script.

 - `nix_path`: set `NIX_PATH` environment variable, for example `nixpkgs=channel:nixos-unstable`

@@ -80,13 +79,12 @@ To install Nix from any commit, go to [the corresponding installer_test action](

 ### How do I print nixpkgs version I have configured?

-
 ```yaml
 - name: Print nixpkgs version
  run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
 ```

-### How can I run NixOS tests?
+### How do I run NixOS tests?

 With the following inputs:

@@ -98,7 +96,7 @@ With the following inputs:

 [Note that there's no hardware acceleration on GitHub Actions.](https://github.com/actions/virtual-environments/issues/183#issuecomment-610723516).

-### How can I install packages via nix-env from the specified `nix_path`?
+### How do I install packages via nix-env from the specified `nix_path`?

 ```
 nix-env -i mypackage -f '<nixpkgs>'
@@ -122,26 +120,29 @@ Otherwise, you can add any binary cache to nix.conf using
 install-nix-action's own `extra_nix_config` input:

 ```yaml
- uses: cachix/install-nix-action@v18
+- uses: cachix/install-nix-action@v20
  with:
    extra_nix_config: |
      trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
      substituters = https://hydra.iohk.io https://cache.nixos.org/
 ```

-## Hacking
+### How do I pass environment variables to commands run with `nix develop` or `nix shell`?

-Install the dependencies
-```bash
-$ yarn install
+Nix runs commands in a restricted environment by default, called `pure mode`.
+In pure mode, environment variables are not passed through to improve the reproducibility of the shell.
+
+You can use the `--keep / -k` flag to keep certain environment variables:
+
+```yaml
+- name: Run a command with nix develop
+  run: nix develop --ignore-environment --keep MY_ENV_VAR --command echo $MY_ENV_VAR
+  env:
+    MY_ENV_VAR: "hello world"
 ```

-Build the typescript
-```bash
-$ yarn build
-```
+Or you can disable pure mode entirely with the `--impure` flag:

-Run the tests :heavy_check_mark:
-```bash
-$ yarn test
+```
+nix develop --impure
 ```
--- a/action.yml
+++ b/action.yml
@@ -18,7 +18,7 @@ branding:
 runs:
  using: 'composite'
  steps:
-    - run : ${{ github.action_path }}/install-nix.sh
+    - run : ${GITHUB_ACTION_PATH}/install-nix.sh
      shell: bash
      env:
        INPUT_EXTRA_NIX_CONFIG: ${{ inputs.extra_nix_config }}
@@ -26,3 +26,4 @@ runs:
        INPUT_INSTALL_OPTIONS: ${{ inputs.install_options }}
        INPUT_INSTALL_URL: ${{ inputs.install_url }}
        INPUT_NIX_PATH: ${{ inputs.nix_path }}
+        GITHUB_TOKEN: ${{ github.token }}
--- a/install-nix.sh
+++ b/install-nix.sh
@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 set -euo pipefail

-if type -p nix &>/dev/null ; then
-  echo "Aborting: Nix is already installed at $(type -p nix)"
+if nix_path="$(type -p nix)" ; then
+  echo "Aborting: Nix is already installed at ${nix_path}"
  exit
 fi

@@ -15,18 +15,23 @@ trap 'rm -rf "$workdir"' EXIT

 # Configure Nix
 add_config() {
-  echo "$1" | tee -a "$workdir/nix.conf" >/dev/null
+  echo "$1" >> "$workdir/nix.conf"
 }
 # Set jobs to number of cores
 add_config "max-jobs = auto"
+if [[ $OSTYPE =~ darwin ]]; then
+  add_config "ssl-cert-file = /etc/ssl/cert.pem"
+fi
 # Allow binary caches for user
-add_config "trusted-users = root $USER"
+add_config "trusted-users = root ${USER:-}"
 # Add github access token
-if [[ $INPUT_GITHUB_ACCESS_TOKEN != "" ]]; then
-  add_config "access-tokens" "github.com=$INPUT_GITHUB_ACCESS_TOKEN"
+if [[ -n "${INPUT_GITHUB_ACCESS_TOKEN:-}" ]]; then
+  add_config "access-tokens = github.com=$INPUT_GITHUB_ACCESS_TOKEN"
+elif [[ -n "${GITHUB_TOKEN:-}" ]]; then
+  add_config "access-tokens = github.com=$GITHUB_TOKEN"
 fi
 # Append extra nix configuration if provided
-if [[ $INPUT_EXTRA_NIX_CONFIG != "" ]]; then
+if [[ -n "${INPUT_EXTRA_NIX_CONFIG:-}" ]]; then
  add_config "$INPUT_EXTRA_NIX_CONFIG"
 fi
 if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "experimental-features" ]]; then
@@ -52,10 +57,10 @@ else
  add_config "build-users-group ="
  sudo mkdir -p /etc/nix
  sudo chmod 0755 /etc/nix
-  sudo cp $workdir/nix.conf /etc/nix/nix.conf
+  sudo cp "$workdir/nix.conf" /etc/nix/nix.conf
 fi

-if [[ $INPUT_INSTALL_OPTIONS != "" ]]; then
+if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then
  IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS"
  installer_options=("${extra_installer_options[@]}" "${installer_options[@]}")
 fi
@@ -64,7 +69,7 @@ echo "installer options: ${installer_options[*]}"

 # There is --retry-on-errors, but only newer curl versions support that
 curl_retries=5
-while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://nixos.org/nix/install}"
+while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.16.1/install}"
 do
  sleep 1
  ((curl_retries--))
@@ -76,19 +81,12 @@ done

 sh "$workdir/install" "${installer_options[@]}"

-if [[ $OSTYPE =~ darwin ]]; then
-  # macOS needs certificates hints
-  cert_file=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
-  echo "NIX_SSL_CERT_FILE=$cert_file" >> "$GITHUB_ENV"
-  export NIX_SSL_CERT_FILE=$cert_file
-  sudo launchctl setenv NIX_SSL_CERT_FILE "$cert_file"
-fi
-
 # Set paths
 echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
-echo "/nix/var/nix/profiles/per-user/$USER/profile/bin" >> "$GITHUB_PATH"
+# new path for nix 2.14
+echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"

-if [[ $INPUT_NIX_PATH != "" ]]; then
+if [[ -n "${INPUT_NIX_PATH:-}" ]]; then
  echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
 fi
Author	SHA1	Message	Date
Domen Kožar	e27879448e	Nix: 2.15.1 -> 2.16.1	2023-06-16 19:57:30 +01:00
Domen Kožar	8ab3881720	use system certs	2023-06-16 19:57:30 +01:00
Victor Engmark	2c203fd87b	feat: Configure editors Based on the content of files already in the repo.	2023-06-07 08:15:55 +12:00
Domen Kožar	4b933aa7eb	Nix: 2.15.1	2023-05-24 13:31:13 +01:00
Domen Kožar	35806937f1	Merge pull request #179 from joergdw/fix-action-path Fix action to make it work on custom containers;	2023-05-05 17:27:03 +01:00
Domen Kožar	3eb7a24508	Merge pull request #178 from cachix/docs/149 Document how to pass env vars to modern nix commands	2023-05-04 10:15:12 +01:00
sandydoo	840ed7ce9a	Document how to pass env vars to modern nix commands Resolves #149.	2023-05-04 08:41:47 +00:00
Jörg Weisbarth	b2f4229533	Fix action to make it work on custom containers; For further information, see: <https://github.com/actions/runner/issues/716#issuecomment-795238933>	2023-05-03 17:02:20 +02:00
Domen Kožar	e304541747	fix #170	2023-05-01 13:29:04 +01:00
Domen Kožar	3988b729f9	pin Nix to 2.15.0	2023-05-01 13:27:11 +01:00
sandydoo	763a380571	Bump revision in README	2023-04-28 00:43:31 +00:00
Domen Kožar	67e9fd765d	bump revision in readme	2023-04-17 11:06:51 +01:00
Domen Kožar	be4cef7b77	Merge pull request #166 from l0b0/refactor/linting refactor: Linting	2023-03-09 14:40:10 +04:00
Victor Engmark	3bdded02da	refactor: Use consistent emptiness check	2023-03-09 10:30:16 +13:00
Victor Engmark	ac5ee67104	refactor: Simplify appending to file Avoids one extra command, and removes the need for `tee`.	2023-03-09 10:27:14 +13:00
Victor Engmark	ef4bcbc79c	refactor: De-dupe Nix path detection	2023-03-09 10:24:48 +13:00
Victor Engmark	e322e039f3	fix: Quote variable reference As recommended by ShellCheck.	2023-03-09 10:23:20 +13:00
Domen Kožar	29bd9290ef	Merge pull request #163 from cachix/fix-nix-2.14 Support new Nix 2.14 profile PATH	2023-03-01 13:52:04 +08:00
Domen Kožar	167742cb88	don't insist $USER needs to be set	2023-03-01 05:51:32 +00:00
Domen Kožar	3755e30bd2	Support new Nix 2.14 profile PATH	2023-03-01 05:44:36 +00:00
Domen Kožar	193b0d85f5	Merge pull request #159 from cachix/update-readme Update README for v19	2023-02-08 19:35:22 +07:00
sandydoo	cb6121cc54	Update README for v19	2023-02-06 15:00:46 +00:00
Domen Kožar	5c11eae19d	Merge pull request #158 from cachix/fix-test update tests	2023-02-06 14:18:48 +01:00
Domen Kožar	bd6084e16e	Merge pull request #156 from InternetUnexplorer/update-readme clarify behavior of github_access_token option	2023-02-06 07:13:26 +01:00
Domen Kožar	67388ca69e	Merge pull request #157 from zimbatm/default-token Fix rate-limits by using github.token by default	2023-02-05 18:35:04 +01:00
zimbatm	a4b8aaf5a2	Fix rate-limits by using github.token by default Turns out there is a default github token we can use to talk to github and avoid the rate limit issues.	2023-02-05 16:55:28 +01:00
InternetUnexplorer	70980f045d	clarify behavior of github_access_token option This also fixes a typo and makes some other tiny changes that I noticed when I was looking at the README.	2023-01-19 16:52:32 -08:00
Domen Kožar	25d64bbf11	Merge pull request #153 from InternetUnexplorer/master fix typo in github_access_token option	2023-01-19 19:00:25 +00:00
InternetUnexplorer	b95f682503	fix typo in github_access_token option add_config only takes one argument; this was causing Nix to error with "illegal configuration line 'access-tokens' in '/etc/nix/nix.conf'"	2023-01-07 20:10:13 -08:00