Merge pull request #33 from cachix/nix-2.3.5

Nix 2.3.5

.github/workflows/test.yml

@@ -3,16 +3,34 @@ on:
   pull_request:
   push:
 jobs:
-  tests:
+  simple-build:
     strategy:
       matrix:
-        os: [ubuntu-18.04, macos]
+        os: [ubuntu-latest, macos-latest]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - run: yarn install --frozen-lockfile
     - run: yarn build
-    - run: yarn test
     - name: Install Nix
       uses: ./
-    - run: nix-build test.nix
+    - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
+    - run: cat /etc/nix/nix.conf
+    # cachix should be available and be able to configure a cache
+    - run: cachix use cachix
+    - run: nix-build test.nix
+  no-channel:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - run: yarn install --frozen-lockfile
+    - run: yarn build
+    - name: Install Nix
+      uses: ./
+      with:
+        skip_adding_nixpkgs_channel: true
+    - run: nix-build test.nix && exit 1 || echo "OK"
+    - run: NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde nix-build test.nix

README.md

@@ -17,11 +17,14 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v1
+    - uses: cachix/install-nix-action@v8
     - run: nix-build
 ```
 
+
+See [action.yml](action.yml) for all options.
+
 See also [cachix-action](https://github.com/cachix/cachix-action) for
 simple binary cache setup to speed up your builds and share binaries
 with developers.

action.yml

@@ -1,6 +1,11 @@
 name: 'Install Nix'
 description: 'Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.'
 author: 'Domen Kožar'
+inputs:
+  install_url:
+    description: 'Installation URL that will contain a script to install Nix'
+  skip_adding_nixpkgs_channel:
+    description: 'Skip adding nixpkgs-unstable channel'
 branding:
   color: 'blue'
   icon: 'sun'

lib/create-darwin-volume.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+set -e
+
+root_disks() {
+    diskutil list -plist /
+}
+
+apfs_volumes_for() {
+    disk=$1
+    diskutil apfs list -plist "$disk"
+}
+
+disk_identifier() {
+    xpath "/plist/dict/key[text()='WholeDisks']/following-sibling::array[1]/string/text()" 2>/dev/null
+}
+
+volume_get() {
+    key=$1 i=$2
+    xpath "/plist/dict/array/dict/key[text()='Volumes']/following-sibling::array/dict[$i]/key[text()='$key']/following-sibling::string[1]/text()" 2> /dev/null
+}
+
+find_nix_volume() {
+    disk=$1
+    i=1
+    volumes=$(apfs_volumes_for "$disk")
+    while true; do
+        name=$(echo "$volumes" | volume_get "Name" "$i")
+        if [ -z "$name" ]; then
+            break
+        fi
+        case "$name" in
+            [Nn]ix*)
+                echo "$name"
+                break
+                ;;
+        esac
+        i=$((i+1))
+    done
+}
+
+test_fstab() {
+    grep -q "/nix" /etc/fstab 2>/dev/null
+}
+
+test_synthetic_conf() {
+    grep -q "^nix" /etc/synthetic.conf 2>/dev/null
+}
+
+test_nix() {
+    test -d "/nix"
+}
+
+main() {
+    (
+        echo ""
+        echo "     ------------------------------------------------------------------ "
+        echo "    | This installer will create a volume for the nix store and        |"
+        echo "    | configure it to mount at /nix.  Follow these steps to uninstall. |"
+        echo "     ------------------------------------------------------------------ "
+        echo ""
+        echo "  1. Remove the entry from fstab using 'sudo vifs'"
+        echo "  2. Destroy the data volume using 'diskutil apfs deleteVolume'"
+        echo "  3. Delete /etc/synthetic.conf"
+        echo ""
+    ) >&2
+
+    if [ -L "/nix" ]; then
+        echo "error: /nix is a symlink, please remove it or edit synthetic.conf (requires reboot)" >&2
+        echo "  /nix -> $(readlink "/nix")" >&2
+        exit 2
+    fi
+
+    if ! test_synthetic_conf; then
+        echo "Configuring /etc/synthetic.conf..." >&2
+        echo nix | sudo tee /etc/synthetic.conf
+        /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B
+    fi
+
+    if ! test_nix; then
+        echo "Creating mountpoint for /nix..." >&2
+        sudo mkdir /nix
+    fi
+
+    disk=$(root_disks | disk_identifier)
+    volume=$(find_nix_volume "$disk")
+    if [ -z "$volume" ]; then
+        echo "Creating a Nix Store volume..." >&2
+        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix
+        volume="Nix Store"
+    else
+        echo "Using existing '$volume' volume" >&2
+    fi
+
+    if ! test_fstab; then
+        echo "Configuring /etc/fstab..." >&2
+        label=$(echo "$volume" | sed 's/ /\\040/g')
+        printf "\$a\nLABEL=%s /nix apfs rw\n.\nwq\n" "$label" | EDITOR=ed sudo vifs
+        sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool true
+    fi
+}
+
+main "$@"

lib/install-nix.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Set jobs to number of cores
+sudo sh -c 'echo max-jobs = auto >> /tmp/nix.conf'
+# Allow binary caches for runner user
+sudo sh -c 'echo trusted-users = root runner >> /tmp/nix.conf'
+
+if [[ $INPUT_SKIP_ADDING_NIXPKGS_CHANNEL = "true" ]]; then
+  extra_cmd=--no-channel-add
+else
+  extra_cmd=
+fi
+
+sh <(curl -L ${INPUT_INSTALL_URL:-https://nixos.org/nix/install}) \
+  --daemon --daemon-user-count 4 --nix-extra-conf-file /tmp/nix.conf --darwin-use-unencrypted-nix-store-volume $extra_cmd
+
+if [[ $OSTYPE =~ darwin ]]; then
+  # Disable spotlight indexing of /nix to speed up performance
+  sudo mdutil -i off /nix
+
+  # macOS needs certificates hints
+  cert_file=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
+  echo "::set-env name=NIX_SSL_CERT_FILE::$cert_file"
+  export NIX_SSL_CERT_FILE=$cert_file
+  sudo launchctl setenv NIX_SSL_CERT_FILE "$cert_file"
+fi
+
+# Set paths
+echo "::add-path::/nix/var/nix/profiles/per-user/runner/profile/bin"
+echo "::add-path::/nix/var/nix/profiles/default/bin"
+if [[ $INPUT_SKIP_ADDING_NIXPKGS_CHANNEL != "true" ]]; then
+echo "::set-env name=NIX_PATH::/nix/var/nix/profiles/per-user/root/channels"
+fi

lib/main.js

@@ -1,48 +1,4 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
+const child_process_1 = require("child_process");
-const exec = __importStar(require("@actions/exec"));
+child_process_1.execFileSync(`${__dirname}/install-nix.sh`, { stdio: 'inherit' });
-const tc = __importStar(require("@actions/tool-cache"));
-const os_1 = require("os");
-const fs_1 = require("fs");
-function run() {
-    return __awaiter(this, void 0, void 0, function* () {
-        try {
-            // rest of the constants
-            const home = os_1.homedir();
-            const { username } = os_1.userInfo();
-            const PATH = process.env.PATH;
-            const CERTS_PATH = home + '/.nix-profile/etc/ssl/certs/ca-bundle.crt';
-            // TODO: retry due to all the things that go wrong
-            const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install');
-            yield exec.exec("sh", [nixInstall]);
-            core.exportVariable('PATH', `${PATH}:${home}/.nix-profile/bin`);
-            core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/${username}/channels`);
-            // macOS needs certificates hints
-            if (fs_1.existsSync(CERTS_PATH)) {
-                core.exportVariable('NIX_SSL_CERT_FILE', CERTS_PATH);
-            }
-        }
-        catch (error) {
-            core.setFailed(`Action failed with error: ${error}`);
-            throw (error);
-        }
-    });
-}
-run();

lib/utils.js

@@ -1,8 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-function extrasperse(elem, array) {
-    const init = [];
-    return array.reduce((r, a) => r.concat(elem, a), init);
-}
-exports.extrasperse = extrasperse;
-;

shell.nix

@@ -0,0 +1,8 @@
+{ pkgs ? import <nixpkgs> {}
+}:
+
+pkgs.mkShell {
+  name = "install-nix-action-shell";
+
+  buildInputs = [ pkgs.yarn ];
+}

src/main.ts

@@ -1,34 +1,3 @@
-import * as core from '@actions/core';
+import { execFileSync } from 'child_process';
-import * as exec from '@actions/exec';
-import * as tc from '@actions/tool-cache';
-import {homedir, userInfo} from 'os';
-import {existsSync} from 'fs';
 
-async function run() {
+execFileSync(`${__dirname}/install-nix.sh`, { stdio: 'inherit' });
-  try {
-    const home = homedir();
-    const {username} = userInfo();
-    const PATH = process.env.PATH;  
-    const CERTS_PATH = home + '/.nix-profile/etc/ssl/certs/ca-bundle.crt';
-
-    // Workaround a segfault: https://github.com/NixOS/nix/issues/2733
-    await exec.exec("sudo", ["mkdir", "-p", "/etc/nix"]);
-    await exec.exec("sudo", ["echo", "http2 = false", ">>", "/etc/nix/nix.conf"]);
-
-    // TODO: retry due to all the things that go wrong
-    const nixInstall = await tc.downloadTool('https://nixos.org/nix/install');
-    await exec.exec("sh", [nixInstall]);
-    core.exportVariable('PATH', `${PATH}:${home}/.nix-profile/bin`)
-    core.exportVariable('NIX_PATH', `/nix/var/nix/profiles/per-user/${username}/channels`)
-
-    // macOS needs certificates hints
-    if (existsSync(CERTS_PATH)) {
-      core.exportVariable('NIX_SSL_CERT_FILE', CERTS_PATH);
-    }
-  } catch (error) {
-    core.setFailed(`Action failed with error: ${error}`);
-    throw(error);
-  } 
-}
-
-run();

yarn.lock

@@ -424,9 +424,9 @@ acorn-walk@^6.0.1:
   integrity sha512-7evsyfH1cLOCdAzZAd43Cic04yKydNx0cF+7tiA19p1XnLLPU4dpCQOqpjqwokFe//vS0QqfqqjCS2JkiIs0cA==
 
 acorn@^5.5.3:
-  version "5.7.3"
+  version "5.7.4"
-  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.3.tgz#67aa231bf8812974b85235a96771eb6bd07ea279"
+  resolved "https://registry.yarnpkg.com/acorn/-/acorn-5.7.4.tgz#3e8d8a9947d0599a1796d10225d7432f4a4acf5e"
-  integrity sha512-T/zvzYRfbVojPWahDsE5evJdHb3oJoQfFbsrKM7w5Zcs++Tr257tia3BmMP8XYVjp1S9RZXQMh7gao96BlqZOw==
+  integrity sha512-1D++VG7BhrtvQpNbBzovKNc1FLGGEE/oGe7b9xJm/RFHMBeUaUGpluV9RLjZa47YFdPcDAenEYuq9pQPcMdLJg==
 
 acorn@^6.0.1:
   version "6.3.0"