Merge pull request #256 from cachix/create-pull-request/patch

nix: 2.31.1 -> 2.31.2

.github/workflows/test.yml

@@ -8,7 +8,6 @@ on:
 
 env:
   nixpkgs_channel: nixpkgs=channel:nixos-25.05
-  oldest_supported_installer: nix-2.8.0
 
 jobs:
   simple-build:
@@ -122,11 +121,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os:
+        include:
-        - ubuntu-latest
+          - os: ubuntu-latest
-        - ubuntu-24.04-arm
+            installer_version: nix-2.8.0
-        - macos-latest
+          - os: ubuntu-24.04-arm
-        - macos-13
+            installer_version: nix-2.8.0
+          - os: macos-latest
+            # macOS 15 Sequoia took over some of the ids previously used for _nixbld
+            # 2.18.6 is the oldest version that was patched for this.
+            installer_version: nix-2.18.6
+          - os: macos-13
+            installer_version: nix-2.8.0
     runs-on: ${{ matrix.os }}
     steps:
     - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
@@ -134,7 +139,7 @@ jobs:
       uses: ./
       with:
         nix_path: ${{ env.nixpkgs_channel }}
-        install_url: https://releases.nixos.org/nix/${{ env.oldest_supported_installer }}/install
+        install_url: https://releases.nixos.org/nix/${{ matrix.installer_version }}/install
     - run: nix-build test.nix
 
   act-support:

README.md

@@ -2,23 +2,18 @@
 
 ![GitHub Actions badge](https://github.com/cachix/install-nix-action/workflows/install-nix-action%20test/badge.svg)
 
-Installs [Nix](https://nixos.org/nix/) on GitHub Actions for the supported platforms: Linux and macOS.
+Installs [Nix](https://nixos.org/nix/) on GitHub Actions runners for Linux and macOS.
-
-By default it has no nixpkgs configured, you have to set `nix_path`
-by [picking a channel](https://status.nixos.org/)
-or [pin nixpkgs yourself](https://nix.dev/reference/pinning-nixpkgs)
-(see also [pinning tutorial](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs)).
 
 # Features
 
-- Quick installation (~4s on Linux, ~20s on macOS)
+- Quick installation (~4s on Linux / ~20s on macOS)
-- Multi-User installation (with sandboxing enabled only on Linux)
+- Multi-user installation with sandboxing enabled by default on Linux
-- [Self-hosted GitHub runner](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners) support
+- Support for [self-hosted GitHub runners](https://docs.github.com/en/actions/hosting-your-own-runners/about-self-hosted-runners)
 - Allows specifying Nix installation URL via `install_url` (the oldest supported Nix version is 2.3.5)
 - Allows specifying extra Nix configuration options via `extra_nix_config`
 - Allows specifying `$NIX_PATH` and channels via `nix_path`
-- Share `/nix/store` between builds using [cachix-action](https://github.com/cachix/cachix-action) for simple binary cache setup to speed up your builds and share binaries with your team
 - Enables KVM on supported machines: run VMs and NixOS tests with full hardware-acceleration
+- Pair with a binary cache from [cachix-action](https://github.com/cachix/cachix-action) to speed up re-builds and share binaries across your team
 
 ## Usage
 
@@ -33,7 +28,7 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: cachix/install-nix-action@v31
       with:
         nix_path: nixpkgs=channel:nixos-unstable
@@ -51,7 +46,7 @@ jobs:
   tests:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: cachix/install-nix-action@v31
       with:
         github_access_token: ${{ secrets.GITHUB_TOKEN }}
@@ -59,23 +54,17 @@ jobs:
     - run: nix flake check
 ```
 
-To install Nix from any commit, go to [the corresponding installer_test action](https://github.com/NixOS/nix/runs/2219534360) and click on "Run cachix/install-nix-action@XX" step and expand the first line.
+## Inputs
 
-## Inputs (specify using `with:`)
+| Name | Description | Default |
-
+|------|-------------|---------|
-- `extra_nix_config`: append to `/etc/nix/nix.conf`
+| `install_url` | URL to install Nix from. Useful for testing non-stable releases or pinning a specific Nix version (e.g., https://releases.nixos.org/nix/nix-2.3.7/install) | `""` |
-
+| `install_options` | Additional flags to pass to the Nix installer script | `""` |
-- `github_access_token`: configure Nix to pull from GitHub using the given GitHub token. This helps work around rate limit issues. Has no effect when `access-tokens` is also specified in `extra_nix_config`.
+| `extra_nix_config` | Additional configuration to append to `/etc/nix/nix.conf` | `""` |
-
+| `nix_path` | Value to set for the `NIX_PATH` environment variable (e.g., `nixpkgs=channel:nixos-unstable`) | `""` |
-- `install_url`: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix, for example https://releases.nixos.org/nix/nix-2.3.7/install)
+| `github_access_token` | GitHub token for Nix to use when pulling from GitHub repositories. Helps work around rate limit issues. Has no effect when `access-tokens` is specified in `extra_nix_config`. | `$GITHUB_TOKEN` if available |
-
+| `set_as_trusted_user` | Add the current user to the `trusted-users` list | `true` |
-- `install_options`: additional installer flags passed to the installer script.
+| `enable_kvm` | Enable KVM for hardware-accelerated virtualization on Linux | `true` |
-
-- `nix_path`: set `NIX_PATH` environment variable, for example `nixpkgs=channel:nixos-unstable`
-
-- `enable_kvm`: whether to enable KVM for hardware-accelerated virtualization on Linux. Enabled by default if available.
-
-- `set_as_trusted_user`: whether to add the current user to `trusted-users`. Enabled by default.
 
 
 ## Differences from the default Nix installer
@@ -106,19 +95,30 @@ Some settings have been optimised for use in CI environments:
 
 ## FAQ
 
-### How do I print nixpkgs version I have configured?
+### How do I print the nixpkgs version I've configured?
 
 ```yaml
 - name: Print nixpkgs version
   run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'
 ```
 
-### How do I run NixOS tests?
+### How do I add a nixpkgs channel?
 
-With the following inputs:
+This action doesn't set up any channels by default.
+Use `nix_path` to configure optional channels by [picking a channel](https://status.nixos.org/) or [pinning nixpkgs](https://nix.dev/reference/pinning-nixpkgs) to a specific commit.
 
 ```yaml
-- uses: cachix/install-nix-action@vXX
+- uses: cachix/install-nix-action@v31
+  with:
+    nix_path: nixpkgs=channel:nixos-unstable
+```
+
+See also the [tutorial on pinning on nix.dev](https://nix.dev/tutorials/towards-reproducibility-pinning-nixpkgs).
+
+### How do I run NixOS tests on Linux?
+
+```yaml
+- uses: cachix/install-nix-action@v31
   with:
     enable_kvm: true
     extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"
@@ -137,7 +137,7 @@ using [cachix-action](https://github.com/cachix/cachix-action), you
 should use their `extraPullNames` input like this:
 
 ```yaml
-- uses: cachix/cachix-action@vXX
+- uses: cachix/cachix-action@v31
    with:
      name: mycache
      authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
@@ -214,10 +214,10 @@ job:
       id-token: write
       contents: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: cachix/install-nix-action@v31
       - name: Assume AWS Role
-        uses: aws-actions/configure-aws-credentials@v4.1.0
+        uses: aws-actions/configure-aws-credentials@v5.0.0
         with:
           aws-region: us-east-1
           role-to-assume: arn:aws-cn:iam::123456789100:role/my-github-actions-role

install-nix.sh

@@ -94,7 +94,7 @@ echo "installer options: ${installer_options[*]}"
 
 # There is --retry-on-errors, but only newer curl versions support that
 curl_retries=5
-nix_version=2.31.0
+nix_version=2.31.2
 while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-${nix_version}/install}"
 do
   sleep 1