Apply fixups from CodeRabbit review (#200 )

Treat FlakeHub logins as a funnel (#199 )
Merge pull request #198 from DeterminateSystems/gustavderdrache/push-mzwwpswkrrup
2025-09-09 10:54:24 -04:00 · 2025-09-09 10:40:05 -04:00 · 2025-09-09 09:58:05 -04:00 · 2025-09-09 09:48:10 -04:00 · 2025-09-09 09:44:32 -04:00 · 2025-09-08 16:04:19 -04:00
4 changed files with 31730 additions and 27463 deletions
@@ -30,23 +30,23 @@
    "@actions/exec": "^1.1.1",
    "@actions/github": "^6.0.1",
    "detsys-ts": "github:DeterminateSystems/detsys-ts",
-    "got": "^14.4.7",
+    "got": "^14.4.8",
    "string-argv": "^0.3.2",
-    "vitest": "^3.2.0"
+    "vitest": "^3.2.4"
  },
  "devDependencies": {
    "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-    "@types/node": "^20.17.57",
+    "@types/node": "^20.19.12",
    "@types/uuid": "^9.0.8",
    "@typescript-eslint/eslint-plugin": "^7.18.0",
    "@vercel/ncc": "^0.38.3",
    "eslint": "^8.57.1",
    "eslint-import-resolver-typescript": "^3.10.1",
    "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-import": "^2.31.0",
-    "eslint-plugin-prettier": "^5.4.1",
-    "prettier": "^3.5.3",
+    "eslint-plugin-import": "^2.32.0",
+    "eslint-plugin-prettier": "^5.5.4",
+    "prettier": "^3.6.2",
    "tsup": "^8.5.0",
-    "typescript": "^5.8.3"
+    "typescript": "^5.9.2"
  }
 }
@@ -12,7 +12,7 @@ import got from "got";
 import { setTimeout } from "node:timers/promises";
 import { getFixHashes } from "./fixHashes.js";
 import { annotateMismatches } from "./annotate.js";
-import { getRecentEvents } from "./events.js";
+import { DEvent, getRecentEvents } from "./events.js";
 import { makeMermaidReport } from "./mermaid.js";
 import { summarizeFailures } from "./failuresummary.js";
 import { SpawnOptions, spawn } from "node:child_process";
@@ -20,12 +20,15 @@ import { SpawnOptions, spawn } from "node:child_process";
 // Nix installation events
 const EVENT_INSTALL_NIX_FAILURE = "install_nix_failure";
 const EVENT_INSTALL_NIX_START = "install_nix_start";
-const EVENT_INSTALL_NIX_SUCCESS = "install_nix_start";
+const EVENT_INSTALL_NIX_SUCCESS = "install_nix_success";
 const EVENT_SETUP_KVM = "setup_kvm";
 const EVENT_UNINSTALL_NIX = "uninstall";

 // FlakeHub events
-const EVENT_LOGIN_TO_FLAKEHUB = "login_to_flakehub";
+const EVENT_LOGIN_START = "flakehub-login:start";
+const EVENT_LOGIN_FAILURE = "flakehub-login:failure";
+const EVENT_LOGIN_SUCCESS = "flakehub-login:success";
+const EVENT_LOGIN_END = "flakehub-login:end";

 // Other events
 const EVENT_CONCLUDE_JOB = "conclude_job";
@@ -138,10 +141,10 @@ class NixInstallerAction extends DetSysAction {
  }

  async main(): Promise<void> {
+    actionsCore.saveState(STATE_START_DATETIME, new Date().toISOString());
    await this.scienceDebugFly();
    await this.detectAndForceNoSystemd();
    await this.install();
-    actionsCore.saveState(STATE_START_DATETIME, new Date().toISOString());
  }

  async post(): Promise<void> {
@@ -282,7 +285,7 @@ class NixInstallerAction extends DetSysAction {
    }

    if (this.nixBuildUserBase !== null) {
-      executionEnv.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nixBuildUserCount}`;
+      executionEnv.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nixBuildUserBase}`;
    }

    if (this.nixPackageUrl !== null) {
@@ -616,6 +619,8 @@ class NixInstallerAction extends DetSysAction {
    const startDate = new Date(actionsCore.getState(STATE_START_DATETIME));
    const { events, hasMismatches } = await getRecentEvents(startDate);

+    await this.reportPassFailCount(events);
+
    const mermaidSummary = makeMermaidReport(events);
    const failureSummary = await summarizeFailures(events);

@@ -666,6 +671,29 @@ class NixInstallerAction extends DetSysAction {
    }
  }

+  async reportPassFailCount(events: DEvent[]): Promise<void> {
+    let built = 0;
+    let failed = 0;
+    let unknown = 0;
+
+    for (const event of events) {
+      switch (event.c) {
+        case "BuiltPathResponseEventV1":
+          built++;
+          break;
+        case "BuildFailureResponseEventV1":
+          failed++;
+          break;
+        default:
+          unknown++;
+      }
+    }
+
+    this.addFact("nix_builds_succeeded", built);
+    this.addFact("nix_builds_failed", failed);
+    this.addFact("nix_builds_unknown_event", unknown);
+  }
+
  async setGithubPath(): Promise<void> {
    // Interim versions of the `nix-installer` crate may have already manipulated `$GITHUB_PATH`, as root even! Accessing that will be an error.
    try {
@@ -690,6 +718,8 @@ class NixInstallerAction extends DetSysAction {
  }

  async flakehubLogin(): Promise<void> {
+    this.recordEvent(EVENT_LOGIN_START);
+
    const canLogin =
      process.env["ACTIONS_ID_TOKEN_REQUEST_URL"] &&
      process.env["ACTIONS_ID_TOKEN_REQUEST_TOKEN"];
@@ -700,14 +730,20 @@ class NixInstallerAction extends DetSysAction {
      const head = pr?.head?.repo?.full_name;

      if (pr && base !== head) {
+        this.recordEvent(EVENT_LOGIN_FAILURE, { reason: "fork" });
+        this.recordEvent(EVENT_LOGIN_END);
+
        actionsCore.info(
-          `Not logging in to FlakeHub: GitHub Actions does not allow OIDC authentication from forked repositories ("${head}" is not the same repository as "${base}").`,
+          `FlakeHub is disabled because this is a fork. GitHub Actions does not allow OIDC authentication from forked repositories ("${head}" is not from the same repository as "${base}").`,
        );
        return;
      }

+      this.recordEvent(EVENT_LOGIN_FAILURE, { reason: "not-configured" });
+      this.recordEvent(EVENT_LOGIN_END);
+
      actionsCore.info(
-        `Not logging in to FlakeHub: GitHub Actions has not provided OIDC token endpoints; please make sure that \`id-token: write\` and \`contents: read\` are set for this step's (or job's) permissions.`,
+        "FlakeHub is disabled because the workflow is misconfigured. Please make sure that `id-token: write` and `contents: read` are set for this step's (or job's) permissions so that GitHub Actions provides OIDC token endpoints.",
      );
      actionsCore.info(
        `For more information, see https://docs.determinate.systems/guides/github-actions/#nix-installer-action`,
@@ -716,15 +752,18 @@ class NixInstallerAction extends DetSysAction {
    }

    actionsCore.startGroup("Logging in to FlakeHub");
-    this.recordEvent(EVENT_LOGIN_TO_FLAKEHUB);
    try {
      await actionsExec.exec(`determinate-nixd`, ["login", "github-action"]);
+      this.recordEvent(EVENT_LOGIN_SUCCESS);
    } catch (e: unknown) {
      actionsCore.warning(`FlakeHub Login failure: ${stringifyError(e)}`);
-      this.recordEvent("flakehub-login:failure", {
+      this.recordEvent(EVENT_LOGIN_FAILURE, {
+        reason: "failed",
        exception: stringifyError(e),
      });
    }
+
+    this.recordEvent(EVENT_LOGIN_END);
    actionsCore.endGroup();
  }
Author	SHA1	Message	Date
gustavderdrache	786fff0690	Apply fixups from CodeRabbit review (#200 )	2025-09-09 10:54:24 -04:00
gustavderdrache	f161ab07ed	Treat FlakeHub logins as a funnel (#199 )	2025-09-09 10:40:05 -04:00
gustavderdrache	61ce7897f4	Merge pull request #198 from DeterminateSystems/gustavderdrache/push-mzwwpswkrrup Record events if authentication is skipped	2025-09-09 09:58:05 -04:00
gustavderdrache	44f3801e21	Improve messages for when auth isn't available	2025-09-09 09:48:10 -04:00
gustavderdrache	cb6d4e86fa	Standardize login failure events	2025-09-09 09:44:32 -04:00
gustavderdrache	e686131f84	Record events if authentication is skipped	2025-09-08 16:04:19 -04:00
Graham Christensen	2c3a2981f1	Report the number of nix builds that passed / failed (#196 ) * Report the number of nix builds that passed / failed * Upgrade	2025-09-03 12:03:09 -04:00
detsys-pr-bot	18b667a294	Update `detsys-ts` for: `Capture the version of Nix in addition to the nix store version (#108)` (`c7303495f43d348cac78091ef434443b1ef22485`) (#197 ) Co-authored-by: grahamc <76716+grahamc@users.noreply.github.com>	2025-09-03 15:37:20 +00:00
detsys-pr-bot	428f3c64a3	Update `detsys-ts` for: `Merge pull request` `#106 from DeterminateSystems/fix-dependabot-warning` (`6d3f1c5a5781e58b3cd8060cfb578c0c95eeb51e`) (#194 ) Co-authored-by: lucperkins <1523104+lucperkins@users.noreply.github.com>	2025-07-30 15:59:25 +00:00
detsys-pr-bot	90bb610b90	Update `detsys-ts` for: `Await the request promise so we can cover it with the timout handler (#105)` (`20c4962e328c1eba8f04da00bbb7a7e307d511e0`) (#191 ) Co-authored-by: grahamc <76716+grahamc@users.noreply.github.com>	2025-07-14 22:53:06 +00:00
detsys-pr-bot	c723f3a885	Update `detsys-ts` for: `Skip complicated rewrites, record groups. (#104)` (`0095c476e55f64d04f1aa1e1bcc2524c329d073a`) (#190 ) Co-authored-by: grahamc <76716+grahamc@users.noreply.github.com>	2025-07-03 09:38:17 -04:00
Luc Perkins	41e0dcf215	Merge pull request #188 from detsys-pr-bot/detsys-ts-update-5084fa8e3263a0bed2383f46e407e6c2936e8289 Update `detsys-ts`: Remove FHC action since it's composite (#103)	2025-06-24 12:56:06 -07:00
grahamc	e455bc9d67	Update `detsys-ts` for: `Remove FHC action since it's composite (#103)` (`5084fa8e3263a0bed2383f46e407e6c2936e8289`)	2025-06-23 19:56:57 +00:00
detsys-pr-bot	b336b210d0	Update `detsys-ts` for: `Merge pull request` `#101 from DeterminateSystems/gustavderdrache/write-correlation` (`e252a66f00e041869f7e402e579141f7b8ab1edf`) (#187 ) Co-authored-by: gustavderdrache <194893+gustavderdrache@users.noreply.github.com>	2025-06-23 18:40:45 +00:00