diff --git a/.github/workflows/test-per-system.yml b/.github/workflows/test-per-system.yml new file mode 100644 index 0000000..2c5cd87 --- /dev/null +++ b/.github/workflows/test-per-system.yml @@ -0,0 +1,97 @@ +name: Test Runner + +on: + workflow_call: + inputs: + runs-on: + description: 'GitHub Actions runner to use (e.g., ubuntu-latest, macos-13)' + required: true + type: string + system: + description: 'Target system architecture (e.g., x86_64-linux, aarch64-darwin)' + required: true + type: string + oldest_installer_version: + description: 'Oldest supported Nix installer version to test (e.g., nix-2.8.0)' + required: true + type: string + +env: + nixpkgs_channel: nixpkgs=channel:nixos-25.05 + +jobs: + simple-build: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + - name: Test environment variables + run: ./tests/test-env.sh + - run: nix-env -iA cachix -f https://cachix.org/api/v1/install + - run: cat /etc/nix/nix.conf + # cachix should be available and be able to configure a cache + - run: cachix use cachix + - run: nix-build tests/test-build.nix + + custom-nix-path: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}' + - run: nix-build tests/test-build.nix + + extra-nix-config: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + extra_nix_config: | + sandbox = relaxed + - run: cat /etc/nix/nix.conf + - run: nix-build tests/test-build.nix --arg noChroot true + + flakes: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + - run: nix flake show github:NixOS/nixpkgs + + latest-installer: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Run NAR server + run: | + curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ inputs.system }} -O + chmod +x ./nar-toolbox-${{ inputs.system }} + ./nar-toolbox-${{ inputs.system }} serve https://cache.nixos.org & + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install + install_options: "--tarball-url-prefix http://localhost:8080" + - run: nix-build tests/test-build.nix + + oldest-supported-installer: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + install_url: https://releases.nixos.org/nix/${{ inputs.oldest_installer_version }}/install + - run: nix-build tests/test-build.nix \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7b3884b..6542c67 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,143 +10,43 @@ env: nixpkgs_channel: nixpkgs=channel:nixos-25.05 jobs: - simple-build: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - - run: nix-env -iA cachix -f https://cachix.org/api/v1/install - - run: cat /etc/nix/nix.conf - # cachix should be available and be able to configure a cache - - run: cachix use cachix - - run: nix-build test.nix - - custom-nix-path: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}' - - run: nix-build test.nix - - extra-nix-config: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - extra_nix_config: | - sandbox = relaxed - - run: cat /etc/nix/nix.conf - - run: nix-build test.nix --arg noChroot true - - flakes: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - - run: nix flake show github:NixOS/nixpkgs - - latest-installer: + test: strategy: fail-fast: false matrix: include: - - os: ubuntu-latest + - runs-on: ubuntu-latest system: x86_64-linux - - os: ubuntu-24.04-arm + oldest_installer_version: nix-2.8.0 + - runs-on: ubuntu-24.04-arm system: aarch64-linux - - os: macos-latest + oldest_installer_version: nix-2.8.0 + - runs-on: ubuntu-22.04 + system: x86_64-linux + oldest_installer_version: nix-2.8.0 + - runs-on: macos-latest system: aarch64-darwin - - os: macos-13 + oldest_installer_version: nix-2.18.6 + - runs-on: macos-26 + system: aarch64-darwin + oldest_installer_version: nix-2.18.6 + - runs-on: macos-15 + system: aarch64-darwin + oldest_installer_version: nix-2.18.6 + - runs-on: macos-14 + system: aarch64-darwin + oldest_installer_version: nix-2.8.0 + - runs-on: macos-13 system: x86_64-darwin - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Run NAR server - run: | - curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O - chmod +x ./nar-toolbox-${{ matrix.system }} - ./nar-toolbox-${{ matrix.system }} serve https://cache.nixos.org & - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install - install_options: "--tarball-url-prefix http://localhost:8080" - - run: nix-build test.nix - - oldest-supported-installer: - strategy: - fail-fast: false - matrix: - include: - - os: ubuntu-latest - installer_version: nix-2.8.0 - - os: ubuntu-24.04-arm - installer_version: nix-2.8.0 - - os: macos-latest - # macOS 15 Sequoia took over some of the ids previously used for _nixbld - # 2.18.6 is the oldest version that was patched for this. - installer_version: nix-2.18.6 - - os: macos-13 - installer_version: nix-2.8.0 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - install_url: https://releases.nixos.org/nix/${{ matrix.installer_version }}/install - - run: nix-build test.nix + oldest_installer_version: nix-2.8.0 + uses: ./.github/workflows/test-per-system.yml + with: + runs-on: ${{ matrix.runs-on }} + system: ${{ matrix.system }} + oldest_installer_version: ${{ matrix.oldest_installer_version }} act-support: - strategy: - matrix: - os: [ubuntu-latest] - runs-on: ${{ matrix.os }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash diff --git a/install-nix.sh b/install-nix.sh index 61356ac..abf5c18 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -euo pipefail -if nix_path="$(type -p nix)" ; then +if nix_path="$(type -p nix)"; then echo "Aborting: Nix is already installed at ${nix_path}" exit fi @@ -26,11 +26,13 @@ trap 'rm -rf "$workdir"' EXIT # Configure Nix add_config() { - echo "$1" >> "$workdir/nix.conf" + echo "$1" >>"$workdir/nix.conf" } add_config "show-trace = true" # Set jobs to number of cores add_config "max-jobs = auto" +# Configure the nix-daemon to use certificates. +# In multi-user installs, NIX_SSL_CERT_FILE only works if set in the daemon's service file. if [[ $OSTYPE =~ darwin ]]; then add_config "ssl-cert-file = /etc/ssl/cert.pem" fi @@ -70,8 +72,14 @@ installer_options=( --nix-extra-conf-file "$workdir/nix.conf" ) -# only use the nix-daemon settings if on darwin (which get ignored) or systemd is supported +# Enable daemon on macOS and Linux systems with systemd, unless --no-daemon is specified if [[ (! $INPUT_INSTALL_OPTIONS =~ "--no-daemon") && ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then + use_daemon() { true; } +else + use_daemon() { false; } +fi + +if use_daemon; then installer_options+=( --daemon --daemon-user-count "$(python3 -c 'import multiprocessing as mp; print(mp.cpu_count() * 2)')" @@ -86,7 +94,7 @@ else fi if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then - IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS" + IFS=' ' read -r -a extra_installer_options <<<"$INPUT_INSTALL_OPTIONS" installer_options=("${extra_installer_options[@]}" "${installer_options[@]}") fi @@ -95,8 +103,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 nix_version=2.31.2 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}" -do +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}"; do sleep 1 ((curl_retries--)) if [[ $curl_retries -le 0 ]]; then @@ -107,19 +114,66 @@ done sh "$workdir/install" "${installer_options[@]}" -# Set paths -echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH" -# new path for nix 2.14 -echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH" +# Configure the environment +# +# Adapted from the single- and multi-user scripts: +# single-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in +# multi-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in +# +# These scripts would normally be evaluated as part of the user's shell profile. +# GitHub doesn't evaluate profiles or rc scripts by default, so we set up the environment manually. +echo "::debug::Nix installed, setting up environment" +# Export the path to Nix if [[ -n "${INPUT_NIX_PATH:-}" ]]; then - echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" + echo "NIX_PATH=${INPUT_NIX_PATH}" >>"$GITHUB_ENV" fi -# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197 +# Set temporary directory if not already set +# Fixes https://github.com/cachix/install-nix-action/issues/197 if [[ -z "${TMPDIR:-}" ]]; then - echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" + echo "TMPDIR=${RUNNER_TEMP}" >>"$GITHUB_ENV" fi +# Determine NIX_LINK path (XDG spec, newer XDG-compliant, or legacy) +if [[ -n "${XDG_STATE_HOME:-}" && -e "$XDG_STATE_HOME/nix/profile" ]]; then + NIX_LINK="$XDG_STATE_HOME/nix/profile" +elif [[ -e "$HOME/.local/state/nix/profile" ]]; then + NIX_LINK="$HOME/.local/state/nix/profile" +else + NIX_LINK="$HOME/.nix-profile" +fi + +# Set Nix profiles +echo "NIX_PROFILES=/nix/var/nix/profiles/default $NIX_LINK" >>"$GITHUB_ENV" + +# Set NIX_SSL_CERT_FILE if not already configured +if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then + # Check common SSL certificate file locations + if [[ -f "/etc/ssl/certs/ca-certificates.crt" ]]; then # NixOS, Ubuntu, Debian, Gentoo, Arch + echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" >>"$GITHUB_ENV" + elif [[ $OSTYPE =~ darwin && -f "/etc/ssl/cert.pem" ]]; then # macOS + echo "NIX_SSL_CERT_FILE=/etc/ssl/cert.pem" >>"$GITHUB_ENV" + elif [[ -f "/etc/ssl/ca-bundle.pem" ]]; then # openSUSE Tumbleweed + echo "NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem" >>"$GITHUB_ENV" + elif [[ -f "/etc/ssl/certs/ca-bundle.crt" ]]; then # Old NixOS + echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV" + elif [[ -f "/etc/pki/tls/certs/ca-bundle.crt" ]]; then # Fedora, CentOS + echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >>"$GITHUB_ENV" + elif [[ -f "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in default Nix profile + echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV" + elif [[ -f "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in user Nix profile + echo "NIX_SSL_CERT_FILE=$NIX_LINK/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV" + fi +fi + +# Set paths based on the installation type +if use_daemon; then + # Multi-user daemon install - add both paths + echo "/nix/var/nix/profiles/default/bin" >>"$GITHUB_PATH" +fi +# Always add the user profile path +echo "$NIX_LINK/bin" >>"$GITHUB_PATH" + # Close the log message group which was opened above echo "::endgroup::" diff --git a/test.nix b/tests/test-build.nix similarity index 100% rename from test.nix rename to tests/test-build.nix diff --git a/tests/test-env.sh b/tests/test-env.sh new file mode 100755 index 0000000..3d2e947 --- /dev/null +++ b/tests/test-env.sh @@ -0,0 +1,69 @@ +#!/usr/bin/env bash + +set -euo pipefail + +echo "=== Testing Nix Environment Variables ===" +echo + +# Test NIX_PROFILES +echo "NIX_PROFILES: ${NIX_PROFILES:-}" +if [[ -n "${NIX_PROFILES:-}" ]]; then + echo "✓ NIX_PROFILES is set" +else + echo "✗ NIX_PROFILES is not set" + exit 1 +fi + +# Test NIX_SSL_CERT_FILE +echo "NIX_SSL_CERT_FILE: ${NIX_SSL_CERT_FILE:-}" +if [[ -n "${NIX_SSL_CERT_FILE:-}" ]]; then + if [[ -f "$NIX_SSL_CERT_FILE" ]]; then + echo "✓ NIX_SSL_CERT_FILE is set and file exists" + else + echo "✗ NIX_SSL_CERT_FILE is set but file does not exist: $NIX_SSL_CERT_FILE" + exit 1 + fi +else + echo "✗ NIX_SSL_CERT_FILE is not set" + exit 1 +fi + +# Test PATH contains Nix paths +echo "PATH: $PATH" +if echo "$PATH" | grep -E -q "(\.nix-profile|nix/profile)"; then + echo "✓ PATH contains Nix paths" +else + echo "✗ PATH does not contain Nix paths" + exit 1 +fi + +# Test NIX_PATH if set +if [[ -n "${NIX_PATH:-}" ]]; then + echo "NIX_PATH: $NIX_PATH" + echo "✓ NIX_PATH is set" +else + echo "NIX_PATH: " + exit 1 +fi + +# Test TMPDIR +echo "TMPDIR: ${TMPDIR:-}" +if [[ -n "${TMPDIR:-}" ]]; then + echo "✓ TMPDIR is set" +else + echo "⚠ TMPDIR is not set" + exit 1 +fi + +echo +echo "=== Testing Nix Command ===" +if command -v nix >/dev/null 2>&1; then + echo "✓ nix command is available" + echo "Nix version: $(nix --version)" +else + echo "✗ nix command is not available" + exit 1 +fi + +echo +echo "=== Environment Setup Test Complete ==="