Merge pull request #199 from jalaziz/tempdir

fix: Set TMPDIR to avoid disk space issues

.editorconfig

@@ -0,0 +1,15 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+# top-most EditorConfig file
+root = true
+
+# Unix-style newlines with a newline ending every file
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+
+[LICENSE]
+indent_size = unset

.github/workflows/test.yml

@@ -12,11 +12,11 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install Nix
       uses: ./
       with:
-        nix_path: nixpkgs=channel:nixos-20.03
+        nix_path: nixpkgs=channel:nixos-22.11
     - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
     - run: cat /etc/nix/nix.conf
     # cachix should be available and be able to configure a cache
@@ -28,7 +28,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install Nix
       uses: ./
       with:
@@ -42,11 +42,11 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install Nix
       uses: ./
       with:
-        nix_path: nixpkgs=channel:nixos-20.03
+        nix_path: nixpkgs=channel:nixos-22.11
         extra_nix_config: |
           sandbox = relaxed
     - run: cat /etc/nix/nix.conf
@@ -58,7 +58,7 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install Nix
       uses: ./
     - run: nix flake show github:NixOS/nixpkgs
@@ -69,11 +69,11 @@ jobs:
         os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install Nix
       uses: ./
       with:
-        nix_path: nixpkgs=channel:nixos-22.05
+        nix_path: nixpkgs=channel:nixos-22.11
         install_options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve
         install_url: https://nixos-nix-install-tests.cachix.org/serve/s62m7lc0q0mz2mxxm9q0kkrcg90njzhq/install
     - run: nix-build test.nix
@@ -84,11 +84,11 @@ jobs:
           os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - name: Install Nix
       uses: ./
       with:
-        nix_path: nixpkgs=channel:nixos-22.05
+        nix_path: nixpkgs=channel:nixos-22.11
         install_url: https://releases.nixos.org/nix/nix-2.8.0/install
     - run: nix-build test.nix
 
@@ -98,7 +98,7 @@ jobs:
           os: [ubuntu-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
     - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
     - run: docker pull ghcr.io/catthehacker/ubuntu:js-20.04
     - run: ./bin/act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:js-20.04 push -j simple-build

README.md

@@ -6,8 +6,8 @@ Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platf
 
 By default it has no nixpkgs configured, you have to set `nix_path`
 by [picking a channel](https://status.nixos.org/)
-or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs.html)
+or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs)
-(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs.html)).
+(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs)).
 
 # Features
 
@@ -34,7 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: cachix/install-nix-action@v19
+    - uses: cachix/install-nix-action@v22
       with:
         nix_path: nixpkgs=channel:nixos-unstable
     - run: nix-build
@@ -52,7 +52,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
-    - uses: cachix/install-nix-action@v19
+    - uses: cachix/install-nix-action@v22
       with:
         github_access_token: ${{ secrets.GITHUB_TOKEN }}
     - run: nix build
@@ -84,7 +84,7 @@ To install Nix from any commit, go to [the corresponding installer_test action](
   run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
 ```
 
-### How can I run NixOS tests?
+### How do I run NixOS tests?
 
 With the following inputs:
 
@@ -96,7 +96,7 @@ With the following inputs:
 
 [Note that there's no hardware acceleration on GitHub Actions.](https://github.com/actions/virtual-environments/issues/183#issuecomment-610723516).
 
-### How can I install packages via nix-env from the specified `nix_path`?
+### How do I install packages via nix-env from the specified `nix_path`?
 
 ```
 nix-env -i mypackage -f '<nixpkgs>'
@@ -120,9 +120,29 @@ Otherwise, you can add any binary cache to nix.conf using
 install-nix-action's own `extra_nix_config` input:
 
 ```yaml
-- uses: cachix/install-nix-action@v19
+- uses: cachix/install-nix-action@v22
   with:
     extra_nix_config: |
       trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
       substituters = https://hydra.iohk.io https://cache.nixos.org/
 ```
+
+### How do I pass environment variables to commands run with `nix develop` or `nix shell`?
+
+Nix runs commands in a restricted environment by default, called `pure mode`.
+In pure mode, environment variables are not passed through to improve the reproducibility of the shell.
+
+You can use the `--keep / -k` flag to keep certain environment variables:
+
+```yaml
+- name: Run a command with nix develop
+  run: nix develop --ignore-environment --keep MY_ENV_VAR --command echo $MY_ENV_VAR
+  env:
+    MY_ENV_VAR: "hello world"
+```
+
+Or you can disable pure mode entirely with the `--impure` flag:
+
+```
+nix develop --impure
+```

action.yml

@@ -18,7 +18,7 @@ branding:
 runs:
   using: 'composite'
   steps:
-    - run : ${{ github.action_path }}/install-nix.sh
+    - run : ${GITHUB_ACTION_PATH}/install-nix.sh
       shell: bash
       env:
         INPUT_EXTRA_NIX_CONFIG: ${{ inputs.extra_nix_config }}

install-nix.sh

@@ -1,8 +1,8 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-if type -p nix &>/dev/null ; then
+if nix_path="$(type -p nix)" ; then
-  echo "Aborting: Nix is already installed at $(type -p nix)"
+  echo "Aborting: Nix is already installed at ${nix_path}"
   exit
 fi
 
@@ -15,12 +15,16 @@ trap 'rm -rf "$workdir"' EXIT
 
 # Configure Nix
 add_config() {
-  echo "$1" | tee -a "$workdir/nix.conf" >/dev/null
+  echo "$1" >> "$workdir/nix.conf"
 }
+add_config "show-trace = true"
 # Set jobs to number of cores
 add_config "max-jobs = auto"
+if [[ $OSTYPE =~ darwin ]]; then
+  add_config "ssl-cert-file = /etc/ssl/cert.pem"
+fi
 # Allow binary caches for user
-add_config "trusted-users = root $USER"
+add_config "trusted-users = root ${USER:-}"
 # Add github access token
 if [[ -n "${INPUT_GITHUB_ACCESS_TOKEN:-}" ]]; then
   add_config "access-tokens = github.com=$INPUT_GITHUB_ACCESS_TOKEN"
@@ -28,7 +32,7 @@ elif [[ -n "${GITHUB_TOKEN:-}" ]]; then
   add_config "access-tokens = github.com=$GITHUB_TOKEN"
 fi
 # Append extra nix configuration if provided
-if [[ $INPUT_EXTRA_NIX_CONFIG != "" ]]; then
+if [[ -n "${INPUT_EXTRA_NIX_CONFIG:-}" ]]; then
   add_config "$INPUT_EXTRA_NIX_CONFIG"
 fi
 if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "experimental-features" ]]; then
@@ -54,10 +58,10 @@ else
   add_config "build-users-group ="
   sudo mkdir -p /etc/nix
   sudo chmod 0755 /etc/nix
-  sudo cp $workdir/nix.conf /etc/nix/nix.conf
+  sudo cp "$workdir/nix.conf" /etc/nix/nix.conf
 fi
 
-if [[ $INPUT_INSTALL_OPTIONS != "" ]]; then
+if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then
   IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS"
   installer_options=("${extra_installer_options[@]}" "${installer_options[@]}")
 fi
@@ -66,7 +70,7 @@ echo "installer options: ${installer_options[*]}"
 
 # There is --retry-on-errors, but only newer curl versions support that
 curl_retries=5
-while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://nixos.org/nix/install}"
+while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.17.0/install}"
 do
   sleep 1
   ((curl_retries--))
@@ -78,21 +82,19 @@ done
 
 sh "$workdir/install" "${installer_options[@]}"
 
-if [[ $OSTYPE =~ darwin ]]; then
-  # macOS needs certificates hints
-  cert_file=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
-  echo "NIX_SSL_CERT_FILE=$cert_file" >> "$GITHUB_ENV"
-  export NIX_SSL_CERT_FILE=$cert_file
-  sudo launchctl setenv NIX_SSL_CERT_FILE "$cert_file"
-fi
-
 # Set paths
 echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
-echo "/nix/var/nix/profiles/per-user/$USER/profile/bin" >> "$GITHUB_PATH"
+# new path for nix 2.14
+echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
 
-if [[ $INPUT_NIX_PATH != "" ]]; then
+if [[ -n "${INPUT_NIX_PATH:-}" ]]; then
   echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
 fi
 
+# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197
+if [[ -z "${TMPDIR:-}" ]]; then
+  echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV"
+fi
+
 # Close the log message group which was opened above
 echo "::endgroup::"