From df46bbf8195f2fdd59f435919b4046ef415fc43c Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 28 Aug 2025 17:45:48 +0200 Subject: [PATCH 1/7] fix: set up the environment based on the installer shell scripts The installer scripts would normally set up the various environment variables that Nix needs. Since GitHub doesn't run any profile or rc scripts by default, we need to set these up ourselves. --- install-nix.sh | 70 +++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 64 insertions(+), 6 deletions(-) diff --git a/install-nix.sh b/install-nix.sh index 61356ac..c8124bb 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -31,6 +31,7 @@ add_config() { add_config "show-trace = true" # Set jobs to number of cores add_config "max-jobs = auto" +# TODO: is this still necessary if we set NIX_SSL_CERT_FILE below? if [[ $OSTYPE =~ darwin ]]; then add_config "ssl-cert-file = /etc/ssl/cert.pem" fi @@ -70,8 +71,14 @@ installer_options=( --nix-extra-conf-file "$workdir/nix.conf" ) -# only use the nix-daemon settings if on darwin (which get ignored) or systemd is supported +# Enable daemon on macOS and Linux systems with systemd, unless --no-daemon is specified if [[ (! $INPUT_INSTALL_OPTIONS =~ "--no-daemon") && ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then + use_daemon() { true; } +else + use_daemon() { false; } +fi + +if use_daemon; then installer_options+=( --daemon --daemon-user-count "$(python3 -c 'import multiprocessing as mp; print(mp.cpu_count() * 2)')" @@ -107,19 +114,70 @@ done sh "$workdir/install" "${installer_options[@]}" -# Set paths -echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH" -# new path for nix 2.14 -echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH" +# Configure the environment +# +# Adapted from the single- and multi-user scripts: +# single-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in +# multi-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in +# +# These scripts would normally be evaluated as part of the user's shell profile. +# GitHub doesn't evaluate profiles or rc scripts by default, so we set up the environment manually. +echo "::debug::Nix installed, setting up environment" +# Export the path to Nix if [[ -n "${INPUT_NIX_PATH:-}" ]]; then echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" fi -# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197 +# Set temporary directory if not already set +# Fixes https://github.com/cachix/install-nix-action/issues/197 if [[ -z "${TMPDIR:-}" ]]; then echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" fi +# Determine NIX_LINK path (XDG spec, newer XDG-compliant, or legacy) +if [[ -n "${XDG_STATE_HOME:-}" && -e "$XDG_STATE_HOME/nix/profile" ]]; then + NIX_LINK="$XDG_STATE_HOME/nix/profile" +elif [[ -e "$HOME/.local/state/nix/profile" ]]; then + NIX_LINK="$HOME/.local/state/nix/profile" +else + NIX_LINK="$HOME/.nix-profile" +fi + +# Set Nix profiles +echo "NIX_PROFILES=/nix/var/nix/profiles/default $NIX_LINK" >> "$GITHUB_ENV" + +# Set NIX_SSL_CERT_FILE if not already configured +if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then + # Check common SSL certificate file locations + if [[ -f "/etc/ssl/certs/ca-certificates.crt" ]]; then # NixOS, Ubuntu, Debian, Gentoo, Arch + echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" >> "$GITHUB_ENV" + elif [[ $OSTYPE =~ darwin && -f "/etc/ssl/cert.pem" ]]; then # macOS + echo "NIX_SSL_CERT_FILE=/etc/ssl/cert.pem" >> "$GITHUB_ENV" + elif [[ -f "/etc/ssl/ca-bundle.pem" ]]; then # openSUSE Tumbleweed + echo "NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem" >> "$GITHUB_ENV" + elif [[ -f "/etc/ssl/certs/ca-bundle.crt" ]]; then # Old NixOS + echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + elif [[ -f "/etc/pki/tls/certs/ca-bundle.crt" ]]; then # Fedora, CentOS + echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >> "$GITHUB_ENV" + elif [[ -f "/usr/local/share/certs/ca-root-nss.crt" ]]; then # FreeBSD + echo "NIX_SSL_CERT_FILE=/usr/local/share/certs/ca-root-nss.crt" >> "$GITHUB_ENV" + elif [[ -f "/etc/pki/tls/cacert.pem" ]]; then # OpenELEC + echo "NIX_SSL_CERT_FILE=/etc/pki/tls/cacert.pem" >> "$GITHUB_ENV" + elif [[ -f "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in default Nix profile + echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + elif [[ -f "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in user Nix profile + echo "NIX_SSL_CERT_FILE=$NIX_LINK/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + fi +fi + +# Set paths based on the installation type +if use_daemon; then + # Multi-user daemon install - add both paths + echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH" +fi +# Always add the user profile path +echo "$NIX_LINK/bin" >> "$GITHUB_PATH" + # Close the log message group which was opened above echo "::endgroup::" From e29868972558ed782b2d8f39dcf2ea4b3815445f Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 28 Aug 2025 18:07:38 +0200 Subject: [PATCH 2/7] test: validate environment variables Add a test to check that the environment is correctly set. --- .github/workflows/test.yml | 2 ++ test-env.sh | 65 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100755 test-env.sh diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7b3884b..f73594c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -26,6 +26,8 @@ jobs: uses: ./ with: nix_path: ${{ env.nixpkgs_channel }} + - name: Test environment variables + run: ./test-env.sh - run: nix-env -iA cachix -f https://cachix.org/api/v1/install - run: cat /etc/nix/nix.conf # cachix should be available and be able to configure a cache diff --git a/test-env.sh b/test-env.sh new file mode 100755 index 0000000..bdcccf7 --- /dev/null +++ b/test-env.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +set -euo pipefail + +echo "=== Testing Nix Environment Variables ===" +echo + +# Test NIX_PROFILES +echo "NIX_PROFILES: ${NIX_PROFILES:-}" +if [[ -n "${NIX_PROFILES:-}" ]]; then + echo "✓ NIX_PROFILES is set" +else + echo "✗ NIX_PROFILES is not set" + exit 1 +fi + +# Test NIX_SSL_CERT_FILE +echo "NIX_SSL_CERT_FILE: ${NIX_SSL_CERT_FILE:-}" +if [[ -n "${NIX_SSL_CERT_FILE:-}" ]]; then + if [[ -f "$NIX_SSL_CERT_FILE" ]]; then + echo "✓ NIX_SSL_CERT_FILE is set and file exists" + else + echo "⚠ NIX_SSL_CERT_FILE is set but file does not exist: $NIX_SSL_CERT_FILE" + fi +else + echo "⚠ NIX_SSL_CERT_FILE is not set (may be OK depending on system)" +fi + +# Test PATH contains Nix paths +echo "PATH: $PATH" +if echo "$PATH" | grep -E -q "(\.nix-profile|nix/profile)"; then + echo "✓ PATH contains Nix paths" +else + echo "✗ PATH does not contain Nix paths" + exit 1 +fi + +# Test NIX_PATH if set +if [[ -n "${NIX_PATH:-}" ]]; then + echo "NIX_PATH: $NIX_PATH" + echo "✓ NIX_PATH is set" +else + echo "NIX_PATH: " +fi + +# Test TMPDIR +echo "TMPDIR: ${TMPDIR:-}" +if [[ -n "${TMPDIR:-}" ]]; then + echo "✓ TMPDIR is set" +else + echo "⚠ TMPDIR is not set" +fi + +echo +echo "=== Testing Nix Command ===" +if command -v nix >/dev/null 2>&1; then + echo "✓ nix command is available" + echo "Nix version: $(nix --version)" +else + echo "✗ nix command is not available" + exit 1 +fi + +echo +echo "=== Environment Setup Test Complete ===" From d914f6d9e8f0954b55d937bfcf393d65f212f331 Mon Sep 17 00:00:00 2001 From: Sander Date: Sun, 21 Sep 2025 13:48:22 +0200 Subject: [PATCH 3/7] refactor: drop ssl handling for unsupported platforms --- install-nix.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/install-nix.sh b/install-nix.sh index c8124bb..86c766b 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -160,10 +160,6 @@ if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" elif [[ -f "/etc/pki/tls/certs/ca-bundle.crt" ]]; then # Fedora, CentOS echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >> "$GITHUB_ENV" - elif [[ -f "/usr/local/share/certs/ca-root-nss.crt" ]]; then # FreeBSD - echo "NIX_SSL_CERT_FILE=/usr/local/share/certs/ca-root-nss.crt" >> "$GITHUB_ENV" - elif [[ -f "/etc/pki/tls/cacert.pem" ]]; then # OpenELEC - echo "NIX_SSL_CERT_FILE=/etc/pki/tls/cacert.pem" >> "$GITHUB_ENV" elif [[ -f "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in default Nix profile echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" elif [[ -f "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in user Nix profile From 581a1341225b995dc4f3ee8b15657b1cd31a1146 Mon Sep 17 00:00:00 2001 From: Sander Date: Sun, 21 Sep 2025 17:13:54 +0200 Subject: [PATCH 4/7] refactor: document ssl-cert-file vs NIX_SSL_CERT_FILE --- install-nix.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/install-nix.sh b/install-nix.sh index 86c766b..46fe0e4 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -26,12 +26,13 @@ trap 'rm -rf "$workdir"' EXIT # Configure Nix add_config() { - echo "$1" >> "$workdir/nix.conf" + echo "$1" >>"$workdir/nix.conf" } add_config "show-trace = true" # Set jobs to number of cores add_config "max-jobs = auto" -# TODO: is this still necessary if we set NIX_SSL_CERT_FILE below? +# Configure the nix-daemon to use certificates. +# In multi-user installs, NIX_SSL_CERT_FILE only works if set in the daemon's service file. if [[ $OSTYPE =~ darwin ]]; then add_config "ssl-cert-file = /etc/ssl/cert.pem" fi From d487f94a7aabbac81bdda3a3209fc9b018a80e6c Mon Sep 17 00:00:00 2001 From: Sander Date: Sun, 21 Sep 2025 17:14:17 +0200 Subject: [PATCH 5/7] lint --- install-nix.sh | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/install-nix.sh b/install-nix.sh index 46fe0e4..abf5c18 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash set -euo pipefail -if nix_path="$(type -p nix)" ; then +if nix_path="$(type -p nix)"; then echo "Aborting: Nix is already installed at ${nix_path}" exit fi @@ -94,7 +94,7 @@ else fi if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then - IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS" + IFS=' ' read -r -a extra_installer_options <<<"$INPUT_INSTALL_OPTIONS" installer_options=("${extra_installer_options[@]}" "${installer_options[@]}") fi @@ -103,8 +103,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 nix_version=2.31.2 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}" -do +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}"; do sleep 1 ((curl_retries--)) if [[ $curl_retries -le 0 ]]; then @@ -127,13 +126,13 @@ echo "::debug::Nix installed, setting up environment" # Export the path to Nix if [[ -n "${INPUT_NIX_PATH:-}" ]]; then - echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" + echo "NIX_PATH=${INPUT_NIX_PATH}" >>"$GITHUB_ENV" fi # Set temporary directory if not already set # Fixes https://github.com/cachix/install-nix-action/issues/197 if [[ -z "${TMPDIR:-}" ]]; then - echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" + echo "TMPDIR=${RUNNER_TEMP}" >>"$GITHUB_ENV" fi # Determine NIX_LINK path (XDG spec, newer XDG-compliant, or legacy) @@ -146,35 +145,35 @@ else fi # Set Nix profiles -echo "NIX_PROFILES=/nix/var/nix/profiles/default $NIX_LINK" >> "$GITHUB_ENV" +echo "NIX_PROFILES=/nix/var/nix/profiles/default $NIX_LINK" >>"$GITHUB_ENV" # Set NIX_SSL_CERT_FILE if not already configured if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then # Check common SSL certificate file locations if [[ -f "/etc/ssl/certs/ca-certificates.crt" ]]; then # NixOS, Ubuntu, Debian, Gentoo, Arch - echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" >>"$GITHUB_ENV" elif [[ $OSTYPE =~ darwin && -f "/etc/ssl/cert.pem" ]]; then # macOS - echo "NIX_SSL_CERT_FILE=/etc/ssl/cert.pem" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=/etc/ssl/cert.pem" >>"$GITHUB_ENV" elif [[ -f "/etc/ssl/ca-bundle.pem" ]]; then # openSUSE Tumbleweed - echo "NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem" >>"$GITHUB_ENV" elif [[ -f "/etc/ssl/certs/ca-bundle.crt" ]]; then # Old NixOS - echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV" elif [[ -f "/etc/pki/tls/certs/ca-bundle.crt" ]]; then # Fedora, CentOS - echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >>"$GITHUB_ENV" elif [[ -f "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in default Nix profile - echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV" elif [[ -f "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in user Nix profile - echo "NIX_SSL_CERT_FILE=$NIX_LINK/etc/ssl/certs/ca-bundle.crt" >> "$GITHUB_ENV" + echo "NIX_SSL_CERT_FILE=$NIX_LINK/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV" fi fi # Set paths based on the installation type if use_daemon; then # Multi-user daemon install - add both paths - echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH" + echo "/nix/var/nix/profiles/default/bin" >>"$GITHUB_PATH" fi # Always add the user profile path -echo "$NIX_LINK/bin" >> "$GITHUB_PATH" +echo "$NIX_LINK/bin" >>"$GITHUB_PATH" # Close the log message group which was opened above echo "::endgroup::" From 7449e8905b0560e816fd9eb0bfc53b6d0d73bc73 Mon Sep 17 00:00:00 2001 From: Sander Date: Sun, 21 Sep 2025 17:20:39 +0200 Subject: [PATCH 6/7] tests: improve env tests and move to tests dir --- .github/workflows/test.yml | 12 ++++++------ test.nix => tests/test-build.nix | 0 test-env.sh => tests/test-env.sh | 8 ++++++-- 3 files changed, 12 insertions(+), 8 deletions(-) rename test.nix => tests/test-build.nix (100%) rename test-env.sh => tests/test-env.sh (90%) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f73594c..3585df0 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -27,12 +27,12 @@ jobs: with: nix_path: ${{ env.nixpkgs_channel }} - name: Test environment variables - run: ./test-env.sh + run: ./tests/test-env.sh - run: nix-env -iA cachix -f https://cachix.org/api/v1/install - run: cat /etc/nix/nix.conf # cachix should be available and be able to configure a cache - run: cachix use cachix - - run: nix-build test.nix + - run: nix-build tests/test-build.nix custom-nix-path: strategy: @@ -51,7 +51,7 @@ jobs: with: nix_path: ${{ env.nixpkgs_channel }} - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}' - - run: nix-build test.nix + - run: nix-build tests/test-build.nix extra-nix-config: strategy: @@ -72,7 +72,7 @@ jobs: extra_nix_config: | sandbox = relaxed - run: cat /etc/nix/nix.conf - - run: nix-build test.nix --arg noChroot true + - run: nix-build tests/test-build.nix --arg noChroot true flakes: strategy: @@ -117,7 +117,7 @@ jobs: nix_path: ${{ env.nixpkgs_channel }} install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install install_options: "--tarball-url-prefix http://localhost:8080" - - run: nix-build test.nix + - run: nix-build tests/test-build.nix oldest-supported-installer: strategy: @@ -142,7 +142,7 @@ jobs: with: nix_path: ${{ env.nixpkgs_channel }} install_url: https://releases.nixos.org/nix/${{ matrix.installer_version }}/install - - run: nix-build test.nix + - run: nix-build tests/test-build.nix act-support: strategy: diff --git a/test.nix b/tests/test-build.nix similarity index 100% rename from test.nix rename to tests/test-build.nix diff --git a/test-env.sh b/tests/test-env.sh similarity index 90% rename from test-env.sh rename to tests/test-env.sh index bdcccf7..3d2e947 100755 --- a/test-env.sh +++ b/tests/test-env.sh @@ -20,10 +20,12 @@ if [[ -n "${NIX_SSL_CERT_FILE:-}" ]]; then if [[ -f "$NIX_SSL_CERT_FILE" ]]; then echo "✓ NIX_SSL_CERT_FILE is set and file exists" else - echo "⚠ NIX_SSL_CERT_FILE is set but file does not exist: $NIX_SSL_CERT_FILE" + echo "✗ NIX_SSL_CERT_FILE is set but file does not exist: $NIX_SSL_CERT_FILE" + exit 1 fi else - echo "⚠ NIX_SSL_CERT_FILE is not set (may be OK depending on system)" + echo "✗ NIX_SSL_CERT_FILE is not set" + exit 1 fi # Test PATH contains Nix paths @@ -41,6 +43,7 @@ if [[ -n "${NIX_PATH:-}" ]]; then echo "✓ NIX_PATH is set" else echo "NIX_PATH: " + exit 1 fi # Test TMPDIR @@ -49,6 +52,7 @@ if [[ -n "${TMPDIR:-}" ]]; then echo "✓ TMPDIR is set" else echo "⚠ TMPDIR is not set" + exit 1 fi echo From 29a4dac2fa2041667aa7a202fdce30a92a77376e Mon Sep 17 00:00:00 2001 From: Sander Date: Sun, 21 Sep 2025 17:45:31 +0200 Subject: [PATCH 7/7] tests: refactor tests to run under a single matrix Add additional os versions for both linux and macos. --- .github/workflows/test-per-system.yml | 97 ++++++++++++++++ .github/workflows/test.yml | 156 +++++--------------------- 2 files changed, 124 insertions(+), 129 deletions(-) create mode 100644 .github/workflows/test-per-system.yml diff --git a/.github/workflows/test-per-system.yml b/.github/workflows/test-per-system.yml new file mode 100644 index 0000000..2c5cd87 --- /dev/null +++ b/.github/workflows/test-per-system.yml @@ -0,0 +1,97 @@ +name: Test Runner + +on: + workflow_call: + inputs: + runs-on: + description: 'GitHub Actions runner to use (e.g., ubuntu-latest, macos-13)' + required: true + type: string + system: + description: 'Target system architecture (e.g., x86_64-linux, aarch64-darwin)' + required: true + type: string + oldest_installer_version: + description: 'Oldest supported Nix installer version to test (e.g., nix-2.8.0)' + required: true + type: string + +env: + nixpkgs_channel: nixpkgs=channel:nixos-25.05 + +jobs: + simple-build: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + - name: Test environment variables + run: ./tests/test-env.sh + - run: nix-env -iA cachix -f https://cachix.org/api/v1/install + - run: cat /etc/nix/nix.conf + # cachix should be available and be able to configure a cache + - run: cachix use cachix + - run: nix-build tests/test-build.nix + + custom-nix-path: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}' + - run: nix-build tests/test-build.nix + + extra-nix-config: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + extra_nix_config: | + sandbox = relaxed + - run: cat /etc/nix/nix.conf + - run: nix-build tests/test-build.nix --arg noChroot true + + flakes: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + - run: nix flake show github:NixOS/nixpkgs + + latest-installer: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Run NAR server + run: | + curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ inputs.system }} -O + chmod +x ./nar-toolbox-${{ inputs.system }} + ./nar-toolbox-${{ inputs.system }} serve https://cache.nixos.org & + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install + install_options: "--tarball-url-prefix http://localhost:8080" + - run: nix-build tests/test-build.nix + + oldest-supported-installer: + runs-on: ${{ inputs.runs-on }} + steps: + - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: Install Nix + uses: ./ + with: + nix_path: ${{ env.nixpkgs_channel }} + install_url: https://releases.nixos.org/nix/${{ inputs.oldest_installer_version }}/install + - run: nix-build tests/test-build.nix \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3585df0..6542c67 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -10,145 +10,43 @@ env: nixpkgs_channel: nixpkgs=channel:nixos-25.05 jobs: - simple-build: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - - name: Test environment variables - run: ./tests/test-env.sh - - run: nix-env -iA cachix -f https://cachix.org/api/v1/install - - run: cat /etc/nix/nix.conf - # cachix should be available and be able to configure a cache - - run: cachix use cachix - - run: nix-build tests/test-build.nix - - custom-nix-path: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}' - - run: nix-build tests/test-build.nix - - extra-nix-config: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - extra_nix_config: | - sandbox = relaxed - - run: cat /etc/nix/nix.conf - - run: nix-build tests/test-build.nix --arg noChroot true - - flakes: - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - ubuntu-24.04-arm - - macos-latest - - macos-13 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - - run: nix flake show github:NixOS/nixpkgs - - latest-installer: + test: strategy: fail-fast: false matrix: include: - - os: ubuntu-latest + - runs-on: ubuntu-latest system: x86_64-linux - - os: ubuntu-24.04-arm + oldest_installer_version: nix-2.8.0 + - runs-on: ubuntu-24.04-arm system: aarch64-linux - - os: macos-latest + oldest_installer_version: nix-2.8.0 + - runs-on: ubuntu-22.04 + system: x86_64-linux + oldest_installer_version: nix-2.8.0 + - runs-on: macos-latest system: aarch64-darwin - - os: macos-13 + oldest_installer_version: nix-2.18.6 + - runs-on: macos-26 + system: aarch64-darwin + oldest_installer_version: nix-2.18.6 + - runs-on: macos-15 + system: aarch64-darwin + oldest_installer_version: nix-2.18.6 + - runs-on: macos-14 + system: aarch64-darwin + oldest_installer_version: nix-2.8.0 + - runs-on: macos-13 system: x86_64-darwin - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Run NAR server - run: | - curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O - chmod +x ./nar-toolbox-${{ matrix.system }} - ./nar-toolbox-${{ matrix.system }} serve https://cache.nixos.org & - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install - install_options: "--tarball-url-prefix http://localhost:8080" - - run: nix-build tests/test-build.nix - - oldest-supported-installer: - strategy: - fail-fast: false - matrix: - include: - - os: ubuntu-latest - installer_version: nix-2.8.0 - - os: ubuntu-24.04-arm - installer_version: nix-2.8.0 - - os: macos-latest - # macOS 15 Sequoia took over some of the ids previously used for _nixbld - # 2.18.6 is the oldest version that was patched for this. - installer_version: nix-2.18.6 - - os: macos-13 - installer_version: nix-2.8.0 - runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - name: Install Nix - uses: ./ - with: - nix_path: ${{ env.nixpkgs_channel }} - install_url: https://releases.nixos.org/nix/${{ matrix.installer_version }}/install - - run: nix-build tests/test-build.nix + oldest_installer_version: nix-2.8.0 + uses: ./.github/workflows/test-per-system.yml + with: + runs-on: ${{ matrix.runs-on }} + system: ${{ matrix.system }} + oldest_installer_version: ${{ matrix.oldest_installer_version }} act-support: - strategy: - matrix: - os: [ubuntu-latest] - runs-on: ${{ matrix.os }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash