DeterminateSystems/nix-installer-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: DeterminateSystems/nix-installer-action:main
Branches Tags
DeterminateSystems/nix-installer-action:main DeterminateSystems/nix-installer-action:actions-pinning DeterminateSystems/nix-installer-action:push-zutqoklymuso DeterminateSystems/nix-installer-action:gustavderdrache/write-correlation DeterminateSystems/nix-installer-action:biomejs DeterminateSystems/nix-installer-action:curl-data DeterminateSystems/nix-installer-action:colemickens/debug DeterminateSystems/nix-installer-action:try-env-style-settings DeterminateSystems/nix-installer-action:test-extra-conf
DeterminateSystems/nix-installer-action:v22 DeterminateSystems/nix-installer-action:v21 DeterminateSystems/nix-installer-action:v20 DeterminateSystems/nix-installer-action:v19 DeterminateSystems/nix-installer-action:v18 DeterminateSystems/nix-installer-action:v17 DeterminateSystems/nix-installer-action:v16 DeterminateSystems/nix-installer-action:v15 DeterminateSystems/nix-installer-action:v14 DeterminateSystems/nix-installer-action:v13 DeterminateSystems/nix-installer-action:v12 DeterminateSystems/nix-installer-action:v11 DeterminateSystems/nix-installer-action:v10 DeterminateSystems/nix-installer-action:v9 DeterminateSystems/nix-installer-action:v8 DeterminateSystems/nix-installer-action:v7 DeterminateSystems/nix-installer-action:v6 DeterminateSystems/nix-installer-action:v5 DeterminateSystems/nix-installer-action:v4 DeterminateSystems/nix-installer-action:v3 DeterminateSystems/nix-installer-action:v2 DeterminateSystems/nix-installer-action:v1
..
pull from: DeterminateSystems/nix-installer-action:test-extra-conf
Branches Tags
DeterminateSystems/nix-installer-action:actions-pinning DeterminateSystems/nix-installer-action:main DeterminateSystems/nix-installer-action:push-zutqoklymuso DeterminateSystems/nix-installer-action:gustavderdrache/write-correlation DeterminateSystems/nix-installer-action:biomejs DeterminateSystems/nix-installer-action:curl-data DeterminateSystems/nix-installer-action:colemickens/debug DeterminateSystems/nix-installer-action:try-env-style-settings DeterminateSystems/nix-installer-action:test-extra-conf
DeterminateSystems/nix-installer-action:v22 DeterminateSystems/nix-installer-action:v21 DeterminateSystems/nix-installer-action:v20 DeterminateSystems/nix-installer-action:v19 DeterminateSystems/nix-installer-action:v18 DeterminateSystems/nix-installer-action:v17 DeterminateSystems/nix-installer-action:v16 DeterminateSystems/nix-installer-action:v15 DeterminateSystems/nix-installer-action:v14 DeterminateSystems/nix-installer-action:v13 DeterminateSystems/nix-installer-action:v12 DeterminateSystems/nix-installer-action:v11 DeterminateSystems/nix-installer-action:v10 DeterminateSystems/nix-installer-action:v9 DeterminateSystems/nix-installer-action:v8 DeterminateSystems/nix-installer-action:v7 DeterminateSystems/nix-installer-action:v6 DeterminateSystems/nix-installer-action:v5 DeterminateSystems/nix-installer-action:v4 DeterminateSystems/nix-installer-action:v3 DeterminateSystems/nix-installer-action:v2 DeterminateSystems/nix-installer-action:v1

8 Commits
main .. test-extra-conf

Author SHA1 Message Date
Ana Hobden c67dd30e67 Is it fixed on main 2023-06-27 09:48:49 -07:00
Ana Hobden 0897b85290 Missed a rename in the if statement 2023-06-27 09:39:09 -07:00
Ana Hobden cc23aa2fec Remove unnecessary quotes 2023-06-27 09:37:51 -07:00
Ana Hobden 56ecdbd741 Whoops did not save 2023-06-27 09:36:19 -07:00
Ana Hobden e7cc0afd1d Try writing to file 2023-06-27 09:33:06 -07:00
Ana Hobden 317936b794 Does it work with block chomping 2023-06-27 09:10:37 -07:00
Ana Hobden 710f8bd079 Test simpler yaml string 2023-06-27 08:54:28 -07:00
Ana Hobden 1928ffb7dd Add extra-conf test 2023-06-27 08:31:35 -07:00
32 changed files with 341 additions and 120361 deletions
Expand all files Collapse all files
.editorconfig
-10
View File
@@ -1,10 +0,0 @@
# https://editorconfig.org
root = true
[*]
indent_style = space
indent_size = 2
end_of_line = lf
charset = utf-8
trim_trailing_whitespace = true
insert_final_newline = true
.envrc
-1
View File
@@ -1 +0,0 @@
use flake
.eslintrc.json
-74
View File
@@ -1,74 +0,0 @@
{
"plugins": ["@typescript-eslint"],
"extends": ["plugin:github/recommended"],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 9,
"sourceType": "module",
"project": "./tsconfig.json"
},
"settings": {
"import/resolver": {
"typescript": {}
}
},
"rules": {
"i18n-text/no-en": "off",
"eslint-comments/no-use": "off",
"import/no-namespace": "off",
"no-unused-vars": "off",
"@typescript-eslint/no-unused-vars": [
"error",
{
"argsIgnorePattern": "^_"
}
],
"@typescript-eslint/explicit-member-accessibility": [
"error",
{
"accessibility": "no-public"
}
],
"@typescript-eslint/no-base-to-string": "error",
"@typescript-eslint/no-require-imports": "error",
"@typescript-eslint/array-type": "error",
"@typescript-eslint/await-thenable": "error",
"@typescript-eslint/ban-ts-comment": "error",
"camelcase": "error",
"@typescript-eslint/consistent-type-assertions": "error",
"@typescript-eslint/explicit-function-return-type": [
"error",
{
"allowExpressions": true
}
],
"@typescript-eslint/func-call-spacing": ["error", "never"],
"@typescript-eslint/no-array-constructor": "error",
"@typescript-eslint/no-empty-interface": "error",
"@typescript-eslint/no-explicit-any": "error",
"@typescript-eslint/no-floating-promises": "error",
"@typescript-eslint/no-extraneous-class": "error",
"@typescript-eslint/no-for-in-array": "error",
"@typescript-eslint/no-inferrable-types": "error",
"@typescript-eslint/no-misused-new": "error",
"@typescript-eslint/no-namespace": "error",
"@typescript-eslint/no-non-null-assertion": "warn",
"@typescript-eslint/no-unnecessary-qualifier": "error",
"@typescript-eslint/no-unnecessary-type-assertion": "error",
"@typescript-eslint/no-useless-constructor": "error",
"@typescript-eslint/no-var-requires": "error",
"@typescript-eslint/prefer-for-of": "warn",
"@typescript-eslint/prefer-function-type": "warn",
"@typescript-eslint/prefer-includes": "error",
"@typescript-eslint/prefer-string-starts-ends-with": "error",
"@typescript-eslint/promise-function-async": "error",
"@typescript-eslint/require-array-sort-compare": "error",
"@typescript-eslint/restrict-plus-operands": "error",
"@typescript-eslint/type-annotation-spacing": "error",
"@typescript-eslint/unbound-method": "error"
},
"env": {
"node": true,
"es6": true
}
}
.gitattributes
-2
View File
@@ -1,2 +0,0 @@
dist/* linguist-generated=true
.github/verify-version.sh
-17
View File
@@ -1,17 +0,0 @@
#!/usr/bin/env bash
# This script verifies that the version of Nix installed on the runner
# matches the version supplied in the first argument.
EXPECTED_VERSION="${1}"
INSTALLED_NIX_VERSION_OUTPUT=$(nix --version)
INSTALLED_NIX_VERSION=$(echo "${INSTALLED_NIX_VERSION_OUTPUT}" | awk '{print $NF}')
if [ "${INSTALLED_NIX_VERSION}" != "${EXPECTED_VERSION}" ]; then
echo "Nix version ${INSTALLED_NIX_VERSION} didn't match expected version ${EXPECTED_VERSION}"
exit 1
else
echo "Success! Nix version ${INSTALLED_NIX_VERSION} installed as expected"
exit 0
fi
.github/workflows/ci.yml
+75 -102
View File
@@ -4,82 +4,25 @@ on:
pull_request:
push:
branches: [main]
workflow_dispatch:
jobs:
tests:
runs-on: ubuntu-latest
needs:
- check-dist-up-to-date
- install-nix
- install-with-non-default-source-inputs
- install-no-id-token
# NOTE(cole-h): GitHub treats "skipped" as "OK" for the purposes of required checks on branch
# protection, so we take advantage of this fact and fail if any of the dependent actions failed,
# or "skip" (which is a success for GHA's purposes) if none of them did.
if: failure()
run-x86_64-linux:
name: Run x86_64 Linux
runs-on: ubuntu-22.04
steps:
- name: Dependent checks failed
run: exit 1
check-dist-up-to-date:
name: Check the dist/ folder is up to date
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/flakehub-cache-action@main
- name: npm install
run: nix develop --command npm ci
- name: prettier format
run: nix develop --command npm run check-fmt
- name: ESLint
run: nix develop --command npm run lint
- name: tsup build
run: nix develop --command npm run build
- name: ncc package
run: nix develop --command npm run package
- name: Git status
run: git status --porcelain=v1
- name: Ensure no staged changes
run: git diff --exit-code
install-nix:
name: "Test: ${{ matrix.system.nix-system }} on ${{ matrix.system.runner }}${{ matrix.determinate && ' with determinate' || '' }}"
strategy:
fail-fast: false
matrix:
system:
- {
nix-system: x86_64-linux,
runner: nscloud-ubuntu-22.04-amd64-4x16,
}
- { nix-system: aarch64-darwin, runner: macos-latest }
determinate:
- true
- false
runs-on: ${{ matrix.system.runner }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
_internal-strict-mode: true
determinate: ${{ matrix.determinate }}
nix-installer-branch: main
extra-conf: |
experimental-features = impure-derivations
- run: cat /etc/nix/nix.conf
- name: echo $PATH
run: echo $PATH
- name: Render the devshell
if: (success() || failure())
run: |
nix develop --command date
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
@@ -88,7 +31,6 @@ jobs:
hello
nix store gc
nix run nixpkgs#hello
- name: Test bash
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
@@ -97,17 +39,12 @@ jobs:
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
shell: sh -l {0}
- name: Test zsh
run: if (zsh --help > /dev/null); then zsh --login --interactive -c "nix-instantiate -E 'builtins.currentTime' --eval"; fi
if: success() || failure()
- name: Install Nix again (noop)
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
_internal-strict-mode: true
determinate: ${{ matrix.determinate }}
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
@@ -125,8 +62,6 @@ jobs:
reinstall: true
extra-conf: |
use-sqlite-wal = true
_internal-strict-mode: true
determinate: ${{ matrix.determinate }}
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
@@ -137,38 +72,76 @@ jobs:
nix run nixpkgs#hello
- name: Verify the generated nix.conf
run: |
nix config show
cat -n /etc/nix/nix.conf
nix config show | grep -E "^trusted-users = .*$USER"
nix config show | grep -E "^use-sqlite-wal = true"
install-with-non-default-source-inputs:
name: Install Nix using non-default source-${{ matrix.inputs.key }}
runs-on: ubuntu-latest
strategy:
matrix:
inputs:
# https://github.com/DeterminateSystems/nix-installer/blob/v3.11.3
- key: url
value: https://github.com/DeterminateSystems/nix-installer/releases/download/v3.11.3/nix-installer-x86_64-linux
nix-version: "2.31.2" # 3.11.3 is based on 2.31.2
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
run-x86_64-darwin:
name: Run x86_64 Darwin
runs-on: macos-12
steps:
- uses: actions/checkout@v6
- name: Install with alternative source-${{ matrix.inputs.key }}
- uses: actions/checkout@v3
- name: Install Nix
uses: ./
with:
source-${{ matrix.inputs.key }}: ${{ matrix.inputs.value }}
_internal-strict-mode: true
- name: Ensure that the expected Nix version ${{ matrix.inputs.nix-version }} is installed via alternative source-${{ matrix.inputs.key }}
run: .github/verify-version.sh ${{ matrix.inputs.nix-version }}
install-no-id-token:
name: Install Nix without an ID token
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: ./
logger: pretty
log-directives: nix_installer=trace
backtrace: full
- name: echo $PATH
run: echo $PATH
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
nix run nixpkgs#hello
nix profile install nixpkgs#hello
hello
nix store gc
nix run nixpkgs#hello
- name: Test bash
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
shell: bash --login {0}
- name: Test sh
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
shell: sh -l {0}
- name: Test zsh
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
shell: zsh --login --interactive {0}
- name: Install Nix again (noop)
uses: ./
with:
_internal-strict-mode: true
determinate: true
logger: pretty
log-directives: nix_installer=trace
backtrace: full
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
nix run nixpkgs#hello
nix profile install nixpkgs#hello
hello
nix store gc
nix run nixpkgs#hello
- name: Reinstall Nix
uses: ./
with:
logger: pretty
log-directives: nix_installer=trace
backtrace: full
reinstall: true
extra-conf: |
use-sqlite-wal = true
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
nix run nixpkgs#hello
nix profile install nixpkgs#hello
hello
nix store gc
nix run nixpkgs#hello
- name: Verify the generated nix.conf
run: |
cat -n /etc/nix/nix.conf
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
.gitignore
-101
View File
@@ -1,101 +0,0 @@
# Dependency directory
node_modules
# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
# Logs
logs
*.log
npm-debug.log*
yarn-debug.log*
yarn-error.log*
lerna-debug.log*
# Diagnostic reports (https://nodejs.org/api/report.html)
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
# Runtime data
pids
*.pid
*.seed
*.pid.lock
# Directory for instrumented libs generated by jscoverage/JSCover
lib-cov
# Coverage directory used by tools like istanbul
coverage
*.lcov
# nyc test coverage
.nyc_output
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
.grunt
# Bower dependency directory (https://bower.io/)
bower_components
# node-waf configuration
.lock-wscript
# Compiled binary addons (https://nodejs.org/api/addons.html)
build/Release
# Dependency directories
jspm_packages/
# TypeScript v1 declaration files
typings/
# TypeScript cache
*.tsbuildinfo
# Optional npm cache directory
.npm
# Optional eslint cache
.eslintcache
# Optional REPL history
.node_repl_history
# Output of 'npm pack'
*.tgz
# Yarn Integrity file
.yarn-integrity
# dotenv environment variables file
.env
.env.test
# parcel-bundler cache (https://parceljs.org/)
.cache
# next.js build output
.next
# nuxt.js build output
.nuxt
# vuepress build output
.vuepress/dist
# Serverless directories
.serverless/
# FuseBox cache
.fusebox/
# DynamoDB Local files
.dynamodb/
# OS metadata
.DS_Store
Thumbs.db
# Ignore built ts files
__tests__/runner/*
lib/**/*
.direnv
.prettierignore
-6
View File
@@ -1,6 +0,0 @@
.direnv/
dist/
lib/
node_modules/
package-lock.json
.prettierrc.json
-1
View File
@@ -1 +0,0 @@
{}
CONTRIBUTING.md
-5
View File
@@ -1,5 +0,0 @@
# Submitting Pull Requests
Run `npm ci` to install necessary JS tools.
This action is based off https://github.com/actions/javascript-action. As part of your contributing flow you **must** run `npm run all` before we can merge.
README.md
+41 -138
View File
@@ -1,20 +1,6 @@
# The Determinate Nix Installer Action
# Nix Installer Action
The fast, friendly, and reliable GitHub Action to install [Determinate Nix][det-nix] with [flakes].
The Determinate Nix Installer Action is based on [Determinate Nix Installer][installer], which is responsible for tens of thousands of installs daily.
## Supports
-**Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info.
- ✅ Linux (x86_64 and aarch64)
- ✅ macOS (aarch64)
- ✅ Windows Subsystem for Linux (WSL) (x86_64 and aarch64)
- ✅ Containers
- ✅ Valve's SteamOS
- ✅ GitHub Enterprise Server
- ✅ GitHub Hosted, self-hosted, and long running Actions Runners
## Usage
You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github action like so:
```yaml
on:
@@ -25,139 +11,56 @@ on:
jobs:
lints:
name: Build
runs-on: ubuntu-latest
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/nix-installer-action@main
- run: nix build .
```
> [!NOTE]
> This Action installs [Determinate Nix][det-nix] by default.
> You can, however, use it to install [upstream Nix](#installing-upstream-nix) until **January 1, 2026**.
### With FlakeHub
To fetch private flakes from FlakeHub and Nix builds from FlakeHub Cache, update the `permissions` block and use [`determinate-nix-action`][determinate-nix-action] instead of this Action:
```yaml
on:
pull_request:
push:
branches: [main]
jobs:
lints:
name: Build
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v6
- uses: DeterminateSystems/determinate-nix-action@v3
- run: nix build .
- uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v2
- name: Run `nix build`
run: nix build .
```
See [`.github/workflows/ci.yml`](.github/workflows/ci.yml) for a full example.
### Pinning the version
This GitHub Action uses the most recent version of Determinate Nix Installer, even when the Action itself is pinned.
If you wish to pin your CI workflows to a specific Determinate Nix version, use the [`determinate-nix-action`][determinate-nix-action].
That Action is updated and tagged for every Determinate release.
The `DeterminateSystems/determinate-nix-action@v3.5.2` reference, for example, always installs Determinate Nix v3.5.2.
Additionally, an extra tag on the major version is kept up to date with the current release.
The `DeterminateSystems/determinate-nix-action@v3` reference, for example, installs the most recent release in the `v3.x.y` series.
If you do tag to a specific version, please [use Dependabot to update your actions][dependabot-actions].
### Advanced Usage
- If KVM is available, the installer sets up KVM so that Nix can use it ,and exports the `DETERMINATE_NIX_KVM` environment variable set to 1.
If KVM is not available, `DETERMINATE_NIX_KVM` is set to 0.
This can be used in combination with GitHub Actions' `if` syntax for turning on and off steps.
## Installation Differences
Differing from the upstream [Nix](https://github.com/NixOS/nix) installer scripts:
- In `nix.conf`:
- the `nix-command` and `flakes` features are enabled
- `bash-prompt-prefix` is set
- `auto-optimise-store` is set to `true` (On Linux only)
- `extra-nix-path` is set to `nixpkgs=flake:nixpkgs`
- `max-jobs` is set to `auto`
- KVM is enabled by default.
- an installation receipt (for uninstalling) is stored at `/nix/receipt.json` as well as a copy of the install binary at `/nix/nix-installer`
- `nix-channel --update` is not run, `~/.nix-channels` is not provisioned
- `ssl-cert-file` is set in `/etc/nix/nix.conf` if the `ssl-cert-file` argument is used.
## Configuration
| Parameter | Description | Type | Default |
| :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------- | :------------------------------------------------------------- |
| `backtrace` | The setting for [`RUST_BACKTRACE`][backtrace] | string | |
| `determinate` | Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches. | Boolean | `true` |
| `extra-args` | Extra arguments to pass to the planner (prefer using structured `with:` arguments unless using a custom [planner]!) | string | |
| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | string | |
| `flakehub` | Deprecated. Implies `determinate`. | Boolean | `false` |
| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | Boolean | `false` |
| `github-token` | A [GitHub token] for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | string | `${{ github.token }}` |
| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | string | `${{ github.server }}` |
| `init` | The init system to configure (requires `planner: linux-multi`) | enum (`none` or `systemd`) | |
| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test support, if the host supports it. | Boolean | `true` |
| `local-root` | A local `nix-installer` binary root. Overrides the `nix-installer-url` setting (a `nix-installer.sh` should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`). | Boolean | `false` |
| `log-directives` | A list of [tracing directives], comma separated with `-`s replaced with `_` (eg. `nix_installer=trace`) | string | |
| `logger` | The logger to use during installation | enum (`pretty`, `json`, `full`, `compact`) | |
| `mac-case-sensitive` | Use a case-sensitive volume (`planner: macos` only) | Boolean | `false` |
| `mac-encrypt` | Force encryption on the volume (`planner: macos` only) | Boolean | `false` |
| `mac-root-disk` | The root disk of the target (`planner: macos` only) | string | |
| `mac-volume-label` | The label for the created [APFS] volume (`planner: macos` only) | string | |
| `modify-profile` | Modify the user [profile] to automatically load Nix | Boolean | `false` |
| `nix-build-group-id` | The Nix build group GID | integer | |
| `nix-build-group-name` | The Nix build group name | string | |
| `nix-build-user-base` | The Nix build user base UID (ascending) | integer | |
| `nix-build-user-count` | The number of build users to create | integer | 32 |
| `nix-build-user-prefix` | The Nix build user prefix (user numbers will be postfixed) | string | |
| `source-branch` | The branch of `nix-installer` to use (conflicts with the `source-tag`, `source-revision`, and `source-branch`) | string | |
| `source-pr` | The pull request of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, and `source-branch`) | integer | |
| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, and `source-pr`) | string | |
| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | string | |
| `source-url` | A URL pointing to the `nix-installer` binary | URL | n/a (calculated) |
| `nix-package-url` | The Nix package URL | URL | |
| `planner` | The installation [planner] to use | enum (`linux` or `macos`) | |
| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | Boolean | `false` |
| `start-daemon` | If the daemon should be started, requires `planner: linux-multi` | Boolean | `false` |
| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | Boolean | `true` |
| `summarize` | Whether to add a build summary and timeline chart to the GitHub job summary | Boolean | `true` |
| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends install [diagnostic reports](https://github.com/DeterminateSystems/nix-installer#diagnostics) to, to disable set this to an empty string | string | `https://install.determinate.systems/nix-installer/diagnostic` |
| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | string | |
| `ssl-cert-file` | An SSL cert to use (if any), used for fetching Nix and sets `NIX_SSL_CERT_FILE` for Nix | string | |
## Installing upstream Nix
Although Determinate Nix is the default, you can also use this Action to install [upstream Nix][upstream].
Make sure to set `determinate: false` in the Action's configuration:
```yaml
- uses: DeterminateSystems/nix-installer-action@main
with:
determinate: false
```
This option will be available until **January 1, 2026**, at which point installing upstream Nix using this Action will no longer be possible.
| Parameter | Description | Type | Default |
| :----------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------- | :--------------------------------------------------- |
| `backtrace` | The setting for [`RUST_BACKTRACE`][backtrace] | string | |
| `extra-args` | Extra arguments to pass to the planner (prefer using structured `with:` arguments unless using a custom [planner]!) | string | |
| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | string | |
| `github-token` | A [GitHub token] for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | string | `${{ github.token }}` |
| `init` | The init system to configure (requires `planner: linux-multi`) | enum (`none` or `systemd`) | |
| `local-root` | A local `nix-installer` binary root. Overrides the `nix-installer-url` setting (a `nix-installer.sh` should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`). | Boolean | `false` |
| `log-directives` | A list of [tracing directives], comma separated with `-`s replaced with `_` (eg. `nix_installer=trace`) | string | |
| `logger` | The logger to use during installation | enum (`pretty`, `json`, `full`, `compact`) | |
| `mac-case-sensitive` | Use a case-sensitive volume (`planner: macos` only) | Boolean | `false` |
| `mac-encrypt` | Force encryption on the volume (`planner: macos` only) | Boolean | `false` |
| `mac-root-disk` | The root disk of the target (`planner: macos` only) | string | |
| `mac-volume-label` | The label for the created [APFS] volume (`planner: macos` only) | string | |
| `modify-profile` | Modify the user [profile] to automatically load Nix | Boolean | `false` |
| `nix-build-group-id` | The Nix build group GID | integer | |
| `nix-build-group-name` | The Nix build group name | string | |
| `nix-build-user-base` | The Nix build user base UID (ascending) | integer | |
| `nix-build-user-count` | The number of build users to create | integer | 32 |
| `nix-build-user-prefix` | The Nix build user prefix (user numbers will be postfixed) | string | |
| `nix-installer-branch` | The branch of `nix-installer` to use (conflicts with the `nix-installer-tag`, `nix-installer-revision`, and `nix-installer-branch`) | string | |
| `nix-installer-pr` | The pull request of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, and `nix-installer-branch`) | integer | |
| `nix-installer-revision` | The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, and `nix-installer-pr`) | string | |
| `nix-installer-tag` | The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`) | string | |
| `nix-installer-url` | A URL pointing to a `nix-installer.sh` script | URL | `https://install.determinate.systems/nix` |
| `nix-package-url` | The Nix package URL | URL | |
| `planner` | The installation [planner] to use | enum (`linux` or `macos`) | |
| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | Boolean | `false` |
| `start-daemon` | If the daemon should be started, requires `planner: linux-multi` | Boolean | `false` |
| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | Boolean | `true` |
| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends install [diagnostic reports](https://github.com/DeterminateSystems/nix-installer#diagnostics) to, to disable set this to an empty string | string | `https://install.determinate.systems/nix/diagnostic` |
| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | string | |
| `ssl-cert-file` | An SSL cert to use (if any), used for fetching Nix and sets `NIX_SSL_CERT_FILE` for Nix | string | |
[apfs]: https://en.wikipedia.org/wiki/Apple_File_System
[backtrace]: https://doc.rust-lang.org/std/backtrace/index.html#environment-variables
[dependabot-actions]: https://github.com/DeterminateSystems/determinate-nix-action?tab=readme-ov-file#-automate-updates-with-dependabot
[det-nix]: https://docs.determinate.systems/determinate-nix
[determinate-nix-action]: https://github.com/DeterminateSystems/determinate-nix-action
[github token]: https://docs.github.com/en/actions/security-guides/automatic-token-authentication
[installer]: https://github.com/DeterminateSystems/nix-installer
[planner]: https://github.com/determinateSystems/nix-installer#usage
[profile]: https://nixos.org/manual/nix/stable/package-management/profiles
[tracing directives]: https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives
[upstream]: https://github.com/NixOS/nix
action.yml
+225 -69
View File
@@ -7,42 +7,20 @@ inputs:
backtrace:
description: The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)
required: false
determinate:
description: |
Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches.
default: true
extra-args:
description: Extra args to pass to the planner (prefer using structured `with:` arguments unless using a custom planner!)
required: false
extra-conf:
description: Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)
required: false
flakehub:
description: Deprecated. Implies `determinate`.
required: false
default: false
force-no-systemd:
description: Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.
required: false
default: false
github-token:
description: A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)
default: ${{ github.token }}
github-server-url:
description: The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server.
default: ${{ github.server_url }}
init:
description: "The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)"
required: false
job-status:
description: The overall status of the job. Set automatically, for aggregate analysis of Nix stability.
default: ${{ job.status }}
kvm:
description: Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it.
required: false
default: true
local-root:
description: A local `nix-installer` binary root, overrides any settings which change the `nix-installer` used (binaries should be named `nix-installer-$ARCH-$OS`, eg. `nix-installer-x86_64-linux`)
description: A local `nix-installer` binary root, overrides the `nix-installer-url` setting (a `nix-installer.sh` script should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`)
required: false
log-directives:
description: A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives)
@@ -53,7 +31,7 @@ inputs:
ssl-cert-file:
description: "An SSL cert to use (if any), used for fetching Nix and sets `NIX_SSL_CERT_FILE` for Nix"
required: false
proxy:
pproxy:
description: "The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL`"
required: false
mac-case-sensitive:
@@ -71,7 +49,6 @@ inputs:
modify-profile:
description: Modify the user profile to automatically load nix
required: false
default: true
nix-build-group-id:
description: The Nix build group GID
required: false
@@ -87,23 +64,20 @@ inputs:
nix-build-user-prefix:
description: The Nix build user prefix (user numbers will be postfixed)
required: false
source-binary:
description: Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action.
nix-installer-branch:
description: The branch of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-pr`)
required: false
source-branch:
description: The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`)
nix-installer-pr:
description: The PR of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-branch`)
required: false
source-pr:
description: The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`)
nix-installer-revision:
description: The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, `nix-installer-pr`)
required: false
source-revision:
description: The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`)
nix-installer-tag:
description: The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`)
required: false
source-tag:
description: The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)
required: false
source-url:
description: A URL pointing to a `nix-installer` executable
nix-installer-url:
description: A URL pointing to a `nix-installer.sh` script
required: false
nix-package-url:
description: The Nix package URL
@@ -114,42 +88,224 @@ inputs:
reinstall:
description: Force a reinstall if an existing installation is detected (consider backing up `/nix/store`)
required: false
default: false
start-daemon:
description: "If the daemon should be started, requires `planner: linux`"
description: "If the daemon should be started, requires `planner: linux-multi`"
required: false
default: true
diagnostic-endpoint:
description: "Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string."
required: false
default: "-"
default: "https://install.determinate.systems/nix/diagnostic"
trust-runner-user:
description: Whether to make the runner user trusted by the Nix daemon
default: true
summarize:
description: Whether to add a build summary and timeline chart to the GitHub job summary
default: true
nix-installer-branch:
description: (deprecated) The branch of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-pr`)
required: false
nix-installer-pr:
description: (deprecated) The PR of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-branch`)
required: false
nix-installer-revision:
description: (deprecated) The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, `nix-installer-pr`)
required: false
nix-installer-tag:
description: (deprecated) The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`)
required: false
nix-installer-url:
description: (deprecated) A URL pointing to a `nix-installer.sh` script
required: false
_internal-strict-mode:
description: Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.
required: false
default: false
default: "true"
runs:
using: "node24"
main: "dist/index.js"
post: "dist/index.js"
using: composite
steps:
- name: Install Nix
shell: bash
run: |
if [ -f "/nix/receipt.json" ] && [ -f "/nix/nix-installer" ]; then
if ([ -n "${{ inputs.nix-installer-revision }}" ] || [ -n "${{ inputs.nix-installer-branch }}" ]) && [ "${{ inputs.reinstall }}" != "true" ]; then
echo "Detection of existing installation versions isn't supported when `nix-installer-revision` or `nix-installer-branch` are set, `reinstall: true` should also be set"
fi
if [ -n "${{ inputs.reinstall }}" ] && [ "${{ inputs.reinstall }}" == "true" ]; then
/nix/nix-installer uninstall --no-confirm
else
EXISTING_VERSION=$(/nix/nix-installer --version | awk '{ print $2 }')
if [ -n "${{ inputs.nix-installer-tag }}" ] && [ "${{ inputs.nix-installer-tag }}" != "$EXISTING_VERSION" ]; then
echo "`nix-installer` version mismatch, use `reinstall: true` to reinstall Nix using the new `nix-installer` version (consider backing up `/nix/store`)"
exit 1
fi
echo "Nix was already installed, using existing install"
echo "/nix/var/nix/profiles/default/bin" >> $GITHUB_PATH
echo "$HOME/.nix-profile/bin" >> $GITHUB_PATH
exit 0
fi
fi
if [ -n "${{ inputs.modify-profile }}" ]; then
export NIX_INSTALLER_MODIFY_PROFILE=${{ inputs.modify-profile }}
echo "Set NIX_INSTALLER_MODIFY_PROFILE=$NIX_INSTALLER_MODIFY_PROFILE"
fi
if [ -n "${{ inputs.nix-build-user-count }}" ]; then
export NIX_INSTALLER_NIX_BUILD_USER_COUNT=${{ inputs.nix-build-user-count }}
echo "Set NIX_INSTALLER_NIX_BUILD_USER_COUNT=$NIX_INSTALLER_NIX_BUILD_USER_COUNT"
fi
if [ -n "${{ inputs.nix-build-group-name }}" ]; then
export NIX_INSTALLER_NIX_BUILD_GROUP_NAME=${{ inputs.nix-build-group-name }}
echo "Set NIX_INSTALLER_NIX_BUILD_GROUP_NAME=$NIX_INSTALLER_NIX_BUILD_GROUP_NAME"
fi
if [ -n "${{ inputs.nix-build-group-id }}" ]; then
export NIX_INSTALLER_NIX_BUILD_GROUP_ID=${{ inputs.nix-build-group-id }}
echo "Set NIX_INSTALLER_NIX_BUILD_GROUP_ID=$NIX_INSTALLER_NIX_BUILD_GROUP_ID"
fi
if [ -n "${{ inputs.nix-build-user-prefix }}" ]; then
export NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=${{ inputs.nix-build-user-prefix }}
echo "Set NIX_INSTALLER_NIX_BUILD_USER_ID_BASE=$NIX_INSTALLER_NIX_BUILD_USER_ID_BASE"
fi
if [ -n "${{ inputs.nix-build-user-base }}" ]; then
export NIX_INSTALLER_NIX_BUILD_USER_PREFIX=${{ inputs.nix-build-user-base }}
echo "Set NIX_INSTALLER_NIX_BUILD_USER_PREFIX=$NIX_INSTALLER_NIX_BUILD_USER_PREFIX"
fi
if [ -n "${{ inputs.nix-package-url }}" ]; then
export NIX_INSTALLER_NIX_PACKAGE_URL=${{ inputs.nix-package-url }}
echo "Set NIX_INSTALLER_NIX_PACKAGE_URL=$NIX_INSTALLER_NIX_PACKAGE_URL"
fi
NIX_EXTRA_CONF_FILE=$(mktemp --suffix=nix-installer-extra-conf)
if [ -n "${{ inputs.extra-conf }}" ]; then
echo "${{ inputs.extra-conf }}" >> ${NIX_EXTRA_CONF_FILE}
fi
if [ -n "${{ inputs.github-token }}" ]; then
echo "access-tokens = github.com=${{ inputs.github-token }}" >> ${NIX_EXTRA_CONF_FILE}
fi
if [ "${{ inputs.trust-runner-user }}" == "true" ]; then
echo "trusted-users = root $USER" >> ${NIX_EXTRA_CONF_FILE}
fi
if [ -n "$NIX_EXTRA_CONF_FILE" ]; then
export NIX_INSTALLER_EXTRA_CONF=$(cat ${NIX_EXTRA_CONF_FILE})
echo "Set NIX_INSTALLER_EXTRA_CONF=$NIX_INSTALLER_EXTRA_CONF"
fi
if [ -n "${{ inputs.mac-encrypt }}" ]; then
export NIX_INSTALLER_ENCRYPT=${{ inputs.mac-encrypt }}
echo "Set NIX_INSTALLER_ENCRYPT=$NIX_INSTALLER_ENCRYPT"
fi
if [ -n "${{ inputs.mac-case-sensitive }}" ]; then
export NIX_INSTALLER_CASE_SENSITIVE=${{ inputs.mac-case-sensitive }}
echo "Set NIX_INSTALLER_CASE_SENSITIVE=$NIX_INSTALLER_CASE_SENSITIVE"
fi
if [ -n "${{ inputs.mac-volume-label }}" ]; then
export NIX_INSTALLER_VOLUME_LABEL=${{ inputs.mac-volume-label }}
echo "Set NIX_INSTALLER_VOLUME_LABEL=$NIX_INSTALLER_VOLUME_LABEL"
fi
if [ -n "${{ inputs.mac-root-disk }}" ]; then
export NIX_INSTALLER_ROOT_DISK=${{ inputs.mac-root-disk }}
echo "Set NIX_INSTALLER_ROOT_DISK=$NIX_INSTALLER_ROOT_DISK"
fi
if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-tag }}" ]; then
echo "The nix-installer-pr and nix-installer-tag options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then
echo "The nix-installer-pr and nix-installer-revision options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-pr }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then
echo "The nix-installer-pr and nix-installer-branch options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-tag }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then
echo "The nix-installer-tag and nix-installer-revision options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-branch }}" ] && [ -n "${{ inputs.nix-installer-revision }}" ]; then
echo "The nix-installer-branch and nix-installer-revision options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-tag }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then
echo "The nix-installer-tag and nix-installer-branch options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-pr }}" ]; then
echo "The nix-installer-url and nix-installer-pr options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-tag }}" ]; then
echo "The nix-installer-url and nix-installer-tag options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.nix-installer-url }}" ] && [ -n "${{ inputs.nix-installer-branch }}" ]; then
echo "The nix-installer-url and nix-installer-branch options conflict, please choose one"
exit 1
fi
if [ -n "${{ inputs.local-root }}" ]; then
if [ "$RUNNER_OS" == "macOS" ]; then
export PYTHON="python3"
else
export PYTHON="python"
fi
$PYTHON -m http.server --directory ${{ inputs.local-root }} --bind 0.0.0.0 8000 &
export HTTP_PID=$!
echo "Started simple http server for ${{ inputs.local-root }} on 0.0.0.0:8000"
while (! (: </dev/tcp/localhost/8000) &> /dev/null); do
sleep 1
done
export NIX_INSTALLER_FORCE_ALLOW_HTTP="1"
echo "Set NIX_INSTALLER_FORCE_ALLOW_HTTP=$NIX_INSTALLER_FORCE_ALLOW_HTTP"
export NIX_INSTALLER_URL=0.0.0.0:8000/nix-installer.sh
echo "Set NIX_INSTALLER_URL=$NIX_INSTALLER_URL"
export NIX_INSTALLER_BINARY_ROOT=http://0.0.0.0:8000/
echo "Set NIX_INSTALLER_BINARY_ROOT=$NIX_INSTALLER_BINARY_ROOT"
export NIX_INSTALLER_FORCE_ALLOW_HTTP=1
echo "Set NIX_INSTALLER_FORCE_ALLOW_HTTP=$NIX_INSTALLER_FORCE_ALLOW_HTTP"
else
if [ -n "${{ inputs.nix-installer-url }}" ]; then
export NIX_INSTALLER_URL=${{ inputs.nix-installer-url }}
else
if [ -n "${{ inputs.nix-installer-pr }}" ]; then
export NIX_INSTALLER_URL=https://install.determinate.systems/nix/pr/${{ inputs.nix-installer-pr }}
elif [ -n "${{ inputs.nix-installer-tag }}" ]; then
export NIX_INSTALLER_URL=https://install.determinate.systems/nix/tag/${{ inputs.nix-installer-tag }}
elif [ -n "${{ inputs.nix-installer-revision }}" ]; then
export NIX_INSTALLER_URL=https://install.determinate.systems/nix/rev/${{ inputs.nix-installer-revision }}
elif [ -n "${{ inputs.nix-installer-branch }}" ]; then
export NIX_INSTALLER_URL=https://install.determinate.systems/nix/branch/${{ inputs.nix-installer-branch }}
else
export NIX_INSTALLER_URL=https://install.determinate.systems/nix
fi
fi
echo "Set NIX_INSTALLER_URL=$NIX_INSTALLER_URL"
fi
if [ -n "${{ inputs.logger }}" ]; then
export NIX_INSTALLER_LOGGER=${{ inputs.logger }}
echo "Set NIX_INSTALLER_LOGGER=$NIX_INSTALLER_LOGGER"
fi
if [ -n "${{ inputs.init }}" ]; then
export NIX_INSTALLER_INIT=${{ inputs.init }}
echo "Set NIX_INSTALLER_INIT=$NIX_INSTALLER_INIT"
fi
if [ -n "${{ inputs.start-daemon }}" ]; then
export NIX_INSTALLER_START_DAEMON=${{ inputs.start-daemon }}
echo "Set NIX_INSTALLER_START_DAEMON=$NIX_INSTALLER_START_DAEMON"
fi
if [ -n "${{ inputs.log-directives }}" ]; then
export NIX_INSTALLER_LOG_DIRECTIVES=${{ inputs.log-directives }}
echo "Set NIX_INSTALLER_LOG_DIRECTIVES=$NIX_INSTALLER_LOG_DIRECTIVES"
fi
if [ -n "${{ inputs.backtrace }}" ]; then
export RUST_BACKTRACE=${{ inputs.backtrace }}
echo "Set RUST_BACKTRACE=$RUST_BACKTRACE"
fi
if [ -n "${{ inputs.diagnostic-endpoint }}" ]; then
export NIX_INSTALLER_DIAGNOSTIC_ENDPOINT="${{ inputs.diagnostic-endpoint }}"
echo "Set NIX_INSTALLER_DIAGNOSTIC_ENDPOINT=$NIX_INSTALLER_DIAGNOSTIC_ENDPOINT"
fi
export NIX_INSTALLER_NO_CONFIRM=true
echo "Set NIX_INSTALLER_NO_CONFIRM=$NIX_INSTALLER_NO_CONFIRM"
curl --retry 20 -L $NIX_INSTALLER_URL | sh -s -- install ${{ inputs.planner }} ${{ inputs.extra-args }}
if [ -n "$HTTP_PID" ]; then
kill $HTTP_PID
fi
dist/index.d.ts
Vendored
-2
View File
@@ -1,2 +0,0 @@
export { }
dist/index.js
Vendored
-109503
View File
File diff suppressed because one or more lines are too long
dist/package.json
Vendored
-3
View File
@@ -1,3 +0,0 @@
{
"type": "module"
}
flake.lock
Generated
-25
View File
@@ -1,25 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1777954456,
"narHash": "sha256-hGdgeU2Nk87RAuZyYjyDjFL6LK7dAZN5RE9+hrDTkDU=",
"rev": "549bd84d6279f9852cae6225e372cc67fb91a4c1",
"revCount": 992384,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.992384%2Brev-549bd84d6279f9852cae6225e372cc67fb91a4c1/019df915-70b5-73a2-a5a4-63c620b45d9f/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}
flake.nix
-45
View File
@@ -1,45 +0,0 @@
# This flake was initially generated by fh, the CLI for FlakeHub (version 0.1.5)
{
description = "Development environment for the Nix Installer action for GitHub.";
inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1";
outputs =
{ self, ... }@inputs:
let
supportedSystems = [
"x86_64-linux"
"aarch64-darwin"
];
forEachSupportedSystem =
f:
inputs.nixpkgs.lib.genAttrs supportedSystems (
system:
f {
inherit system;
pkgs = import inputs.nixpkgs { inherit system; };
}
);
in
{
devShells = forEachSupportedSystem (
{ pkgs, system }:
{
default = pkgs.mkShell {
packages = with pkgs; [
nodejs_latest
self.formatter.${system}
# Keep people from accidentally running pnpm
(writeScriptBin "pnpm" ''
echo "pnpm is no longer used in this repo; use npm instead"
exit 1
'')
];
};
}
);
formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt);
};
}
package-lock.json
Generated
-8097
View File
File diff suppressed because it is too large Load Diff
package.json
-52
View File
@@ -1,52 +0,0 @@
{
"name": "nix-installer-action",
"version": "1.0.0",
"description": "You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github Action:",
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
"type": "module",
"scripts": {
"build": "tsup",
"format": "prettier --write .",
"check-fmt": "prettier --check .",
"lint": "eslint src/**/*.ts",
"package": "ncc build",
"test": "vitest --watch false",
"all": "npm run test && npm run format && npm run lint && npm run build && npm run package"
},
"repository": {
"type": "git",
"url": "git+https://github.com/DeterminateSystems/nix-installer-action.git"
},
"keywords": [],
"author": "",
"license": "ISC",
"bugs": {
"url": "https://github.com/DeterminateSystems/nix-installer-action/issues"
},
"homepage": "https://github.com/DeterminateSystems/nix-installer-action#readme",
"dependencies": {
"@actions/core": "^3.0.0",
"@actions/exec": "^3.0.0",
"@actions/github": "^9.0.0",
"detsys-ts": "github:DeterminateSystems/detsys-ts",
"got": "^14.6.6",
"string-argv": "^0.3.2",
"vitest": "^3.2.4"
},
"devDependencies": {
"@trivago/prettier-plugin-sort-imports": "^4.3.0",
"@types/node": "^20.19.37",
"@types/uuid": "^9.0.8",
"@typescript-eslint/eslint-plugin": "^7.18.0",
"@vercel/ncc": "^0.38.4",
"eslint": "^8.57.1",
"eslint-import-resolver-typescript": "^3.10.1",
"eslint-plugin-github": "^4.10.2",
"eslint-plugin-import": "^2.32.0",
"eslint-plugin-prettier": "^5.5.5",
"prettier": "^3.8.1",
"tsup": "^8.5.1",
"typescript": "^5.9.3"
}
}
src/annotate.ts
-66
View File
@@ -1,66 +0,0 @@
import * as core from "@actions/core";
import type { Fix, FixHashesOutputV1, Mismatch } from "./fixHashes.js";
function prettyDerivation(derivation: string): string {
return derivation.replace(/\/nix\/store\/\w+-/, "").replace(/.drv$/, "");
}
function annotateSingle(
file: string,
line: number,
{ derivation, replacement }: Mismatch,
): void {
const pretty = prettyDerivation(derivation);
core.error(`To correct the hash mismatch for ${pretty}, use ${replacement}`, {
file,
startLine: line,
});
}
function annotateMultiple(
file: string,
{ line, found, mismatches }: Fix,
): void {
const matches = mismatches
.map(({ derivation, replacement }) => {
const pretty = prettyDerivation(derivation);
return `* For the derivation ${pretty}, use ${replacement}`;
})
.join("\n");
core.error(
`There are multiple replacements for the expression ${found}:\n${matches}`,
{
file,
startLine: line,
},
);
}
function annotate(file: string, fix: Fix): void {
if (fix.mismatches.length === 1) {
annotateSingle(file, fix.line, fix.mismatches[0]);
} else {
annotateMultiple(file, fix);
}
}
/**
* Annotates fixed-output derivation hash mismatches using GitHub Actions'
*
* @param output The output of `determinate-nixd fix hashes --json`
* @returns The number of annotations reported to the user
*/
export function annotateMismatches(output: FixHashesOutputV1): number {
let count = 0;
for (const { file, fixes } of output.files) {
for (const fix of fixes) {
annotate(file, fix);
count++;
}
}
return count;
}
src/events.test.ts
-65
View File
@@ -1,65 +0,0 @@
import { parseEvents, getRecentEvents } from "./events.js";
import { expect, test } from "vitest";
// Handy test for locally making sure you can fetch recent events:
// eslint-disable-next-line no-constant-condition
if (false) {
test("Parsing existing events", async () => {
expect(await getRecentEvents(new Date(Date.now() - 1000000))).toStrictEqual(
[{}],
);
});
}
test("Parsing existing events", () => {
const { events } = parseEvents([
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/m96zgji4fhi70s2zs6pq5pric6ch7p4h-stdenv-darwin.drv",
outputs: ["/nix/store/dalhfz3l75w4b4q06sxzqgb2wfydvkbv-stdenv-darwin"],
timing: null,
},
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv",
outputs: ["/nix/store/qwlgz5da3pfb53gqpgdmazaj9jczrnly-dep-1"],
timing: {
startTime: "2025-04-11T14:38:02Z",
stopTime: "2025-04-11T14:38:05Z",
durationSeconds: 3,
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: "/nix/store/ykvbksjqrza2zpj6nkbycrdfwgfdpr8g-hash-mismatch-md5-base16.drv",
timing: {
startTime: "2025-04-11T14:36:44Z",
stopTime: "2025-04-11T14:36:44Z",
durationSeconds: 0,
},
},
]);
expect(events).toStrictEqual([
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv",
timing: {
durationSeconds: 3,
startTime: new Date("2025-04-11T14:38:02Z"),
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: "/nix/store/ykvbksjqrza2zpj6nkbycrdfwgfdpr8g-hash-mismatch-md5-base16.drv",
timing: {
durationSeconds: 0,
startTime: new Date("2025-04-11T14:36:44Z"),
},
},
]);
});
src/events.ts
-89
View File
@@ -1,89 +0,0 @@
import got from "got";
export interface DEvent {
v: string;
c: string;
drv: string;
timing: {
startTime: Date;
durationSeconds: number;
};
}
export interface ParsedEventsResult {
readonly events: DEvent[];
readonly hasMismatches: boolean;
}
export function parseEvents(data: unknown): ParsedEventsResult {
let hasMismatches = false;
if (!Array.isArray(data)) {
return { events: [], hasMismatches };
}
const events = data.flatMap((event) => {
// If this was a hash mismatch event, note it and move on
if (event.v === "1" && event.c === "HashMismatchResponseEventV1") {
hasMismatches = true;
return [];
}
// Otherwise, determine if it's an event we're interested in
if (
event.v === "1" &&
(event.c === "BuildFailureResponseEventV1" ||
event.c === "BuiltPathResponseEventV1") &&
Object.hasOwn(event, "drv") &&
typeof event.drv === "string" &&
Object.hasOwn(event, "timing") &&
typeof event.timing === "object" &&
event.timing !== null
) {
const timing = event.timing as { [key: string]: unknown };
if (
Object.hasOwn(timing, "startTime") &&
typeof timing.startTime === "string" &&
Object.hasOwn(timing, "durationSeconds") &&
typeof timing.durationSeconds === "number"
) {
const date = Date.parse(timing.startTime);
if (!Number.isNaN(date)) {
return [
{
v: event.v,
c: event.c,
drv: event.drv,
timing: {
startTime: new Date(date),
durationSeconds: timing.durationSeconds,
},
},
];
}
}
}
return [];
});
return { events, hasMismatches };
}
export async function getRecentEvents(
since: Date,
): Promise<ParsedEventsResult> {
const queryParam = encodeURIComponent(since.toISOString());
const resp = await got
.get(
`http://unix:/nix/var/determinate/determinate-nixd.socket:/events/recent?since=${queryParam}`,
{
enableUnixSockets: true,
},
)
.json();
return parseEvents(resp);
}
src/failuresummary.test.ts
-275
View File
@@ -1,275 +0,0 @@
import { expect, test } from "vitest";
import {
FailureSummary,
getBuildFailures,
summarizeFailures,
} from "./failuresummary.js";
/* eslint-disable @typescript-eslint/no-non-null-assertion */
test("Select for failure events", () => {
const events = [
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv`,
timing: {
startTime: new Date(1 * 1000),
durationSeconds: 1,
},
},
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-2.drv`,
timing: {
startTime: new Date(2 * 1000),
durationSeconds: 2,
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv`,
timing: {
startTime: new Date(3 * 1000),
durationSeconds: 3,
},
},
];
expect(getBuildFailures(events)).toStrictEqual([
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv`,
timing: {
startTime: new Date(1 * 1000),
durationSeconds: 1,
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv`,
timing: {
startTime: new Date(3 * 1000),
durationSeconds: 3,
},
},
]);
});
test("Summarize Failures", async () => {
const events = [
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv`,
timing: {
startTime: new Date(1 * 1000),
durationSeconds: 1,
},
},
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-2.drv`,
timing: {
startTime: new Date(2 * 1000),
durationSeconds: 2,
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv`,
timing: {
startTime: new Date(3 * 1000),
durationSeconds: 3,
},
},
];
const logMaker = async (drv: string): Promise<string | undefined> => {
if (drv.includes("dep-1")) {
return `${drv}\n`.repeat(9).trimEnd();
} else {
return `${drv}\n`.repeat(25).trimEnd();
}
};
const summary: FailureSummary = (await summarizeFailures(events, logMaker))!;
expect(summary.markdownLines.join("\n"))
.toStrictEqual(`### Build error review :boom:
> [!NOTE]
> 2 builds failed
<details><summary>Failure log: <code>/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-<strong>dep-1</strong>.drv</code></summary>
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
</details>
<details><summary>Failure log: <code>/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-<strong>dep-3</strong>.drv</code></summary>
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
</details>
`);
expect(summary.logLines.join("\n"))
.toStrictEqual(`\u001b[38;2;255;0;0mBuild logs from 2 failures
The following build logs are also available in the Markdown summary:
::group::Failed build: /nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
::endgroup::
::group::Failed build: /nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
::endgroup::`);
});
test("Omit some logs if there are too many", async () => {
const events = [
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv`,
timing: {
startTime: new Date(1 * 1000),
durationSeconds: 1,
},
},
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-2.drv`,
timing: {
startTime: new Date(2 * 1000),
durationSeconds: 2,
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv`,
timing: {
startTime: new Date(3 * 1000),
durationSeconds: 3,
},
},
];
const logMaker = async (drv: string): Promise<string | undefined> => {
return `${drv}\n`.repeat(5).trimEnd();
};
const summary: FailureSummary = (await summarizeFailures(
events,
logMaker,
500,
))!;
expect(summary.markdownLines.join("\n"))
.toStrictEqual(`### Build error review :boom:
> [!NOTE]
> 2 builds failed
<details><summary>Failure log: <code>/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-<strong>dep-1</strong>.drv</code></summary>
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
</details>
> [!NOTE]
> The following failure has been omitted due to GitHub Actions' summary length limitations.
> The full logs are available in the post-run phase of the Nix Installer Action.
> * \`/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv\``);
expect(summary.logLines.join("\n"))
.toStrictEqual(`\u001b[38;2;255;0;0mBuild logs from 2 failures
The following build logs are also available in the Markdown summary:
::group::Failed build: /nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv
::endgroup::
The following build logs are NOT available in the Markdown summary:
::group::Failed build: /nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-3.drv
::endgroup::`);
});
src/failuresummary.ts
-124
View File
@@ -1,124 +0,0 @@
import { getExecOutput } from "@actions/exec";
import { DEvent } from "./events.js";
import { stripVTControlCharacters } from "node:util";
// CI summaries have a max length of "1024k" which I assume to be 1048576 bytes.
// Generously, the mermaid doc is about 50,000 bytes.
// Rounding it all down a bit further for wiggle room, that leaves lots of log space.
const defaultMaxSummaryLength = 995_000;
export function getBuildFailures(events: DEvent[]): DEvent[] {
return events.filter((event: DEvent): Boolean => {
return event.c === "BuildFailureResponseEventV1";
});
}
export interface FailureSummary {
logLines: string[];
markdownLines: string[];
}
export async function summarizeFailures(
events: DEvent[],
getLog: (drv: string) => Promise<string | undefined> = getLogFromNix,
maxLength: number = defaultMaxSummaryLength,
): Promise<FailureSummary | undefined> {
const failures = getBuildFailures(events);
if (failures.length === 0) {
return undefined;
}
const logLines = [];
const markdownLines = [];
logLines.push(
`\u001b[38;2;255;0;0mBuild logs from ${failures.length} failure${failures.length === 1 ? "" : "s"}`,
);
logLines.push(
`The following build logs are also available in the Markdown summary:`,
);
markdownLines.push(`### Build error review :boom:`);
markdownLines.push("> [!NOTE]");
markdownLines.push(
`> ${failures.length} build${failures.length === 1 ? "" : "s"} failed`,
);
const markdownLogChunks: {
drv: string;
txtLines: string[];
mdLines: string[];
}[] = [];
for (const event of failures) {
const markdownLogChunk = [];
const txtLogChunk = [];
txtLogChunk.push(`::group::Failed build: ${event.drv}`);
const log =
(await getLog(event.drv)) ??
"(failure reading the log for this derivation.)";
const indented = log.split("\n").map((line) => ` ${line}`);
markdownLogChunk.push(
`<details><summary>Failure log: <code>${event.drv.replace(/^(\/nix[^-]*-)(.*)(\.drv)$/, "$1<strong>$2</strong>$3")}</code></summary>`,
);
markdownLogChunk.push("");
for (const line of indented) {
txtLogChunk.push(line);
markdownLogChunk.push(stripVTControlCharacters(line));
}
markdownLogChunk.push("");
markdownLogChunk.push("</details>");
markdownLogChunk.push("");
markdownLogChunks.push({
drv: event.drv,
mdLines: markdownLogChunk,
txtLines: txtLogChunk,
});
txtLogChunk.push(`::endgroup::`);
}
const skippedChunks = [];
// Add markdown log chunks until we exceed the max length
let markdownLength = markdownLines.join("\n").length;
for (const chunk of markdownLogChunks) {
const chunkLength = chunk.mdLines.join("\n").length;
if (markdownLength + chunkLength > maxLength) {
skippedChunks.push(chunk);
} else {
logLines.push(...chunk.txtLines);
markdownLines.push(...chunk.mdLines);
markdownLength += chunkLength;
}
}
if (skippedChunks.length > 0) {
markdownLines.push(
"",
"> [!NOTE]",
`> The following ${skippedChunks.length === 1 ? "failure has" : "failures have"} been omitted due to GitHub Actions' summary length limitations.`,
"> The full logs are available in the post-run phase of the Nix Installer Action.",
);
logLines.push(
"The following build logs are NOT available in the Markdown summary:",
);
for (const chunk of skippedChunks) {
markdownLines.push(`> * \`${chunk.drv}\``);
logLines.push(...chunk.txtLines);
}
}
return { logLines, markdownLines };
}
async function getLogFromNix(drv: string): Promise<string | undefined> {
const output = await getExecOutput("nix", ["log", drv], {
silent: true,
});
return output.stdout;
}
src/fixHashes.ts
-38
View File
@@ -1,38 +0,0 @@
import { getExecOutput } from "@actions/exec";
export interface Mismatch {
readonly derivation: string;
readonly replacement: string;
}
export interface Fix {
readonly line: number;
readonly found: string;
readonly mismatches: readonly Mismatch[];
}
export interface FileFix {
readonly file: string;
readonly fixes: readonly Fix[];
}
export interface FixHashesOutputV1 {
readonly version: "v1";
readonly files: readonly FileFix[];
}
export async function getFixHashes(since: string): Promise<FixHashesOutputV1> {
const output = await getExecOutput(
"determinate-nixd",
["fix", "hashes", "--json", "--since", since],
{ silent: true },
);
if (output.exitCode !== 0) {
throw new Error(
`determinate-nixd fix hashes returned non-zero exit code ${output.exitCode} with the following error output:\n${output.stderr}`,
);
}
return JSON.parse(output.stdout);
}
src/index.ts
-1110
View File
File diff suppressed because it is too large Load Diff
src/mermaid.test.ts
-207
View File
@@ -1,207 +0,0 @@
import { mermaidify, makeMermaidReport } from "./mermaid.js";
import { DEvent, parseEvents } from "./events.js";
import { expect, test } from "vitest";
/* eslint-disable @typescript-eslint/no-non-null-assertion */
function generateEvents(count: number): DEvent[] {
const events: DEvent[] = [];
for (let i = 0; i < count; i++) {
events.push({
v: "1",
c: "BuiltPathResponseEventV1",
drv: `/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-${i}.drv`,
timing: {
startTime: new Date(i * 1000),
durationSeconds: i,
},
});
}
return events;
}
test("Empty event list returns no report", () => {
const report = makeMermaidReport([]);
expect(report).toBeUndefined();
});
test("Create a very large report doc and make sure it is small enough", () => {
const report = makeMermaidReport(generateEvents(2500))!;
// Assert the `.drv` suffix was pruned (1 reference = the NOTE at the end)
expect(report.match(/\.drv/g)!.length).equals(1);
// Assert the `/nix/store` prefix was pruned (1 reference = the NOTE at the end)
expect(report.match(/\/nix\/store\//g)!.length).equals(1);
// Assert that some events were pruned
expect(report.match(/dep-/g)!.length).lessThan(2500);
expect(report.match(/dep-/g)!.length).greaterThan(1500);
expect(report).toContain("suffix, and builds that took less than ");
expect(report.length).lessThan(50200);
expect(report.length).greaterThan(49000);
});
test("Create a medium large report doc and make sure it is small enough", () => {
const eventCount = 675;
const report = makeMermaidReport(generateEvents(eventCount))!;
// Assert the `.drv` suffix was pruned (1 reference = the NOTE at the end)
expect(report.match(/\.drv/g)!.length).equals(1);
// Assert the `/nix/store` prefix was pruned (1 reference = the NOTE at the end)
expect(report.match(/\/nix\/store\//g)!.length).equals(1);
// Assert that no lines were pruned
expect(report.match(/dep-/g)!.length).toStrictEqual(eventCount);
expect(report).toContain(
"suffixes have been removed to make the graph small enough to render",
);
expect(report.length).lessThan(50200);
expect(report.length).greaterThan(18000);
});
test("Create a small report doc and make sure it isn't pruned", () => {
const report = makeMermaidReport(generateEvents(100))!;
// Assert 100 events have the `.drv` suffix, ie: were not pruned
expect(report.match(/\.drv/g)!.length).equals(100);
// Assert 100 events have the `.drv` suffix, ie: were not pruned
expect(report.match(/\/nix\/store\//g)!.length).equals(100);
expect(report.length).lessThan(50000);
});
test("Generate a really big report and shrink it", () => {
const events = generateEvents(1000);
const originalLength = mermaidify(events, -1)!.length;
const limitedLengthZero = mermaidify(events, 0)!.length;
const limitedLengthOne = mermaidify(events, 1)!.length;
const limitedLengthTwo = mermaidify(events, 2)!.length;
expect(originalLength).greaterThan(limitedLengthZero);
expect(limitedLengthZero).greaterThan(limitedLengthOne);
expect(limitedLengthOne).greaterThan(limitedLengthTwo);
});
test("Generate a rough report of various length", () => {
const { events } = parseEvents([
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-0.drv",
outputs: ["/nix/store/qwlgz5da3pfb53gqpgdmazaj9jczrnly-dep-0"],
timing: {
startTime: "2025-04-11T14:38:02Z",
stopTime: "2025-04-11T14:38:05Z",
durationSeconds: 0,
},
},
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv",
outputs: ["/nix/store/qwlgz5da3pfb53gqpgdmazaj9jczrnly-dep-1"],
timing: {
startTime: "2025-04-11T14:38:02Z",
stopTime: "2025-04-11T14:38:05Z",
durationSeconds: 1,
},
},
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-2.drv",
outputs: ["/nix/store/qwlgz5da3pfb53gqpgdmazaj9jczrnly-dep-2"],
timing: {
startTime: "2025-04-11T14:38:02Z",
stopTime: "2025-04-11T14:38:05Z",
durationSeconds: 2,
},
},
{
v: "1",
c: "BuildFailureResponseEventV1",
drv: "/nix/store/ykvbksjqrza2zpj6nkbycrdfwgfdpr8g-hash-mismatch-md5-base16.drv",
timing: {
startTime: "2025-04-11T14:38:05Z",
stopTime: "2025-04-11T14:38:09Z",
durationSeconds: 4,
},
},
]);
expect(mermaidify(events, -1)).toStrictEqual(`\`\`\`mermaid
gantt
dateFormat X
axisFormat %Mm%Ss
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-0.drv (0s):d, 0, 0s
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-1.drv (1s):d, 0, 1s
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-2.drv (2s):d, 0, 2s
/nix/store/ykvbksjqrza2zpj6nkbycrdfwgfdpr8g-hash-mismatch-md5-base16.drv (4s):crit, 3, 4s
\`\`\``);
expect(mermaidify(events, 0)).toStrictEqual(`\`\`\`mermaid
gantt
dateFormat X
axisFormat %Mm%Ss
dep-0 (0s):d, 0, 0s
dep-1 (1s):d, 0, 1s
dep-2 (2s):d, 0, 2s
hash-mismatch-md5-base16 (4s):crit, 3, 4s
\`\`\``);
expect(mermaidify(events, 1)).toStrictEqual(`\`\`\`mermaid
gantt
dateFormat X
axisFormat %Mm%Ss
dep-1 (1s):d, 0, 1s
dep-2 (2s):d, 0, 2s
hash-mismatch-md5-base16 (4s):crit, 3, 4s
\`\`\``);
});
test("Generate a really big report and shrink it", () => {
const events = generateEvents(1000);
const originalLength = mermaidify(events, -1)!.length;
const limitedLengthZero = mermaidify(events, 0)!.length;
const limitedLengthOne = mermaidify(events, 1)!.length;
const limitedLengthTwo = mermaidify(events, 2)!.length;
expect(originalLength).greaterThan(limitedLengthZero);
expect(limitedLengthZero).greaterThan(limitedLengthOne);
expect(limitedLengthOne).greaterThan(limitedLengthTwo);
});
test("Really long builds get multi-unit timestamps", () => {
const { events } = parseEvents([
{
v: "1",
c: "BuiltPathResponseEventV1",
drv: "/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-0.drv",
outputs: ["/nix/store/qwlgz5da3pfb53gqpgdmazaj9jczrnly-dep-0"],
timing: {
startTime: "2025-04-11T14:38:02Z",
stopTime: "2026-05-14T13:32:01Z",
durationSeconds: 34383239,
},
},
]);
expect(mermaidify(events, -1)).toStrictEqual(`\`\`\`mermaid
gantt
dateFormat X
axisFormat %Mm%Ss
/nix/store/rz9hrpay90sjrid5hx3x8v606ji679xa-dep-0.drv (573053m59s):d, 0, 34383239s
\`\`\``);
});
src/mermaid.ts
-96
View File
@@ -1,96 +0,0 @@
import { DEvent } from "./events.js";
import { truncateDerivation } from "./util.js";
export function makeMermaidReport(events: DEvent[]): string | undefined {
// # 50k is the max: https://github.com/mermaid-js/mermaid/blob/c269dc822c528e1afbde34e18a1cad03d972d4fe/src/defaultConfig.js#L55
const maxLength = 49900;
let mermaid = "";
let pruneLevel = -2;
do {
pruneLevel += 1;
mermaid = mermaidify(events, pruneLevel) ?? "";
} while (mermaid.length > maxLength);
if (!mermaid) {
return undefined;
}
const lines = [
"<details open><summary><strong>Build timeline</strong> :hourglass_flowing_sand:</summary>",
"", // load bearing whitespace, deleting it breaks the details expander / markdown
mermaid,
"", // load bearing whitespace, deleting it breaks the details expander / markdown
];
if (pruneLevel === 0) {
lines.push("> [!NOTE]");
lines.push(
"> `/nix/store/[hash]` and the `.drv` suffixes have been removed to make the graph small enough to render.",
);
} else if (pruneLevel > 0) {
lines.push("> [!NOTE]");
lines.push(
`> \`/nix/store/[hash]\`, the \`.drv\` suffix, and builds that took less than ${formatDuration(pruneLevel)} have been removed to make the graph small enough to render.`,
);
}
lines.push(""); // load bearing whitespace, deleting it breaks the details expander / markdown
lines.push("</details>");
return lines.join("\n");
}
export function mermaidify(
allEvents: DEvent[],
pruneLevel: number,
): string | undefined {
const events = allEvents
.filter(
(event) =>
event.c === "BuiltPathResponseEventV1" ||
event.c === "BuildFailureResponseEventV1",
)
.sort(
(a, b) => a.timing.startTime.getTime() - b.timing.startTime.getTime(),
);
const firstEvent = events.at(0);
if (firstEvent === undefined) {
return undefined;
}
const zeroMoment = firstEvent.timing.startTime.getTime();
const lines = [
"```mermaid",
"gantt",
" dateFormat X",
" axisFormat %Mm%Ss",
];
for (const event of events) {
const duration = event.timing.durationSeconds;
if (duration < pruneLevel) {
continue;
}
const label = pruneLevel >= 0 ? truncateDerivation(event.drv) : event.drv;
const tag = event.c === "BuildFailureResponseEventV1" ? "crit" : "d";
const relativeStartTime =
(event.timing.startTime.getTime() - zeroMoment) / 1000;
lines.push(
`${label} (${formatDuration(duration)}):${tag}, ${relativeStartTime}, ${duration}s`,
);
}
lines.push("```");
return lines.join("\n");
}
function formatDuration(duration: number): string {
const durSeconds = duration % 60;
const durMinutes = (duration - durSeconds) / 60;
return `${durMinutes > 0 ? `${durMinutes}m` : ""}${durSeconds}s`;
}
src/util.ts
-3
View File
@@ -1,3 +0,0 @@
export function truncateDerivation(drv: string): string {
return drv.replace(/^\/nix\/store\/[a-z0-9]+-/, "").replace(/\.drv$/, "");
}
tsconfig.json
-15
View File
@@ -1,15 +0,0 @@
{
"compilerOptions": {
"target": "ES2022" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */,
"module": "Node16",
"moduleResolution": "NodeNext",
"outDir": "./dist",
"rootDir": "./src",
"strict": true /* Enable all strict type-checking options. */,
"noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
"resolveJsonModule": true,
"declaration": true
},
"exclude": ["node_modules", "dist"]
}
tsup.config.ts
-15
View File
@@ -1,15 +0,0 @@
import { defineConfig } from "tsup";
import { name } from "./package.json";
export default defineConfig({
name,
entry: ["src/index.ts"],
format: ["esm"],
target: "node24",
bundle: true,
splitting: false,
clean: true,
dts: {
resolve: true,
},
});
vitest.config.ts
-5
View File
@@ -1,5 +0,0 @@
export default {
test: {
exclude: ["**/node_modules/**", "**/.direnv/**"],
},
};