Compare commits

..

No commits in common. "master" and "fix-ci" have entirely different histories.

5 changed files with 76 additions and 102 deletions

View File

@ -1,15 +0,0 @@
# EditorConfig is awesome: https://EditorConfig.org
# top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file
[*]
charset = utf-8
end_of_line = lf
indent_size = 2
indent_style = space
insert_final_newline = true
[LICENSE]
indent_size = unset

View File

@ -12,11 +12,11 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
nix_path: nixpkgs=channel:nixos-22.11
nix_path: nixpkgs=channel:nixos-20.03
- run: nix-env -iA cachix -f https://cachix.org/api/v1/install
- run: cat /etc/nix/nix.conf
# cachix should be available and be able to configure a cache
@ -28,7 +28,7 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
@ -42,11 +42,11 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
nix_path: nixpkgs=channel:nixos-22.11
nix_path: nixpkgs=channel:nixos-20.03
extra_nix_config: |
sandbox = relaxed
- run: cat /etc/nix/nix.conf
@ -58,9 +58,14 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install
install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- run: nix flake show github:NixOS/nixpkgs
installer-options:
@ -69,13 +74,13 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
nix_path: nixpkgs=channel:nixos-22.11
install_options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve
install_url: https://nixos-nix-install-tests.cachix.org/serve/s62m7lc0q0mz2mxxm9q0kkrcg90njzhq/install
nix_path: nixpkgs=channel:nixos-21.05
install_url: https://nixos-nix-install-tests.cachix.org/serve/i6laym9jw3wg9mw6ncyrk6gjx4l34vvx/install
install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
- run: nix-build test.nix
oldest-supported-installer:
@ -84,12 +89,12 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
nix_path: nixpkgs=channel:nixos-22.11
install_url: https://releases.nixos.org/nix/nix-2.8.0/install
nix_path: nixpkgs=channel:nixos-21.05
install_url: https://releases.nixos.org/nix/nix-2.3.8/install
- run: nix-build test.nix
act-support:
@ -98,7 +103,7 @@ jobs:
os: [ubuntu-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v3
- run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
- run: docker pull ghcr.io/catthehacker/ubuntu:js-20.04
- run: ./bin/act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:js-20.04 push -j simple-build

View File

@ -1,24 +1,24 @@
# install-nix-action
![GitHub Actions badge](https://github.com/cachix/install-nix-action/workflows/install-nix-action%20test/badge.svg)
![github actions badge](https://github.com/cachix/install-nix-action/workflows/install-nix-action%20test/badge.svg)
Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platforms: Linux and macOS.
By default it has no nixpkgs configured, you have to set `nix_path`
by [picking a channel](https://status.nixos.org/)
or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs)
(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs)).
or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs.html)
(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs.html)).
# Features
- Quick installation (~4s on Linux, ~20s on macOS)
- Multi-User installation (with sandboxing enabled only on Linux)
- [Self-hosted GitHub runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
- [Self-hosted github runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
- Allows specifying Nix installation URL via `install_url` (the oldest supported Nix version is 2.3.5)
- Allows specifying extra Nix configuration options via `extra_nix_config`
- Allows specifying extra Nix configration options via `extra_nix_config`
- Allows specifying `$NIX_PATH` and channels via `nix_path`
- Share `/nix/store` between builds using [cachix-action](https://github.com/cachix/cachix-action) for simple binary cache setup to speed up your builds and share binaries with your team
- Enables `flakes` and `nix-command` experimental features by default (to disable, set `experimental-features` via `extra_nix_config`)
- Enables `flakes` and `nix-command` experimental features by default (to disable, set ``experimental-features`` via ``extra_nix_config``)
## Usage
@ -33,13 +33,14 @@ jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- uses: actions/checkout@v2.4.0
- uses: cachix/install-nix-action@v15
with:
nix_path: nixpkgs=channel:nixos-unstable
- run: nix-build
```
## Usage with Flakes
```yaml
@ -51,10 +52,11 @@ jobs:
tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: cachix/install-nix-action@v22
- uses: actions/checkout@v2.4.0
- uses: cachix/install-nix-action@v15
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- run: nix build
- run: nix flake check
```
@ -63,28 +65,25 @@ To install Nix from any commit, go to [the corresponding installer_test action](
## Inputs (specify using `with:`)
- `extra_nix_config`: append to `/etc/nix/nix.conf`
- `github_access_token`: configure Nix to pull from GitHub using the given GitHub token. This helps work around rate limit issues. Has no effect when `access-tokens` is also specified in `extra_nix_config`.
- `install_url`: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix, for example https://releases.nixos.org/nix/nix-2.3.7/install)
- `install_options`: additional installer flags passed to the installer script.
- `install_url`: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix for example https://releases.nixos.org/nix/nix-2.3.7/install)
- `nix_path`: set `NIX_PATH` environment variable, for example `nixpkgs=channel:nixos-unstable`
- `extra_nix_config`: append to `/etc/nix/nix.conf`
---
## FAQ
### How do I print nixpkgs version I have configured?
```yaml
- name: Print nixpkgs version
run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
```
### How do I run NixOS tests?
### How can I run NixOS tests?
With the following inputs:
@ -96,7 +95,7 @@ With the following inputs:
[Note that there's no hardware acceleration on GitHub Actions.](https://github.com/actions/virtual-environments/issues/183#issuecomment-610723516).
### How do I install packages via nix-env from the specified `nix_path`?
### How can I install packages via nix-env from the specified `nix_path`?
```
nix-env -i mypackage -f '<nixpkgs>'
@ -120,29 +119,26 @@ Otherwise, you can add any binary cache to nix.conf using
install-nix-action's own `extra_nix_config` input:
```yaml
- uses: cachix/install-nix-action@v22
- uses: cachix/install-nix-action@vXX
with:
extra_nix_config: |
trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
substituters = https://hydra.iohk.io https://cache.nixos.org/
```
### How do I pass environment variables to commands run with `nix develop` or `nix shell`?
## Hacking
Nix runs commands in a restricted environment by default, called `pure mode`.
In pure mode, environment variables are not passed through to improve the reproducibility of the shell.
You can use the `--keep / -k` flag to keep certain environment variables:
```yaml
- name: Run a command with nix develop
run: nix develop --ignore-environment --keep MY_ENV_VAR --command echo $MY_ENV_VAR
env:
MY_ENV_VAR: "hello world"
Install the dependencies
```bash
$ yarn install
```
Or you can disable pure mode entirely with the `--impure` flag:
Build the typescript
```bash
$ yarn build
```
```
nix develop --impure
Run the tests :heavy_check_mark:
```bash
$ yarn test
```

View File

@ -2,28 +2,24 @@ name: 'Install Nix'
description: 'Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.'
author: 'Domen Kožar'
inputs:
extra_nix_config:
description: 'Gets appended to `/etc/nix/nix.conf` if passed.'
github_access_token:
description: 'Configure nix to pull from github using the given github token.'
install_url:
description: 'Installation URL that will contain a script to install Nix.'
install_options:
description: 'Additional installer flags passed to the installer script.'
nix_path:
description: 'Set NIX_PATH environment variable.'
extra_nix_config:
description: 'gets appended to `/etc/nix/nix.conf` if passed.'
branding:
color: 'blue'
icon: 'sun'
runs:
using: 'composite'
steps:
- run : ${GITHUB_ACTION_PATH}/install-nix.sh
- run : ${{ github.action_path }}/install-nix.sh
shell: bash
env:
INPUT_EXTRA_NIX_CONFIG: ${{ inputs.extra_nix_config }}
INPUT_GITHUB_ACCESS_TOKEN: ${{ inputs.github_access_token }}
INPUT_INSTALL_OPTIONS: ${{ inputs.install_options }}
INPUT_INSTALL_URL: ${{ inputs.install_url }}
INPUT_INSTALL_OPTIONS: ${{ inputs.install_options }}
INPUT_NIX_PATH: ${{ inputs.nix_path }}
GITHUB_TOKEN: ${{ github.token }}
INPUT_EXTRA_NIX_CONFIG: ${{ inputs.extra_nix_config }}

View File

@ -1,8 +1,8 @@
#!/usr/bin/env bash
set -euo pipefail
if nix_path="$(type -p nix)" ; then
echo "Aborting: Nix is already installed at ${nix_path}"
if type -p nix &>/dev/null ; then
echo "Aborting: Nix is already installed at $(type -p nix)"
exit
fi
@ -15,24 +15,14 @@ trap 'rm -rf "$workdir"' EXIT
# Configure Nix
add_config() {
echo "$1" >> "$workdir/nix.conf"
echo "$1" | tee -a "$workdir/nix.conf" >/dev/null
}
add_config "show-trace = true"
# Set jobs to number of cores
add_config "max-jobs = auto"
if [[ $OSTYPE =~ darwin ]]; then
add_config "ssl-cert-file = /etc/ssl/cert.pem"
fi
# Allow binary caches for user
add_config "trusted-users = root ${USER:-}"
# Add github access token
if [[ -n "${INPUT_GITHUB_ACCESS_TOKEN:-}" ]]; then
add_config "access-tokens = github.com=$INPUT_GITHUB_ACCESS_TOKEN"
elif [[ -n "${GITHUB_TOKEN:-}" ]]; then
add_config "access-tokens = github.com=$GITHUB_TOKEN"
fi
add_config "trusted-users = root $USER"
# Append extra nix configuration if provided
if [[ -n "${INPUT_EXTRA_NIX_CONFIG:-}" ]]; then
if [[ $INPUT_EXTRA_NIX_CONFIG != "" ]]; then
add_config "$INPUT_EXTRA_NIX_CONFIG"
fi
if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "experimental-features" ]]; then
@ -47,7 +37,7 @@ installer_options=(
)
# only use the nix-daemon settings if on darwin (which get ignored) or systemd is supported
if [[ (! $INPUT_INSTALL_OPTIONS =~ "--no-daemon") && ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then
if [[ $OSTYPE =~ darwin || -e /run/systemd/system ]]; then
installer_options+=(
--daemon
--daemon-user-count "$(python3 -c 'import multiprocessing as mp; print(mp.cpu_count() * 2)')"
@ -58,10 +48,10 @@ else
add_config "build-users-group ="
sudo mkdir -p /etc/nix
sudo chmod 0755 /etc/nix
sudo cp "$workdir/nix.conf" /etc/nix/nix.conf
sudo cp $workdir/nix.conf /etc/nix/nix.conf
fi
if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then
if [[ $INPUT_INSTALL_OPTIONS != "" ]]; then
IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS"
installer_options=("${extra_installer_options[@]}" "${installer_options[@]}")
fi
@ -70,7 +60,7 @@ echo "installer options: ${installer_options[*]}"
# There is --retry-on-errors, but only newer curl versions support that
curl_retries=5
while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.17.0/install}"
while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://nixos.org/nix/install}"
do
sleep 1
((curl_retries--))
@ -82,18 +72,20 @@ done
sh "$workdir/install" "${installer_options[@]}"
# Set paths
echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
# new path for nix 2.14
echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
if [[ -n "${INPUT_NIX_PATH:-}" ]]; then
echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
if [[ $OSTYPE =~ darwin ]]; then
# macOS needs certificates hints
cert_file=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
echo "NIX_SSL_CERT_FILE=$cert_file" >> "$GITHUB_ENV"
export NIX_SSL_CERT_FILE=$cert_file
sudo launchctl setenv NIX_SSL_CERT_FILE "$cert_file"
fi
# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197
if [[ -z "${TMPDIR:-}" ]]; then
echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV"
# Set paths
echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
echo "/nix/var/nix/profiles/per-user/$USER/profile/bin" >> "$GITHUB_PATH"
if [[ $INPUT_NIX_PATH != "" ]]; then
echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
fi
# Close the log message group which was opened above