test single install

.github/dependabot.yml

@@ -1,13 +0,0 @@
-version: 2
-updates:
-
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
-    time: '00:00'
-    timezone: UTC
-  open-pull-requests-limit: 10
-  commit-message:
-      prefix: "chore"
-      include: "scope"

.github/workflows/test.yml

@@ -2,7 +2,6 @@ name: "install-nix-action test"
 on:
   pull_request:
   push:
-
 jobs:
   simple-build:
     strategy:
@@ -15,15 +14,12 @@ jobs:
     - run: yarn build
     - name: Install Nix
       uses: ./
-      with:
-        nix_path: nixpkgs=channel:nixos-20.03
     - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
     - run: cat /etc/nix/nix.conf
     # cachix should be available and be able to configure a cache
     - run: cachix use cachix
     - run: nix-build test.nix
-
-  custom-nix-path:
+  no-channel:
     strategy:
       matrix:
         os: [ubuntu-latest, macos-latest]
@@ -35,24 +31,6 @@ jobs:
     - name: Install Nix
       uses: ./
       with:
-        nix_path: nixpkgs=channel:nixos-20.03
-    - run: test $NIX_PATH == "nixpkgs=channel:nixos-20.03"
-    - run: nix-build test.nix
-
-  extra-nix-config:
-    strategy:
-      matrix:
-        os: [ubuntu-latest, macos-latest]
-    runs-on: ${{ matrix.os }}
-    steps:
-    - uses: actions/checkout@v2
-    - run: yarn install --frozen-lockfile
-    - run: yarn build
-    - name: Install Nix
-      uses: ./
-      with: 
-        nix_path: nixpkgs=channel:nixos-20.03
-        extra_nix_config: |
-          sandbox = relaxed
-    - run: cat /etc/nix/nix.conf
-    - run: nix-build test.nix --arg noChroot true
+        skip_adding_nixpkgs_channel: true
+    - run: nix-build test.nix && exit 1 || echo "OK"
+    - run: NIX_PATH=nixpkgs=https://github.com/NixOS/nixpkgs/tarball/ab5863afada3c1b50fc43bf774b75ea71b287cde nix-build test.nix

README.md

@@ -4,19 +4,6 @@
 
 Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platforms: Linux and macOS.
 
-By default it has no nixpkgs configured, you have to set `nix_path`
-by [picking a channel](https://status.nixos.org/)
-or [pin nixpkgs yourself](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs.html).
-
-# Features
-
-- Quick installation (~4s on Linux, ~20s on macOS)
-- Multi-User installation (with sandboxing enabled only on Linux)
-- [Self-hosted github runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
-- Allows specifying Nix installation URL via `install_url`
-- Allows specifying extra Nix configration options via `extra_nix_config`
-- Allows specifying `$NIX_PATH` and channels via `nix_path`
-
 ## Usage
 
 Create `.github/workflows/test.yml` in your repo with the following contents:
@@ -31,60 +18,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v11
-      with:
-        nix_path: nixpkgs=channel:nixos-unstable
+    - uses: cachix/install-nix-action@v8
     - run: nix-build
 ```
 
+
+See [action.yml](action.yml) for all options.
+
 See also [cachix-action](https://github.com/cachix/cachix-action) for
 simple binary cache setup to speed up your builds and share binaries
 with developers.
 
-## Usage with Flakes
-
-```
-name: "Test"
-on:
-  pull_request:
-  push:
-jobs:
-  tests:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-          # Nix Flakes doesn't work on shallow clones
-          fetch-depth: 0
-    - uses: cachix/install-nix-action@v11
-      with:
-        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-3.0pre20200820_4d77513/install
-        extra_nix_config: |
-          experimental-features = nix-command flakes
-    - run: nix-build
-```
-
-## Inputs (specify using `with:`)
-
-- `install_url`: specify URL to install Nix from (useful for testing non-stable releases)
-
-- `nix_path`: set `NIX_PATH` environment variable, for example `nixpkgs=channel:nixos-unstable`
-
-- `extra_nix_config`: append to `/etc/nix/nix.conf`
-
 ---
 
-## FAQ
-
-### Is it possible to run NixOS tests / Qemu+KVM with GitHub Actions?
-
-[Currently GitHub Actions are not running on Azure instance types that support nested virtualization](https://github.com/actions/virtual-environments/issues/183#issuecomment-610723516).
-
-### How do I print nixpkgs version with the channel I have configured?
-
-
-```nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'```
-
 ## Hacking
 
 Install the dependencies

action.yml

@@ -4,10 +4,8 @@ author: 'Domen Kožar'
 inputs:
   install_url:
     description: 'Installation URL that will contain a script to install Nix'
-  nix_path:
-    description: 'Set NIX_PATH environment variable.'
-  extra_nix_config:
-    description: 'gets appended to `/etc/nix/nix.conf` if passed.'
+  skip_adding_nixpkgs_channel:
+    description: 'Skip adding nixpkgs-unstable channel'
 branding:
   color: 'blue'
   icon: 'sun'

lib/create-darwin-volume.sh

@@ -0,0 +1,102 @@
+#!/usr/bin/env bash
+set -e
+
+root_disks() {
+    diskutil list -plist /
+}
+
+apfs_volumes_for() {
+    disk=$1
+    diskutil apfs list -plist "$disk"
+}
+
+disk_identifier() {
+    xpath "/plist/dict/key[text()='WholeDisks']/following-sibling::array[1]/string/text()" 2>/dev/null
+}
+
+volume_get() {
+    key=$1 i=$2
+    xpath "/plist/dict/array/dict/key[text()='Volumes']/following-sibling::array/dict[$i]/key[text()='$key']/following-sibling::string[1]/text()" 2> /dev/null
+}
+
+find_nix_volume() {
+    disk=$1
+    i=1
+    volumes=$(apfs_volumes_for "$disk")
+    while true; do
+        name=$(echo "$volumes" | volume_get "Name" "$i")
+        if [ -z "$name" ]; then
+            break
+        fi
+        case "$name" in
+            [Nn]ix*)
+                echo "$name"
+                break
+                ;;
+        esac
+        i=$((i+1))
+    done
+}
+
+test_fstab() {
+    grep -q "/nix" /etc/fstab 2>/dev/null
+}
+
+test_synthetic_conf() {
+    grep -q "^nix" /etc/synthetic.conf 2>/dev/null
+}
+
+test_nix() {
+    test -d "/nix"
+}
+
+main() {
+    (
+        echo ""
+        echo "     ------------------------------------------------------------------ "
+        echo "    | This installer will create a volume for the nix store and        |"
+        echo "    | configure it to mount at /nix.  Follow these steps to uninstall. |"
+        echo "     ------------------------------------------------------------------ "
+        echo ""
+        echo "  1. Remove the entry from fstab using 'sudo vifs'"
+        echo "  2. Destroy the data volume using 'diskutil apfs deleteVolume'"
+        echo "  3. Delete /etc/synthetic.conf"
+        echo ""
+    ) >&2
+
+    if [ -L "/nix" ]; then
+        echo "error: /nix is a symlink, please remove it or edit synthetic.conf (requires reboot)" >&2
+        echo "  /nix -> $(readlink "/nix")" >&2
+        exit 2
+    fi
+
+    if ! test_synthetic_conf; then
+        echo "Configuring /etc/synthetic.conf..." >&2
+        echo nix | sudo tee /etc/synthetic.conf
+        /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B
+    fi
+
+    if ! test_nix; then
+        echo "Creating mountpoint for /nix..." >&2
+        sudo mkdir /nix
+    fi
+
+    disk=$(root_disks | disk_identifier)
+    volume=$(find_nix_volume "$disk")
+    if [ -z "$volume" ]; then
+        echo "Creating a Nix Store volume..." >&2
+        sudo diskutil apfs addVolume "$disk" APFS 'Nix Store' -mountpoint /nix
+        volume="Nix Store"
+    else
+        echo "Using existing '$volume' volume" >&2
+    fi
+
+    if ! test_fstab; then
+        echo "Configuring /etc/fstab..." >&2
+        label=$(echo "$volume" | sed 's/ /\\040/g')
+        printf "\$a\nLABEL=%s /nix apfs rw\n.\nwq\n" "$label" | EDITOR=ed sudo vifs
+        sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool true
+    fi
+}
+
+main "$@"

lib/install-nix.sh

@@ -1,33 +1,19 @@
 #!/usr/bin/env bash
 set -euo pipefail
 
-# Configure Nix
-add_config() {
-  echo "$1" | sudo tee -a /tmp/nix.conf >/dev/null
-}
 # Set jobs to number of cores
-add_config "max-jobs = auto"
-# Allow binary caches for user
-add_config "trusted-users = root $USER"
-# Append extra nix configuration if provided
-if [[ $INPUT_EXTRA_NIX_CONFIG != "" ]]; then
-  add_config "$INPUT_EXTRA_NIX_CONFIG"
+sudo sh -c 'echo max-jobs = auto >> /tmp/nix.conf'
+# Allow binary caches for runner user
+sudo sh -c 'echo trusted-users = root runner >> /tmp/nix.conf'
+
+if [[ $INPUT_SKIP_ADDING_NIXPKGS_CHANNEL = "true" ]]; then
+  extra_cmd=--no-channel-add
+else
+  extra_cmd=
 fi
 
-# Nix installer flags
-installer_options=(
-  --daemon
-  --daemon-user-count 4
-  --no-channel-add
-  --darwin-use-unencrypted-nix-store-volume
-  --nix-extra-conf-file /tmp/nix.conf
-)
-
-# On self-hosted runners we don't need to install more than once
-if [[ ! -d /nix/store ]] 
-then 
-  sh <(curl --retry 5 --retry-connrefused -L "${INPUT_INSTALL_URL:-https://nixos.org/nix/install}") "${installer_options[@]}"
-fi
+sh <(curl -L ${INPUT_INSTALL_URL:-https://nixos.org/nix/install}) \
+  --nix-extra-conf-file /tmp/nix.conf --darwin-use-unencrypted-nix-store-volume $extra_cmd
 
 if [[ $OSTYPE =~ darwin ]]; then
   # Disable spotlight indexing of /nix to speed up performance
@@ -41,9 +27,8 @@ if [[ $OSTYPE =~ darwin ]]; then
 fi
 
 # Set paths
-echo "::add-path::/nix/var/nix/profiles/per-user/$USER/profile/bin"
+echo "::add-path::/nix/var/nix/profiles/per-user/runner/profile/bin"
 echo "::add-path::/nix/var/nix/profiles/default/bin"
-
-if [[ $INPUT_NIX_PATH != "" ]]; then
-  echo "::set-env name=NIX_PATH::${INPUT_NIX_PATH}"
-fi
+if [[ $INPUT_SKIP_ADDING_NIXPKGS_CHANNEL != "true" ]]; then
+echo "::set-env name=NIX_PATH::/nix/var/nix/profiles/per-user/root/channels"
+fi

test.nix

@@ -2,17 +2,14 @@
 { size ? 1 # MB
 , num ? 10 # count 
 , currentTime ? builtins.currentTime
-, noChroot ? false
 }:
 
 with import <nixpkgs> {};
 
 let
-  drv = i: runCommand "${toString currentTime}-${toString i}" {
-    __noChroot = noChroot;
-  } ''
+  drv = i: runCommand "${toString currentTime}-${toString i}" {} ''
     dd if=/dev/zero of=$out bs=${toString size}MB count=1
   '';
 in writeText "empty-${toString num}-${toString size}MB" ''
   ${lib.concatMapStringsSep "" drv (lib.range 1 num)}
-''
+''

yarn.lock

@@ -803,6 +803,11 @@ combined-stream@^1.0.6, combined-stream@~1.0.6:
   dependencies:
     delayed-stream "~1.0.0"
 
+commander@~2.20.0:
+  version "2.20.1"
+  resolved "https://registry.yarnpkg.com/commander/-/commander-2.20.1.tgz#3863ce3ca92d0831dcf2a102f5fb4b5926afd0f9"
+  integrity sha512-cCuLsMhJeWQ/ZpsFTbE765kvVfoeSddc4nU3up4fV+fDBcfUXnbITJ+JzhkdjzOqhURjZgujxaioam4RM9yGUg==
+
 component-emitter@^1.2.1:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/component-emitter/-/component-emitter-1.3.0.tgz#16e4070fba8ae29b679f2215853ee181ab2eabc0"
@@ -1313,14 +1318,13 @@ growly@^1.3.0:
   integrity sha1-8QdIy+dq+WS3yWyTxrzCivEgwIE=
 
 handlebars@^4.1.2:
-  version "4.7.6"
-  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.7.6.tgz#d4c05c1baf90e9945f77aa68a7a219aa4a7df74e"
-  integrity sha512-1f2BACcBfiwAfStCKZNrUCgqNZkGsAT7UM3kkYtXuLo0KnaVfjKOyf7PRzB6++aK9STyT1Pd2ZCPe3EGOXleXA==
+  version "4.4.0"
+  resolved "https://registry.yarnpkg.com/handlebars/-/handlebars-4.4.0.tgz#22e1a897c5d83023d39801f35f6b65cf97ed8b25"
+  integrity sha512-xkRtOt3/3DzTKMOt3xahj2M/EqNhY988T+imYSlMgs5fVhLN2fmKVVj0LtEGmb+3UUYV5Qmm1052Mm3dIQxOvw==
   dependencies:
-    minimist "^1.2.5"
     neo-async "^2.6.0"
+    optimist "^0.6.1"
     source-map "^0.6.1"
-    wordwrap "^1.0.0"
   optionalDependencies:
     uglify-js "^3.1.4"
 
@@ -2221,9 +2225,9 @@ lodash.sortby@^4.7.0:
   integrity sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=
 
 lodash@^4.17.11, lodash@^4.17.13:
-  version "4.17.19"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
-  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
+  version "4.17.15"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
+  integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
 
 loose-envify@^1.0.0:
   version "1.4.0"
@@ -2312,10 +2316,15 @@ minimist@0.0.8:
   resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.8.tgz#857fcabfc3397d2625b8228262e86aa7a011b05d"
   integrity sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=
 
-minimist@^1.1.1, minimist@^1.2.0, minimist@^1.2.5:
-  version "1.2.5"
-  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.5.tgz#67d66014b66a6a8aaa0c083c5fd58df4e4e97602"
-  integrity sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==
+minimist@^1.1.1, minimist@^1.2.0:
+  version "1.2.0"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.0.tgz#a35008b20f41383eec1fb914f4cd5df79a264284"
+  integrity sha1-o1AIsg9BOD7sH7kU9M1d95omQoQ=
+
+minimist@~0.0.1:
+  version "0.0.10"
+  resolved "https://registry.yarnpkg.com/minimist/-/minimist-0.0.10.tgz#de3f98543dbf96082be48ad1a0c7cda836301dcf"
+  integrity sha1-3j+YVD2/lggr5IrRoMfNqDYwHc8=
 
 minipass@^2.6.0, minipass@^2.8.6:
   version "2.8.6"
@@ -2402,9 +2411,9 @@ needle@^2.2.1:
     sax "^1.2.4"
 
 neo-async@^2.6.0:
-  version "2.6.2"
-  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.2.tgz#b4aafb93e3aeb2d8174ca53cf163ab7d7308305f"
-  integrity sha512-Yd3UES5mWCSqR+qNT93S3UoYUkqAZ9lLg8a7g9rimsWmYGK8cVToA4/sF3RrshdyV3sAGMXVUmpMYOw+dLpOuw==
+  version "2.6.1"
+  resolved "https://registry.yarnpkg.com/neo-async/-/neo-async-2.6.1.tgz#ac27ada66167fa8849a6addd837f6b189ad2081c"
+  integrity sha512-iyam8fBuCUpWeKPGpaNMetEocMt364qkCsfL9JuhjXX6dRnguRVOfk2GZaDpPjcOKiiXCPINZC1GczQ7iTq3Zw==
 
 nice-try@^1.0.4:
   version "1.0.5"
@@ -2571,6 +2580,14 @@ once@^1.3.0, once@^1.3.1, once@^1.4.0:
   dependencies:
     wrappy "1"
 
+optimist@^0.6.1:
+  version "0.6.1"
+  resolved "https://registry.yarnpkg.com/optimist/-/optimist-0.6.1.tgz#da3ea74686fa21a19a111c326e90eb15a0196686"
+  integrity sha1-2j6nRob6IaGaERwybpDrFaAZZoY=
+  dependencies:
+    minimist "~0.0.1"
+    wordwrap "~0.0.2"
+
 optionator@^0.8.1:
   version "0.8.2"
   resolved "https://registry.yarnpkg.com/optionator/-/optionator-0.8.2.tgz#364c5e409d3f4d6301d6c0b4c05bba50180aeb64"
@@ -3442,9 +3459,12 @@ typescript@^3.5.1:
   integrity sha512-N7bceJL1CtRQ2RiG0AQME13ksR7DiuQh/QehubYcghzv20tnh+MQnQIuJddTmsbqYj+dztchykemz0zFzlvdQw==
 
 uglify-js@^3.1.4:
-  version "3.10.4"
-  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.10.4.tgz#dd680f5687bc0d7a93b14a3482d16db6eba2bfbb"
-  integrity sha512-kBFT3U4Dcj4/pJ52vfjCSfyLyvG9VYYuGYPmrPvAxRw/i7xHiT4VvCev+uiEMcEEiu6UNB6KgWmGtSUYIWScbw==
+  version "3.6.0"
+  resolved "https://registry.yarnpkg.com/uglify-js/-/uglify-js-3.6.0.tgz#704681345c53a8b2079fb6cec294b05ead242ff5"
+  integrity sha512-W+jrUHJr3DXKhrsS7NUVxn3zqMOFn0hL/Ei6v0anCIMoKC93TjcflTagwIHLW7SfMFfiQuktQyFVCFHGUE0+yg==
+  dependencies:
+    commander "~2.20.0"
+    source-map "~0.6.1"
 
 underscore@1.8.3:
   version "1.8.3"
@@ -3589,7 +3609,12 @@ wide-align@^1.1.0:
   dependencies:
     string-width "^1.0.2 || 2"
 
-wordwrap@^1.0.0, wordwrap@~1.0.0:
+wordwrap@~0.0.2:
+  version "0.0.3"
+  resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-0.0.3.tgz#a3d5da6cd5c0bc0008d37234bbaf1bed63059107"
+  integrity sha1-o9XabNXAvAAI03I0u68b7WMFkQc=
+
+wordwrap@~1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/wordwrap/-/wordwrap-1.0.0.tgz#27584810891456a4171c8d0226441ade90cbcaeb"
   integrity sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=