From fffc90f426bf959ff10036360041367f8433aab2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 6 Jul 2023 11:03:24 +0100 Subject: [PATCH 01/49] always show trace --- install-nix.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/install-nix.sh b/install-nix.sh index e0490b5..536783c 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -17,6 +17,7 @@ trap 'rm -rf "$workdir"' EXIT add_config() { echo "$1" >> "$workdir/nix.conf" } +add_config "show-trace = true" # Set jobs to number of cores add_config "max-jobs = auto" if [[ $OSTYPE =~ darwin ]]; then From e02ea8c42eaf036e471293ad85ac22be35fa89ad Mon Sep 17 00:00:00 2001 From: Sander Date: Fri, 7 Jul 2023 23:05:53 +0000 Subject: [PATCH 02/49] Fix links to nix.dev --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 220087d..b677108 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platf By default it has no nixpkgs configured, you have to set `nix_path` by [picking a channel](https://status.nixos.org/) -or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs.html) -(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs.html)). +or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs) +(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs)). # Features From 5cfd5166ea7680b784fd8cf556c6d07a9ecce260 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Sat, 8 Jul 2023 10:09:56 +0100 Subject: [PATCH 03/49] bump --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index b677108..c446da3 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v22 with: nix_path: nixpkgs=channel:nixos-unstable - run: nix-build @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v20 + - uses: cachix/install-nix-action@v22 with: github_access_token: ${{ secrets.GITHUB_TOKEN }} - run: nix build @@ -120,7 +120,7 @@ Otherwise, you can add any binary cache to nix.conf using install-nix-action's own `extra_nix_config` input: ```yaml -- uses: cachix/install-nix-action@v20 +- uses: cachix/install-nix-action@v22 with: extra_nix_config: | trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= From 4509d84f1064e4e57994dc95187754825754ac0d Mon Sep 17 00:00:00 2001 From: Graham Christensen Date: Sun, 3 Sep 2023 15:45:45 -0400 Subject: [PATCH 04/49] Update to Nix 2.17.0 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 536783c..d0e094a 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -70,7 +70,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.16.1/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.17.0/install}" do sleep 1 ((curl_retries--)) From fe6788c5dea49aece3f6356cb7609a0500cc4bec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 00:11:47 +0000 Subject: [PATCH 05/49] chore(deps): bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index c1b96e2..f342540 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,7 +12,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Nix uses: ./ with: @@ -28,7 +28,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Nix uses: ./ with: @@ -42,7 +42,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Nix uses: ./ with: @@ -58,7 +58,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Nix uses: ./ - run: nix flake show github:NixOS/nixpkgs @@ -69,7 +69,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Nix uses: ./ with: @@ -84,7 +84,7 @@ jobs: os: [ubuntu-latest, macos-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install Nix uses: ./ with: @@ -98,7 +98,7 @@ jobs: os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash - run: docker pull ghcr.io/catthehacker/ubuntu:js-20.04 - run: ./bin/act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:js-20.04 push -j simple-build From 2cce1fd76b6d5513f60cb776b3ea7d9874d849ba Mon Sep 17 00:00:00 2001 From: Jameel Al-Aziz Date: Thu, 2 Nov 2023 18:38:07 -0700 Subject: [PATCH 06/49] fix: Set TMPDIR to avoid disk space issues Set `TMPDIR` if not already set to workaround potential disk space issues while running builds in a nix shell. See NixOS/nix#395 for more info. fixes #197 --- install-nix.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install-nix.sh b/install-nix.sh index d0e094a..e9d63c4 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -91,5 +91,10 @@ if [[ -n "${INPUT_NIX_PATH:-}" ]]; then echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" fi +# Set temporary directory (if not already set) +if [[ -z "${TMPDIR:-}" ]]; then + echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" +fi + # Close the log message group which was opened above echo "::endgroup::" From 97a1be3c09645647090b7f312d24568f1b5ef1ef Mon Sep 17 00:00:00 2001 From: Sander Date: Fri, 3 Nov 2023 13:12:31 +0000 Subject: [PATCH 07/49] fix: don't use the default GitHub token for Enterprise The token on Enterprise instances is not valid for github.com. Resolves #196. --- install-nix.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/install-nix.sh b/install-nix.sh index d0e094a..7e3a979 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -25,11 +25,18 @@ if [[ $OSTYPE =~ darwin ]]; then fi # Allow binary caches for user add_config "trusted-users = root ${USER:-}" -# Add github access token +# Add a GitHub access token. +# Token-less access is subject to lower rate limits. if [[ -n "${INPUT_GITHUB_ACCESS_TOKEN:-}" ]]; then + echo "::debug::Using the provided github_access_token for github.com" add_config "access-tokens = github.com=$INPUT_GITHUB_ACCESS_TOKEN" -elif [[ -n "${GITHUB_TOKEN:-}" ]]; then +# Use the default GitHub token if available. +# Skip this step if running an Enterprise instance. The default token there does not work for github.com. +elif [[ -n "${GITHUB_TOKEN:-}" && $GITHUB_SERVER_URL == "https://github.com" ]]; then + echo "::debug::Using the default GITHUB_TOKEN for github.com" add_config "access-tokens = github.com=$GITHUB_TOKEN" +else + echo "::debug::Continuing without a GitHub access token" fi # Append extra nix configuration if provided if [[ -n "${INPUT_EXTRA_NIX_CONFIG:-}" ]]; then From 81eb746179c512cd2af2b52874a906e8bff47eb0 Mon Sep 17 00:00:00 2001 From: Jameel Al-Aziz <247849+jalaziz@users.noreply.github.com> Date: Fri, 3 Nov 2023 12:58:15 -0700 Subject: [PATCH 08/49] Update install-nix.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Domen Kožar --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index e9d63c4..4462f3a 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -91,7 +91,7 @@ if [[ -n "${INPUT_NIX_PATH:-}" ]]; then echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" fi -# Set temporary directory (if not already set) +# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197 if [[ -z "${TMPDIR:-}" ]]; then echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" fi From fe19c91c6b0293441aca084e88a60ee59640922c Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 22 Nov 2023 14:53:08 +0000 Subject: [PATCH 09/49] feat: enable KVM on Linux if available --- README.md | 2 ++ action.yml | 5 +++++ install-nix.sh | 11 +++++++++++ 3 files changed, 18 insertions(+) diff --git a/README.md b/README.md index c446da3..ae1bbee 100644 --- a/README.md +++ b/README.md @@ -73,6 +73,8 @@ To install Nix from any commit, go to [the corresponding installer_test action]( - `nix_path`: set `NIX_PATH` environment variable, for example `nixpkgs=channel:nixos-unstable` +- `enable_kvm`: whether to enable KVM for hardware-accelerated virtualization on Linux. Enabled by default if available. + --- ## FAQ diff --git a/action.yml b/action.yml index 9bd8e05..d33114a 100644 --- a/action.yml +++ b/action.yml @@ -12,6 +12,10 @@ inputs: description: 'Additional installer flags passed to the installer script.' nix_path: description: 'Set NIX_PATH environment variable.' + enable_kvm: + description: 'Enable KVM for hardware-accelerated virtualization on Linux, if available.' + required: false + default: true branding: color: 'blue' icon: 'sun' @@ -26,4 +30,5 @@ runs: INPUT_INSTALL_OPTIONS: ${{ inputs.install_options }} INPUT_INSTALL_URL: ${{ inputs.install_url }} INPUT_NIX_PATH: ${{ inputs.nix_path }} + INPUT_ENABLE_KVM: ${{ inputs.enable_kvm }} GITHUB_TOKEN: ${{ github.token }} diff --git a/install-nix.sh b/install-nix.sh index 4462f3a..c5265a4 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -6,6 +6,17 @@ if nix_path="$(type -p nix)" ; then exit fi +if [[ ($OSTYPE =~ linux) && ($INPUT_ENABLE_KVM == 'true') ]]; then + enable_kvm() { + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-install-nix-action-kvm.rules + sudo udevadm control --reload-rules && sudo udevadm trigger --name-match=kvm + } + + echo '::group::Enabling KVM support' + enable_kvm && echo 'Enabled KVM' || echo 'KVM is not available' + echo '::endgroup::' +fi + # GitHub command to put the following log messages into a group which is collapsed by default echo "::group::Installing Nix" From 7ac1ec25491415c381d9b62f0657c7a028df52a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Tue, 28 Nov 2023 15:48:58 +0100 Subject: [PATCH 10/49] Nix 2.19.1 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index f8f6c9b..e549a5d 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -88,7 +88,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.17.0/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.19.1/install}" do sleep 1 ((curl_retries--)) From 6004951b182f8860210c8d6f0d808ec5b1a33d28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 12 Jan 2024 11:02:55 +0000 Subject: [PATCH 11/49] Nix: 2.19.1 -> 2.19.2 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index e549a5d..6a1fc33 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -88,7 +88,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.19.1/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.19.2/install}" do sleep 1 ((curl_retries--)) From 39a075cc21e415568870fbcfee53551b3764501d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Mon, 19 Feb 2024 07:28:52 +0000 Subject: [PATCH 12/49] bump --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ae1bbee..a7c06fd 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,8 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v25 with: github_access_token: ${{ secrets.GITHUB_TOKEN }} - run: nix build @@ -122,7 +122,7 @@ Otherwise, you can add any binary cache to nix.conf using install-nix-action's own `extra_nix_config` input: ```yaml -- uses: cachix/install-nix-action@v22 +- uses: cachix/install-nix-action@v25 with: extra_nix_config: | trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= From 8887e596b4ee1134dae06b98d573bd674693f47c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Fri, 8 Mar 2024 04:06:58 +0000 Subject: [PATCH 13/49] Nix: 2.20.5 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 6a1fc33..83c4354 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -88,7 +88,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.19.2/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.20.5/install}" do sleep 1 ((curl_retries--)) From 46095f46925a83fdc93cac5f2a85ef7f7223fd15 Mon Sep 17 00:00:00 2001 From: kashw2 Date: Sun, 5 May 2024 00:54:55 +1000 Subject: [PATCH 14/49] nix: 2.20.5 -> 2.21.2 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 83c4354..bfb7ce6 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -88,7 +88,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.20.5/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.21.2/install}" do sleep 1 ((curl_retries--)) From 859c1e74ef5a5ab4161249b15dc4eb0618df2f7c Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 14 May 2024 21:19:49 +0000 Subject: [PATCH 15/49] Enable always-allow-substitutes by default A typical CI machine will have fast internet access, but may not have all the inputs already in the store to rebuild trivial derivations marked with `allowSubstitutes = false`. This leads to expensive cycles of downloads and rebuilds for derivations like the top-level NixOS system, which will be rebuilt from scratch on every CI run, despite being cached. --- install-nix.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/install-nix.sh b/install-nix.sh index 83c4354..911a358 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -56,6 +56,11 @@ fi if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "experimental-features" ]]; then add_config "experimental-features = nix-command flakes" fi +# Always allow substituting from the cache, even if the derivation has `allowSubstitutes = false`. +# This is a CI optimisation to avoid having to download the inputs for already-cached derivations to rebuild trivial text files. +if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "always-allow-substitutes" ]]; then + add_config "always-allow-substitutes = true" +fi # Nix installer flags installer_options=( From 01dba9f77095b5f03102533169760a81c51f2205 Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 14 May 2024 22:11:41 +0000 Subject: [PATCH 16/49] Update README --- README.md | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a7c06fd..265fbff 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs) - Allows specifying extra Nix configuration options via `extra_nix_config` - Allows specifying `$NIX_PATH` and channels via `nix_path` - Share `/nix/store` between builds using [cachix-action](https://github.com/cachix/cachix-action) for simple binary cache setup to speed up your builds and share binaries with your team -- Enables `flakes` and `nix-command` experimental features by default (to disable, set `experimental-features` via `extra_nix_config`) +- Enables KVM on supported machines: run VMs and NixOS tests with full hardware-acceleration ## Usage @@ -75,6 +75,19 @@ To install Nix from any commit, go to [the corresponding installer_test action]( - `enable_kvm`: whether to enable KVM for hardware-accelerated virtualization on Linux. Enabled by default if available. + +## Differences from the default Nix installer + +Some settings have been optimised for use in CI environments: + +- `nix.conf` settings: + + - The experimental `flakes` and `nix-command` features are enabled. Disable by overriding `experimental-features` in `extra_nix_config`. + + - `always-allow-substitutes` is set to `true`. Disable by overriding `always-allow-substitutes` in `extra_nix_config`. + +- KVM is enabled if available. Disable by setting `enable_kvm: false`. + --- ## FAQ From d6c2f5b78803207e177e2f3d3d2d2899df69c6f2 Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 15 May 2024 09:08:51 +0000 Subject: [PATCH 17/49] ci: switch to macos-13 --- .github/workflows/test.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index f342540..b82084b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -9,7 +9,7 @@ jobs: simple-build: strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-13] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -25,7 +25,7 @@ jobs: custom-nix-path: strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-13] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -39,7 +39,7 @@ jobs: extra-nix-config: strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-13] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -55,7 +55,7 @@ jobs: flakes: strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-13] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -66,7 +66,7 @@ jobs: installer-options: strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-13] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -81,7 +81,7 @@ jobs: oldest-supported-installer: strategy: matrix: - os: [ubuntu-latest, macos-latest] + os: [ubuntu-latest, macos-13] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 From 529d65921746c2b43d8a8a0458544a4a51f6ddc3 Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 15 May 2024 09:23:14 +0000 Subject: [PATCH 18/49] ci: add aarch64-darwin tests where possible --- .github/workflows/test.yml | 43 ++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 9 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b82084b..d286f21 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,8 +8,12 @@ on: jobs: simple-build: strategy: + fail-fast: false matrix: - os: [ubuntu-latest, macos-13] + os: + - ubuntu-latest + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -22,10 +26,15 @@ jobs: # cachix should be available and be able to configure a cache - run: cachix use cachix - run: nix-build test.nix + custom-nix-path: strategy: + fail-fast: false matrix: - os: [ubuntu-latest, macos-13] + os: + - ubuntu-latest + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -38,8 +47,12 @@ jobs: extra-nix-config: strategy: + fail-fast: false matrix: - os: [ubuntu-latest, macos-13] + os: + - ubuntu-latest + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -54,8 +67,12 @@ jobs: flakes: strategy: + fail-fast: false matrix: - os: [ubuntu-latest, macos-13] + os: + - ubuntu-latest + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -65,8 +82,12 @@ jobs: installer-options: strategy: + fail-fast: false matrix: - os: [ubuntu-latest, macos-13] + os: + - ubuntu-latest + # - macos-latest missing installer for aarch64-darwin + - macos-13 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -80,8 +101,12 @@ jobs: oldest-supported-installer: strategy: - matrix: - os: [ubuntu-latest, macos-13] + fail-fast: false + matrix: + os: + - ubuntu-latest + - macos-latest + - macos-13 runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 @@ -94,8 +119,8 @@ jobs: act-support: strategy: - matrix: - os: [ubuntu-latest] + matrix: + os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 From 2f469017fc567f1b7fe6d1d7c21021c02ad55105 Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 15 May 2024 09:28:22 +0000 Subject: [PATCH 19/49] ci: update nixpkgs channel --- .github/workflows/test.yml | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index d286f21..97da5c3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,6 +5,9 @@ on: branches: - master +env: + nixpkgs_channel: nixpkgs=channel:nixos-23.11 + jobs: simple-build: strategy: @@ -20,7 +23,7 @@ jobs: - name: Install Nix uses: ./ with: - nix_path: nixpkgs=channel:nixos-22.11 + nix_path: ${{ env.nixpkgs_channel }} - run: nix-env -iA cachix -f https://cachix.org/api/v1/install - run: cat /etc/nix/nix.conf # cachix should be available and be able to configure a cache @@ -41,8 +44,8 @@ jobs: - name: Install Nix uses: ./ with: - nix_path: nixpkgs=channel:nixos-20.03 - - run: test $NIX_PATH == "nixpkgs=channel:nixos-20.03" + nix_path: ${{ env.nixpkgs_channel }} + - run: test $NIX_PATH == '${{ env.nixpkgs_channel }}' - run: nix-build test.nix extra-nix-config: @@ -59,7 +62,7 @@ jobs: - name: Install Nix uses: ./ with: - nix_path: nixpkgs=channel:nixos-22.11 + nix_path: ${{ env.nixpkgs_channel }} extra_nix_config: | sandbox = relaxed - run: cat /etc/nix/nix.conf @@ -94,7 +97,7 @@ jobs: - name: Install Nix uses: ./ with: - nix_path: nixpkgs=channel:nixos-22.11 + nix_path: ${{ env.nixpkgs_channel }} install_options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve install_url: https://nixos-nix-install-tests.cachix.org/serve/s62m7lc0q0mz2mxxm9q0kkrcg90njzhq/install - run: nix-build test.nix @@ -113,7 +116,7 @@ jobs: - name: Install Nix uses: ./ with: - nix_path: nixpkgs=channel:nixos-22.11 + nix_path: ${{ env.nixpkgs_channel }} install_url: https://releases.nixos.org/nix/nix-2.8.0/install - run: nix-build test.nix From 5dce380a8bcabd02812ffac2471c6a4f5a470c7c Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 15 May 2024 09:50:19 +0000 Subject: [PATCH 20/49] Update README with more installer differences --- README.md | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 265fbff..a15b882 100644 --- a/README.md +++ b/README.md @@ -80,13 +80,25 @@ To install Nix from any commit, go to [the corresponding installer_test action]( Some settings have been optimised for use in CI environments: -- `nix.conf` settings: +- `nix.conf` settings. Override these defaults with `extra_nix_config`: - The experimental `flakes` and `nix-command` features are enabled. Disable by overriding `experimental-features` in `extra_nix_config`. - - `always-allow-substitutes` is set to `true`. Disable by overriding `always-allow-substitutes` in `extra_nix_config`. + - `max-jobs` is set to `auto`. -- KVM is enabled if available. Disable by setting `enable_kvm: false`. + - `show-trace` is set to `true`. + + - `$USER` is added to `trusted-users`. + + - `$GITHUB_TOKEN` is added to `access_tokens` if no other `github_access_token` is provided. + + - `always-allow-substitutes` is set to `true`. + + - `ssl-cert-file` is set to `/etc/ssl/cert.pem` on macOS. + +- KVM is enabled on Linux if available. Disable by setting `enable_kvm: false`. + +- `$TMPDIR` is set to `$RUNNER_TEMP` if empty. --- From 6060e02b1f9cb669240905a2db3fa1d327692d44 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Wed, 15 May 2024 11:34:15 +0100 Subject: [PATCH 21/49] 2.22.1 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index bfb7ce6..1e7ffaf 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -88,7 +88,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.21.2/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.22.1/install}" do sleep 1 ((curl_retries--)) From d9660bf088514a2ede4707708ba35de0a1b69a3d Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 15 May 2024 10:54:08 +0000 Subject: [PATCH 22/49] ci: updated pinned installer --- .github/workflows/test.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 97da5c3..a31337f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -7,6 +7,10 @@ on: env: nixpkgs_channel: nixpkgs=channel:nixos-23.11 + oldest_supported_installer: nix-2.8.0 + # Fetch new versions from the Nix CI run: https://github.com/NixOS/nix/blob/master/.github/workflows/ci.yml + # TODO: add pinning upstream or rethink this + pinned_installer_hash: zfzfrbb59jsqrfkldwj8drcr9nhhc49k jobs: simple-build: @@ -99,7 +103,7 @@ jobs: with: nix_path: ${{ env.nixpkgs_channel }} install_options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve - install_url: https://nixos-nix-install-tests.cachix.org/serve/s62m7lc0q0mz2mxxm9q0kkrcg90njzhq/install + install_url: https://nixos-nix-install-tests.cachix.org/serve/${{ env.pinned_installer_hash }}/install - run: nix-build test.nix oldest-supported-installer: @@ -117,7 +121,7 @@ jobs: uses: ./ with: nix_path: ${{ env.nixpkgs_channel }} - install_url: https://releases.nixos.org/nix/nix-2.8.0/install + install_url: https://releases.nixos.org/nix/${{ env.oldest_supported_installer }}/install - run: nix-build test.nix act-support: From 725982224ce3b974b7abc7df9ca873679eda8939 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Wed, 15 May 2024 15:47:17 +0100 Subject: [PATCH 23/49] readme: V27 --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a15b882..47d19df 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v22 + - uses: cachix/install-nix-action@v27 with: nix_path: nixpkgs=channel:nixos-unstable - run: nix-build @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v25 + - uses: cachix/install-nix-action@v27 with: github_access_token: ${{ secrets.GITHUB_TOKEN }} - run: nix build @@ -147,7 +147,7 @@ Otherwise, you can add any binary cache to nix.conf using install-nix-action's own `extra_nix_config` input: ```yaml -- uses: cachix/install-nix-action@v25 +- uses: cachix/install-nix-action@v27 with: extra_nix_config: | trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= From 474f0a77aa820d33566f8f2035f8268d4023cc13 Mon Sep 17 00:00:00 2001 From: Ali Afsharzadeh Date: Fri, 14 Jun 2024 08:44:59 +0330 Subject: [PATCH 24/49] docs(readme): update checkout action version --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 47d19df..d5609db 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ jobs: tests: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v27 with: nix_path: nixpkgs=channel:nixos-unstable From 5b8c65d4d79bb2d232054c72252fa78a29c36b8a Mon Sep 17 00:00:00 2001 From: Paul Haerle Date: Thu, 29 Aug 2024 15:45:09 +0200 Subject: [PATCH 25/49] Update README: hardware accel is available now... ...at least with enable_kvm yes. Issue linked in the note was closed accordingly. So I think the old note was outdated as of https://github.com/cachix/install-nix-action/commit/fe19c91c6b0293441aca084e88a60ee59640922c --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index d5609db..8ff488c 100644 --- a/README.md +++ b/README.md @@ -118,11 +118,10 @@ With the following inputs: ```yaml - uses: cachix/install-nix-action@vXX with: + enable_kvm: true extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm" ``` -[Note that there's no hardware acceleration on GitHub Actions.](https://github.com/actions/virtual-environments/issues/183#issuecomment-610723516). - ### How do I install packages via nix-env from the specified `nix_path`? ``` From 1872f1ff9dba0f554710b1ed396fb6b2263ffdfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Wed, 11 Sep 2024 13:30:32 +0100 Subject: [PATCH 26/49] Nix: 2.22.1 -> 2.24.6 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 0fe2428..a57a015 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.22.1/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.6/install}" do sleep 1 ((curl_retries--)) From 3715ab1a11cac9e991980d7b4a28d80c7ebdd8f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Domen=20Ko=C5=BEar?= Date: Thu, 12 Sep 2024 11:03:34 +0100 Subject: [PATCH 27/49] bump channel --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a31337f..9ead59d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,7 +6,7 @@ on: - master env: - nixpkgs_channel: nixpkgs=channel:nixos-23.11 + nixpkgs_channel: nixpkgs=channel:nixos-24.05 oldest_supported_installer: nix-2.8.0 # Fetch new versions from the Nix CI run: https://github.com/NixOS/nix/blob/master/.github/workflows/ci.yml # TODO: add pinning upstream or rethink this From 4f91dc2b65dd81b86830c57b0d3bc75eb0502a25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 25 Sep 2024 08:50:50 +0200 Subject: [PATCH 28/49] Nix: 2.24.6 -> 2.24.7 This version fixes GC bugs, which can be triggered under memory pressure. Since GitHub runners are at times memory constraint, it would be good to get this out. --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index a57a015..56b9c08 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.6/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.7/install}" do sleep 1 ((curl_retries--)) From 2bb614e91ac4d68577f12de9f9844d1e89c80b8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 27 Sep 2024 13:45:10 +0200 Subject: [PATCH 29/49] Nix: 2.24.7 -> 2.24.8 https://github.com/NixOS/nix/security/advisories/GHSA-6fjr-mq49-mm2c --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 56b9c08..02fa7f8 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.7/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.8/install}" do sleep 1 ((curl_retries--)) From 4204e15198ce9348dda13b658f2b0b45397cf9e7 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Thu, 3 Oct 2024 12:35:16 +1000 Subject: [PATCH 30/49] nix: 2.24.8 -> 2.24.9 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 02fa7f8..df30dd2 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.8/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.9/install}" do sleep 1 ((curl_retries--)) From b1deb06f62baf2f4c1604bc301787f127e990349 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 18 Nov 2024 19:24:32 +0100 Subject: [PATCH 31/49] nix: 2.24.9 -> 2.25.2 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index df30dd2..bdb2b6f 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.24.9/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.25.2/install}" do sleep 1 ((curl_retries--)) From f3f544c44bee9e88b5ab7976e42c675083a4f60b Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 31 Dec 2024 12:55:55 +0400 Subject: [PATCH 32/49] ci: fix latest installer tests --- .github/workflows/test.yml | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9ead59d..b685421 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -8,9 +8,6 @@ on: env: nixpkgs_channel: nixpkgs=channel:nixos-24.05 oldest_supported_installer: nix-2.8.0 - # Fetch new versions from the Nix CI run: https://github.com/NixOS/nix/blob/master/.github/workflows/ci.yml - # TODO: add pinning upstream or rethink this - pinned_installer_hash: zfzfrbb59jsqrfkldwj8drcr9nhhc49k jobs: simple-build: @@ -87,23 +84,31 @@ jobs: uses: ./ - run: nix flake show github:NixOS/nixpkgs - installer-options: + latest-installer: strategy: fail-fast: false matrix: - os: - - ubuntu-latest - # - macos-latest missing installer for aarch64-darwin - - macos-13 + include: + - os: ubuntu-latest + system: x86_64-linux + - os: macos-latest + system: aarch64-darwin + - os: macos-13 + system: x86_64-darwin runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 + - name: Run NAR server + run: | + curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O + chmod +x ./nar-toolbox-${{ matrix.system }} + ./nar-toolbox-${{ matrix.system }} serve https://cache.nixos.org & - name: Install Nix uses: ./ with: nix_path: ${{ env.nixpkgs_channel }} - install_options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve - install_url: https://nixos-nix-install-tests.cachix.org/serve/${{ env.pinned_installer_hash }}/install + install_url: https://hydra.nixos.org/job/nix/master/installerScript/latest-finished/download/1/install + install_options: "--tarball-url-prefix http://localhost:8080" - run: nix-build test.nix oldest-supported-installer: From a49b703498f43e1426a1b820f27cf12cad57143f Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 31 Dec 2024 13:00:44 +0400 Subject: [PATCH 33/49] ci: fix act test --- .github/workflows/test.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b685421..1ff9461 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -137,5 +137,9 @@ jobs: steps: - uses: actions/checkout@v4 - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash - - run: docker pull ghcr.io/catthehacker/ubuntu:js-20.04 - - run: ./bin/act -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:js-20.04 push -j simple-build + - run: docker pull ghcr.io/catthehacker/ubuntu:js-24.04 + - run: | + ./bin/act push \ + -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:js-24.04 \ + -j simple-build \ + --matrix os:ubuntu-latest From a76df16350261308addb51d2386f28f5f0975987 Mon Sep 17 00:00:00 2001 From: Sander Date: Tue, 31 Dec 2024 13:11:14 +0400 Subject: [PATCH 34/49] ci: bump nixpkgs channel --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 1ff9461..70265e5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -6,7 +6,7 @@ on: - master env: - nixpkgs_channel: nixpkgs=channel:nixos-24.05 + nixpkgs_channel: nixpkgs=channel:nixos-24.11 oldest_supported_installer: nix-2.8.0 jobs: From 265a04a520d4a95357365b3a9c2e73135a8e9830 Mon Sep 17 00:00:00 2001 From: Sean Gilligan Date: Thu, 16 Jan 2025 12:24:48 -0800 Subject: [PATCH 35/49] GitHub test.yml: add ubuntu-24.04-arm to matrix --- .github/workflows/test.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 70265e5..6eecd5d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,6 +16,7 @@ jobs: matrix: os: - ubuntu-latest + - ubuntu-24.04-arm - macos-latest - macos-13 runs-on: ${{ matrix.os }} @@ -37,6 +38,7 @@ jobs: matrix: os: - ubuntu-latest + - ubuntu-24.04-arm - macos-latest - macos-13 runs-on: ${{ matrix.os }} @@ -55,6 +57,7 @@ jobs: matrix: os: - ubuntu-latest + - ubuntu-24.04-arm - macos-latest - macos-13 runs-on: ${{ matrix.os }} @@ -75,6 +78,7 @@ jobs: matrix: os: - ubuntu-latest + - ubuntu-24.04-arm - macos-latest - macos-13 runs-on: ${{ matrix.os }} @@ -91,6 +95,8 @@ jobs: include: - os: ubuntu-latest system: x86_64-linux + - os: ubuntu-24.04-arm + system: aarch64-linux - os: macos-latest system: aarch64-darwin - os: macos-13 @@ -117,6 +123,7 @@ jobs: matrix: os: - ubuntu-latest + - ubuntu-24.04-arm - macos-latest - macos-13 runs-on: ${{ matrix.os }} From d81eadf041318952daecfb82fe8d7b4538067642 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Fri, 14 Feb 2025 11:25:14 +0700 Subject: [PATCH 36/49] nix: 2.25.2 -> 2.26.2 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index bdb2b6f..156ffaf 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.25.2/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.26.2/install}" do sleep 1 ((curl_retries--)) From e8dbd0c99268f4acbb432e443018da10b7ed9bdc Mon Sep 17 00:00:00 2001 From: Sander Date: Mon, 10 Mar 2025 17:58:37 +0100 Subject: [PATCH 37/49] docs: update readme with latest version --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 8ff488c..3e0851c 100644 --- a/README.md +++ b/README.md @@ -34,7 +34,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v31 with: nix_path: nixpkgs=channel:nixos-unstable - run: nix-build @@ -52,7 +52,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v27 + - uses: cachix/install-nix-action@v31 with: github_access_token: ${{ secrets.GITHUB_TOKEN }} - run: nix build @@ -146,7 +146,7 @@ Otherwise, you can add any binary cache to nix.conf using install-nix-action's own `extra_nix_config` input: ```yaml -- uses: cachix/install-nix-action@v27 +- uses: cachix/install-nix-action@v31 with: extra_nix_config: | trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= From 066004291cc7638382c409f632f7e0b113fb4daa Mon Sep 17 00:00:00 2001 From: Sander Date: Sat, 15 Mar 2025 20:06:12 +0100 Subject: [PATCH 38/49] nix: 2.26.2 -> 2.26.3 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 156ffaf..c50aa1f 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -93,7 +93,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.26.2/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.26.3/install}" do sleep 1 ((curl_retries--)) From b21ff827074aff6ed4294fe0e3f4d9ed99f4ed65 Mon Sep 17 00:00:00 2001 From: Sander Date: Thu, 20 Mar 2025 22:58:29 +0000 Subject: [PATCH 39/49] Remove deprecated `--darwin-use-unencrypted-nix-store-volume` flag Fixes the following warning: ``` Warning: the flag --darwin-use-unencrypted-nix-store-volume is no longer needed and will be removed in the future. ```` --- install-nix.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index c50aa1f..f25955c 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -65,7 +65,6 @@ fi # Nix installer flags installer_options=( --no-channel-add - --darwin-use-unencrypted-nix-store-volume --nix-extra-conf-file "$workdir/nix.conf" ) From 21e6bcccb00b56476f095d1c4e138592d56d6667 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Tue, 1 Apr 2025 00:58:47 +0900 Subject: [PATCH 40/49] action: add option to configure updating trusted users --- README.md | 2 ++ action.yml | 7 ++++++- install-nix.sh | 6 ++++-- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 3e0851c..4a13410 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,8 @@ To install Nix from any commit, go to [the corresponding installer_test action]( - `enable_kvm`: whether to enable KVM for hardware-accelerated virtualization on Linux. Enabled by default if available. +- `set_as_trusted_user`: whether to add the current user to `trusted-users`. Enabled by default. + ## Differences from the default Nix installer diff --git a/action.yml b/action.yml index d33114a..fd22752 100644 --- a/action.yml +++ b/action.yml @@ -5,7 +5,7 @@ inputs: extra_nix_config: description: 'Gets appended to `/etc/nix/nix.conf` if passed.' github_access_token: - description: 'Configure nix to pull from github using the given github token.' + description: 'Configure Nix to pull from GitHub using the given GitHub token.' install_url: description: 'Installation URL that will contain a script to install Nix.' install_options: @@ -16,6 +16,10 @@ inputs: description: 'Enable KVM for hardware-accelerated virtualization on Linux, if available.' required: false default: true + set_as_trusted_user: + description: 'Add current user to `trusted-users`.' + required: false + default: true branding: color: 'blue' icon: 'sun' @@ -31,4 +35,5 @@ runs: INPUT_INSTALL_URL: ${{ inputs.install_url }} INPUT_NIX_PATH: ${{ inputs.nix_path }} INPUT_ENABLE_KVM: ${{ inputs.enable_kvm }} + INPUT_SET_AS_TRUSTED_USER: ${{ inputs.set_as_trusted_user }} GITHUB_TOKEN: ${{ github.token }} diff --git a/install-nix.sh b/install-nix.sh index f25955c..e4ec849 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -34,8 +34,10 @@ add_config "max-jobs = auto" if [[ $OSTYPE =~ darwin ]]; then add_config "ssl-cert-file = /etc/ssl/cert.pem" fi -# Allow binary caches for user -add_config "trusted-users = root ${USER:-}" +# Allow binary caches specified at user level +if [[ $INPUT_SET_AS_TRUSTED_USER == 'true' ]]; then + add_config "trusted-users = root ${USER:-}" +fi # Add a GitHub access token. # Token-less access is subject to lower rate limits. if [[ -n "${INPUT_GITHUB_ACCESS_TOKEN:-}" ]]; then From f3ff3f99d80ed5a150e133764915d1b0a94da318 Mon Sep 17 00:00:00 2001 From: Victor Engmark Date: Thu, 16 Nov 2023 11:57:02 +1300 Subject: [PATCH 41/49] feat: Pin actions to hashes Done with pin-github-action 1.8.0 using `npx pin-github-action .github/workflows/*.yml`, and then manually bumping the version tag to the relevant number. This fixes the issue that it is common practice for GitHub Actions authors to move major tags when releasing new minor versions. Dependabot supports updating in the same fashion, bumping the version tag when updating the hash. --- .github/workflows/test.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6eecd5d..a39155c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Nix uses: ./ with: @@ -43,7 +43,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Nix uses: ./ with: @@ -62,7 +62,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Nix uses: ./ with: @@ -83,7 +83,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Nix uses: ./ - run: nix flake show github:NixOS/nixpkgs @@ -103,7 +103,7 @@ jobs: system: x86_64-darwin runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Run NAR server run: | curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O @@ -128,7 +128,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - name: Install Nix uses: ./ with: @@ -142,7 +142,7 @@ jobs: os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash - run: docker pull ghcr.io/catthehacker/ubuntu:js-24.04 - run: | From edf986efb39c90e610aa76f32135ba35753e9b0f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Mon, 7 Apr 2025 12:33:27 +0200 Subject: [PATCH 42/49] nix: 2.26.3 -> 2.28.2 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index e4ec849..3877f2e 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -94,7 +94,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.26.3/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.28.2/install}" do sleep 1 ((curl_retries--)) From 9b4ef2ff2d3ee4f8f56a24c61504009201dadd94 Mon Sep 17 00:00:00 2001 From: Sander Date: Sat, 19 Apr 2025 01:26:12 +0400 Subject: [PATCH 43/49] docs: add release notes --- RELEASE.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 RELEASE.md diff --git a/RELEASE.md b/RELEASE.md new file mode 100644 index 0000000..6f035e5 --- /dev/null +++ b/RELEASE.md @@ -0,0 +1,44 @@ +# Release + +As of v31, releases of this action follow Semantic Versioning. + +### Publishing a new release + +#### Publish the release + +Draft [a new release on GitHub](https://github.com/cachix/install-nix-action/releases): + +- In `Choose a tag`, create a new tag, like `v31.2.1`, following semver. +- Click `Generate release notes`. +- `Set as the latest release` should be selected automatically. +- Publish release + +#### Update the major tag + +The major tag, like `v31`, allows downstream users to opt-in to automatic non-breaking updates. + +This process follows GitHub's own guidelines: +https://github.com/actions/toolkit/blob/main/docs/action-versioning.md + +##### Fetch the latest tags + +``` +git pull --tags --force +``` + +##### Move the tag + +``` +git tag -fa v31 +``` +``` +git push origin v31 --force +``` + +#### Update the release notes for the major tag + +Find the release on GitHub: https://github.com/cachix/install-nix-action/releases + +Edit the release and click `Generate release notes`. +Edit the formatting and publish. + From eafea807c1589a882490ac9966da36927d394cb4 Mon Sep 17 00:00:00 2001 From: Sander Date: Sat, 19 Apr 2025 01:29:11 +0400 Subject: [PATCH 44/49] remove unused gitignores --- .gitignore | 93 +----------------------------------------------------- 1 file changed, 1 insertion(+), 92 deletions(-) diff --git a/.gitignore b/.gitignore index ffdd18c..c5657b8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,93 +1,2 @@ -__tests__/runner/* - -# comment out in distribution branches -node_modules/ - -# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore -# Logs -logs -*.log -npm-debug.log* -yarn-debug.log* -yarn-error.log* -lerna-debug.log* - -# Diagnostic reports (https://nodejs.org/api/report.html) -report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json - -# Runtime data -pids -*.pid -*.seed -*.pid.lock - -# Directory for instrumented libs generated by jscoverage/JSCover -lib-cov - -# Coverage directory used by tools like istanbul -coverage -*.lcov - -# nyc test coverage -.nyc_output - -# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) -.grunt - -# Bower dependency directory (https://bower.io/) -bower_components - -# node-waf configuration -.lock-wscript - -# Compiled binary addons (https://nodejs.org/api/addons.html) -build/Release - -# Dependency directories -jspm_packages/ - -# TypeScript v1 declaration files -typings/ - -# TypeScript cache -*.tsbuildinfo - -# Optional npm cache directory -.npm - -# Optional eslint cache -.eslintcache - -# Optional REPL history -.node_repl_history - -# Output of 'npm pack' -*.tgz - -# Yarn Integrity file -.yarn-integrity - # dotenv environment variables file -.env -.env.test - -# parcel-bundler cache (https://parceljs.org/) -.cache - -# next.js build output -.next - -# nuxt.js build output -.nuxt - -# vuepress build output -.vuepress/dist - -# Serverless directories -.serverless/ - -# FuseBox cache -.fusebox/ - -# DynamoDB Local files -.dynamodb/ +.env* From 83772d105a0277f40fbedafc4d2a510eb498a42c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Apr 2025 00:43:21 +0000 Subject: [PATCH 45/49] chore(deps): bump actions/checkout from 4.1.1 to 4.2.2 Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 4.2.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a39155c..5337d38 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,7 +21,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Nix uses: ./ with: @@ -43,7 +43,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Nix uses: ./ with: @@ -62,7 +62,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Nix uses: ./ with: @@ -83,7 +83,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Nix uses: ./ - run: nix flake show github:NixOS/nixpkgs @@ -103,7 +103,7 @@ jobs: system: x86_64-darwin runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run NAR server run: | curl --location https://github.com/cachix/nar-toolbox/releases/download/v0.1.0/nar-toolbox-${{ matrix.system }} -O @@ -128,7 +128,7 @@ jobs: - macos-13 runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install Nix uses: ./ with: @@ -142,7 +142,7 @@ jobs: os: [ubuntu-latest] runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: curl https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash - run: docker pull ghcr.io/catthehacker/ubuntu:js-24.04 - run: | From 4f800b725cedc2e2ce9fe7ab2693296ba2fd559f Mon Sep 17 00:00:00 2001 From: Sander Date: Wed, 23 Apr 2025 15:17:07 +0400 Subject: [PATCH 46/49] docs: document how to provide AWS credentials to the nix-daemon Fixes #229. --- README.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/README.md b/README.md index 4a13410..4ac81e2 100644 --- a/README.md +++ b/README.md @@ -174,3 +174,59 @@ Or you can disable pure mode entirely with the `--impure` flag: ``` nix develop --impure ``` + +### How do I pass AWS credentials to the Nix daemon? + +In multi-user mode, Nix commands that operate on the Nix store are forwarded to a privileged daemon. This daemon runs in a separate context from your GitHub Actions workflow and cannot access the workflow's environment variables. Consequently, any secrets or credentials defined in your workflow environment will not be available to Nix operations that require store access. + +There are two ways to pass AWS credentials to the Nix daemon: + - Configure a default profile using the AWS CLI + - Install Nix in single-user mode + +#### Configure a default profile using the AWS CLI + +The Nix daemon supports reading AWS credentials from the `~/.aws/credentials` file. + +We can use the AWS CLI to configure a default profile using short-lived credentials fetched using OIDC: + +```yaml +job: + build: + runs-on: ubuntu-latest + # Required permissions to request AWS credentials + permissions: + id-token: write + contents: read + steps: + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v31 + - name: Assume AWS Role + uses: aws-actions/configure-aws-credentials@v4.1.0 + with: + aws-region: us-east-1 + role-to-assume: arn:aws-cn:iam::123456789100:role/my-github-actions-role + - name: Make AWS Credentials accessible to nix-daemon + run: | + sudo -i aws configure set aws_access_key_id "${AWS_ACCESS_KEY_ID}" + sudo -i aws configure set aws_secret_access_key "${AWS_SECRET_ACCESS_KEY}" + sudo -i aws configure set aws_session_token "${AWS_SESSION_TOKEN}" + sudo -i aws configure set region "${AWS_REGION}" +``` + +#### Install Nix in single-user mode + +In some environments it may be possible to install Nix in single-user mode by passing the `--no-daemon` flag to the installer. +This mode is normally used on platforms without an init system, like systemd, and in containerized environments with a single user that can own the entire Nix store. + +This approach is more generic as it allows passing environment variables directly to Nix, including secrets, proxy settings, and other configuration options. + +However, it may not be suitable for all environments. [Consult the Nix manual](https://nix.dev/manual/nix/latest/installation/nix-security) for the latest restrictions and differences between the two modes. + +For example, single-user mode is currently supported on hosted Linux GitHub runners, like `ubuntu-latest`. +It is not supported on macOS runners, like `macos-latest`. + +```yaml +- uses: cachix/install-nix-action@v31 + with: + install_options: --no-daemon +``` From b2b89c6cb12d1cf229b3b605413344a7b701a4b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 30 Apr 2025 08:22:03 +0200 Subject: [PATCH 47/49] nix: 2.28.2 -> 2.28.3 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 3877f2e..879e214 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -94,7 +94,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.28.2/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.28.3/install}" do sleep 1 ((curl_retries--)) From f5e4dbff3bcf3651939faa49d3cdc505d43966b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 27 May 2025 09:15:35 +0200 Subject: [PATCH 48/49] nix: 2.28.3 -> 2.29.0 --- install-nix.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install-nix.sh b/install-nix.sh index 879e214..d156496 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -94,7 +94,7 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.28.3/install}" +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.29.0/install}" do sleep 1 ((curl_retries--)) From 129de1289fba8861699d92a10853cba82011362e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Tue, 27 May 2025 10:02:27 +0200 Subject: [PATCH 49/49] add github action to keep nix up-to-date --- .github/workflows/update-nix.yml | 31 +++++++++++++++++++++++++++++++ install-nix.sh | 3 ++- 2 files changed, 33 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/update-nix.yml diff --git a/.github/workflows/update-nix.yml b/.github/workflows/update-nix.yml new file mode 100644 index 0000000..3e088c3 --- /dev/null +++ b/.github/workflows/update-nix.yml @@ -0,0 +1,31 @@ +name: "Update nix" +on: + repository_dispatch: + workflow_dispatch: + schedule: + - cron: "31 2 * * *" +jobs: + update-nix-releases: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Update nix releases + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + latest_nix=$( + gh api repos/NixOS/nix/tags --paginate --jq '.[].name' | + grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | + sort -V | + tail -n 1 + ) + if [ -z "$latest_nix" ]; then + echo "Failed to determine latest Nix version." >&2 + exit 1 + fi + sed -i -E "s/nix_version=[0-9.]+/nix_version=${latest_nix}/" ./install-nix.sh + - name: Create Pull Request + uses: peter-evans/create-pull-request@v7 + with: + title: Update nix versions + labels: dependencies diff --git a/install-nix.sh b/install-nix.sh index d156496..7198377 100755 --- a/install-nix.sh +++ b/install-nix.sh @@ -94,7 +94,8 @@ echo "installer options: ${installer_options[*]}" # There is --retry-on-errors, but only newer curl versions support that curl_retries=5 -while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.29.0/install}" +nix_version=2.29.0 +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}" do sleep 1 ((curl_retries--))