Merge pull request #251 from cachix/fix-env

fix: set up the environment based on the installer shell scripts
2025-11-07 07:59:12 +00:00 · 2025-09-22 15:34:40 +02:00 · 2025-09-22 15:34:40 +02:00 · cbf4b16d11
commit cbf4b16d11
parent a809471b5c 29a4dac2fa
5 changed files with 260 additions and 140 deletions
--- a/.github/workflows/test-per-system.yml
+++ b/.github/workflows/test-per-system.yml
@ -0,0 +1,97 @@
 name: Test Runner
 on:
  workflow_call:
    inputs:
      runs-on:
        description: 'GitHub Actions runner to use (e.g., ubuntu-latest, macos-13)'
        required: true
        type: string
      system:
        description: 'Target system architecture (e.g., x86_64-linux, aarch64-darwin)'
        required: true
        type: string
      oldest_installer_version:
        description: 'Oldest supported Nix installer version to test (e.g., nix-2.8.0)'
        required: true
        type: string
 env:
  nixpkgs_channel: nixpkgs=channel:nixos-25.05
 jobs:
  simple-build:
    runs-on: ${{ inputs.runs-on }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
    - name: Test environment variables
      run: ./tests/test-env.sh
    - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
    - run: cat /etc/nix/nix.conf
    # cachix should be available and be able to configure a cache
    - run: cachix use cachix
    - run: nix-build tests/test-build.nix
  custom-nix-path:
    runs-on: ${{ inputs.runs-on }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
    - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}'
    - run: nix-build tests/test-build.nix
  extra-nix-config:
    runs-on: ${{ inputs.runs-on }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
        extra_nix_config: |
          sandbox = relaxed
    - run: cat /etc/nix/nix.conf
    - run: nix-build tests/test-build.nix --arg noChroot true
  flakes:
    runs-on: ${{ inputs.runs-on }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
    - run: nix flake show github:NixOS/nixpkgs
  latest-installer:
    runs-on: ${{ inputs.runs-on }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Run NAR server
      run: |
        curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ inputs.system }} -O
        chmod +x ./nar-toolbox-${{ inputs.system }}
        ./nar-toolbox-${{ inputs.system }} serve https://cache.nixos.org &
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
        install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install
        install_options: "--tarball-url-prefix http://localhost:8080"
    - run: nix-build tests/test-build.nix
  oldest-supported-installer:
    runs-on: ${{ inputs.runs-on }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
        install_url: https://releases.nixos.org/nix/${{ inputs.oldest_installer_version }}/install
    - run: nix-build tests/test-build.nix
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -10,143 +10,43 @@ env:
  nixpkgs_channel: nixpkgs=channel:nixos-25.05
 jobs:
-  simple-build:
+  test:
    strategy:
      fail-fast: false
      matrix:
        os:
        - ubuntu-latest
        - ubuntu-24.04-arm
        - macos-latest
        - macos-13
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
    - run: nix-env -iA cachix -f https://cachix.org/api/v1/install
    - run: cat /etc/nix/nix.conf
    # cachix should be available and be able to configure a cache
    - run: cachix use cachix
    - run: nix-build test.nix
  custom-nix-path:
    strategy:
      fail-fast: false
      matrix:
        os:
        - ubuntu-latest
        - ubuntu-24.04-arm
        - macos-latest
        - macos-13
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
    - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}'
    - run: nix-build test.nix
  extra-nix-config:
    strategy:
      fail-fast: false
      matrix:
        os:
        - ubuntu-latest
        - ubuntu-24.04-arm
        - macos-latest
        - macos-13
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
        extra_nix_config: |
          sandbox = relaxed
    - run: cat /etc/nix/nix.conf
    - run: nix-build test.nix --arg noChroot true
  flakes:
    strategy:
      fail-fast: false
      matrix:
        os:
        - ubuntu-latest
        - ubuntu-24.04-arm
        - macos-latest
        - macos-13
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
    - run: nix flake show github:NixOS/nixpkgs
  latest-installer:
    strategy:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
+          - runs-on: ubuntu-latest
            system: x86_64-linux
-          - os: ubuntu-24.04-arm
+            oldest_installer_version: nix-2.8.0
          - runs-on: ubuntu-24.04-arm
            system: aarch64-linux
-          - os: macos-latest
+            oldest_installer_version: nix-2.8.0
          - runs-on: ubuntu-22.04
            system: x86_64-linux
            oldest_installer_version: nix-2.8.0
          - runs-on: macos-latest
            system: aarch64-darwin
-          - os: macos-13
+            oldest_installer_version: nix-2.18.6
          - runs-on: macos-26
            system: aarch64-darwin
            oldest_installer_version: nix-2.18.6
          - runs-on: macos-15
            system: aarch64-darwin
            oldest_installer_version: nix-2.18.6
          - runs-on: macos-14
            system: aarch64-darwin
            oldest_installer_version: nix-2.8.0
          - runs-on: macos-13
            system: x86_64-darwin
-    runs-on: ${{ matrix.os }}
+            oldest_installer_version: nix-2.8.0
-    steps:
+    uses: ./.github/workflows/test-per-system.yml
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Run NAR server
      run: |
        curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O
        chmod +x ./nar-toolbox-${{ matrix.system }}
        ./nar-toolbox-${{ matrix.system }} serve https://cache.nixos.org &
    - name: Install Nix
      uses: ./
    with:
-        nix_path: ${{ env.nixpkgs_channel }}
+      runs-on: ${{ matrix.runs-on }}
-        install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install
+      system: ${{ matrix.system }}
-        install_options: "--tarball-url-prefix http://localhost:8080"
+      oldest_installer_version: ${{ matrix.oldest_installer_version }}
    - run: nix-build test.nix
  oldest-supported-installer:
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: ubuntu-latest
            installer_version: nix-2.8.0
          - os: ubuntu-24.04-arm
            installer_version: nix-2.8.0
          - os: macos-latest
            # macOS 15 Sequoia took over some of the ids previously used for _nixbld
            # 2.18.6 is the oldest version that was patched for this.
            installer_version: nix-2.18.6
          - os: macos-13
            installer_version: nix-2.8.0
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - name: Install Nix
      uses: ./
      with:
        nix_path: ${{ env.nixpkgs_channel }}
        install_url: https://releases.nixos.org/nix/${{ matrix.installer_version }}/install
    - run: nix-build test.nix
  act-support:
-    strategy:
+    runs-on: ubuntu-latest
      matrix:
        os: [ubuntu-latest]
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
    - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash
--- a/install-nix.sh
+++ b/install-nix.sh
@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -euo pipefail
-if nix_path="$(type -p nix)" ; then
+if nix_path="$(type -p nix)"; then
  echo "Aborting: Nix is already installed at ${nix_path}"
  exit
 fi
@ -26,11 +26,13 @@ trap 'rm -rf "$workdir"' EXIT
 # Configure Nix
 add_config() {
-  echo "$1" >> "$workdir/nix.conf"
+  echo "$1" >>"$workdir/nix.conf"
 }
 add_config "show-trace = true"
 # Set jobs to number of cores
 add_config "max-jobs = auto"
 # Configure the nix-daemon to use certificates.
 # In multi-user installs, NIX_SSL_CERT_FILE only works if set in the daemon's service file.
 if [[ $OSTYPE =~ darwin ]]; then
  add_config "ssl-cert-file = /etc/ssl/cert.pem"
 fi
@ -70,8 +72,14 @@ installer_options=(
  --nix-extra-conf-file "$workdir/nix.conf"
 )
-# only use the nix-daemon settings if on darwin (which get ignored) or systemd is supported
+# Enable daemon on macOS and Linux systems with systemd, unless --no-daemon is specified
 if [[ (! $INPUT_INSTALL_OPTIONS =~ "--no-daemon") && ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then
  use_daemon() { true; }
 else
  use_daemon() { false; }
 fi
 if use_daemon; then
  installer_options+=(
    --daemon
    --daemon-user-count "$(python3 -c 'import multiprocessing as mp; print(mp.cpu_count() * 2)')"
@ -86,7 +94,7 @@ else
 fi
 if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then
-  IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS"
+  IFS=' ' read -r -a extra_installer_options <<<"$INPUT_INSTALL_OPTIONS"
  installer_options=("${extra_installer_options[@]}" "${installer_options[@]}")
 fi
@ -95,8 +103,7 @@ echo "installer options: ${installer_options[*]}"
 # There is --retry-on-errors, but only newer curl versions support that
 curl_retries=5
 nix_version=2.31.2
-while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}"
+while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}"; do
 do
  sleep 1
  ((curl_retries--))
  if [[ $curl_retries -le 0 ]]; then
@ -107,19 +114,66 @@ done
 sh "$workdir/install" "${installer_options[@]}"
-# Set paths
+# Configure the environment
-echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH"
+#
-# new path for nix 2.14
+# Adapted from the single- and multi-user scripts:
-echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH"
+#   single-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in
 #   multi-user: https://github.com/NixOS/nix/blob/master/scripts/nix-profile-daemon.sh.in
 #
 # These scripts would normally be evaluated as part of the user's shell profile.
 # GitHub doesn't evaluate profiles or rc scripts by default, so we set up the environment manually.
 echo "::debug::Nix installed, setting up environment"
 # Export the path to Nix
 if [[ -n "${INPUT_NIX_PATH:-}" ]]; then
-  echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV"
+  echo "NIX_PATH=${INPUT_NIX_PATH}" >>"$GITHUB_ENV"
 fi
-# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197
+# Set temporary directory if not already set
 # Fixes https://github.com/cachix/install-nix-action/issues/197
 if [[ -z "${TMPDIR:-}" ]]; then
-  echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV"
+  echo "TMPDIR=${RUNNER_TEMP}" >>"$GITHUB_ENV"
 fi
 # Determine NIX_LINK path (XDG spec, newer XDG-compliant, or legacy)
 if [[ -n "${XDG_STATE_HOME:-}" && -e "$XDG_STATE_HOME/nix/profile" ]]; then
  NIX_LINK="$XDG_STATE_HOME/nix/profile"
 elif [[ -e "$HOME/.local/state/nix/profile" ]]; then
  NIX_LINK="$HOME/.local/state/nix/profile"
 else
  NIX_LINK="$HOME/.nix-profile"
 fi
 # Set Nix profiles
 echo "NIX_PROFILES=/nix/var/nix/profiles/default $NIX_LINK" >>"$GITHUB_ENV"
 # Set NIX_SSL_CERT_FILE if not already configured
 if [[ -z "${NIX_SSL_CERT_FILE:-}" ]]; then
  # Check common SSL certificate file locations
  if [[ -f "/etc/ssl/certs/ca-certificates.crt" ]]; then # NixOS, Ubuntu, Debian, Gentoo, Arch
    echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" >>"$GITHUB_ENV"
  elif [[ $OSTYPE =~ darwin && -f "/etc/ssl/cert.pem" ]]; then # macOS
    echo "NIX_SSL_CERT_FILE=/etc/ssl/cert.pem" >>"$GITHUB_ENV"
  elif [[ -f "/etc/ssl/ca-bundle.pem" ]]; then # openSUSE Tumbleweed
    echo "NIX_SSL_CERT_FILE=/etc/ssl/ca-bundle.pem" >>"$GITHUB_ENV"
  elif [[ -f "/etc/ssl/certs/ca-bundle.crt" ]]; then # Old NixOS
    echo "NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV"
  elif [[ -f "/etc/pki/tls/certs/ca-bundle.crt" ]]; then # Fedora, CentOS
    echo "NIX_SSL_CERT_FILE=/etc/pki/tls/certs/ca-bundle.crt" >>"$GITHUB_ENV"
  elif [[ -f "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in default Nix profile
    echo "NIX_SSL_CERT_FILE=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV"
  elif [[ -f "$NIX_LINK/etc/ssl/certs/ca-bundle.crt" ]]; then # fall back to cacert in user Nix profile
    echo "NIX_SSL_CERT_FILE=$NIX_LINK/etc/ssl/certs/ca-bundle.crt" >>"$GITHUB_ENV"
  fi
 fi
 # Set paths based on the installation type
 if use_daemon; then
  # Multi-user daemon install - add both paths
  echo "/nix/var/nix/profiles/default/bin" >>"$GITHUB_PATH"
 fi
 # Always add the user profile path
 echo "$NIX_LINK/bin" >>"$GITHUB_PATH"
 # Close the log message group which was opened above
 echo "::endgroup::"
--- a/tests/test-build.nix
+++ b/tests/test-build.nix
--- a/tests/test-env.sh
+++ b/tests/test-env.sh
@ -0,0 +1,69 @@
 #!/usr/bin/env bash
 set -euo pipefail
 echo "=== Testing Nix Environment Variables ==="
 echo
 # Test NIX_PROFILES
 echo "NIX_PROFILES: ${NIX_PROFILES:-<not set>}"
 if [[ -n "${NIX_PROFILES:-}" ]]; then
  echo "✓ NIX_PROFILES is set"
 else
  echo "✗ NIX_PROFILES is not set"
  exit 1
 fi
 # Test NIX_SSL_CERT_FILE
 echo "NIX_SSL_CERT_FILE: ${NIX_SSL_CERT_FILE:-<not set>}"
 if [[ -n "${NIX_SSL_CERT_FILE:-}" ]]; then
  if [[ -f "$NIX_SSL_CERT_FILE" ]]; then
    echo "✓ NIX_SSL_CERT_FILE is set and file exists"
  else
    echo "✗ NIX_SSL_CERT_FILE is set but file does not exist: $NIX_SSL_CERT_FILE"
    exit 1
  fi
 else
  echo "✗ NIX_SSL_CERT_FILE is not set"
  exit 1
 fi
 # Test PATH contains Nix paths
 echo "PATH: $PATH"
 if echo "$PATH" | grep -E -q "(\.nix-profile|nix/profile)"; then
  echo "✓ PATH contains Nix paths"
 else
  echo "✗ PATH does not contain Nix paths"
  exit 1
 fi
 # Test NIX_PATH if set
 if [[ -n "${NIX_PATH:-}" ]]; then
  echo "NIX_PATH: $NIX_PATH"
  echo "✓ NIX_PATH is set"
 else
  echo "NIX_PATH: <not set>"
  exit 1
 fi
 # Test TMPDIR
 echo "TMPDIR: ${TMPDIR:-<not set>}"
 if [[ -n "${TMPDIR:-}" ]]; then
  echo "✓ TMPDIR is set"
 else
  echo "⚠ TMPDIR is not set"
  exit 1
 fi
 echo
 echo "=== Testing Nix Command ==="
 if command -v nix >/dev/null 2>&1; then
  echo "✓ nix command is available"
  echo "Nix version: $(nix --version)"
 else
  echo "✗ nix command is not available"
  exit 1
 fi
 echo
 echo "=== Environment Setup Test Complete ==="