Compare commits
26 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 detsys-pr-bot
|
da36cb69b1 | ||
|
detsys-pr-bot
|
1406b8b52c | ||
|
detsys-pr-bot
|
197bf2b2a5 | ||
|
detsys-pr-bot
|
452d9c7008 | ||
|
Graham Christensen
|
033f039e5c | ||
|
detsys-pr-bot
|
468e81bb99 | ||
|
Luc Perkins
|
b164ca3241 | ||
|
lucperkins
|
055e848f13 | ||
|
Graham Christensen
|
d41fccdd9e | ||
|
Graham Christensen
|
ab6bcb2d5a | ||
|
Graham Christensen
|
0d82cb015a | ||
|
Luc Perkins
|
2a2ecc1e15 | ||
|
Luc Perkins
|
9e19e84fa9 | ||
|
detsys-pr-bot
|
dc8972520c | ||
|
Luc Perkins
|
7ad5c49547 | ||
|
Luc Perkins
|
17a448a97b | ||
|
lucperkins
|
45cb2f89ca | ||
|
lucperkins
|
47dc48605c | ||
|
Luc Perkins
|
4b8e190ea5 | ||
|
Cole Helbling
|
8c320971f9 | ||
|
Graham Christensen
|
7b943f9a7e | ||
|
Graham Christensen
|
40e4bc1e80 | ||
|
Luc Perkins
|
9d5faf48ab | ||
|
Luc Perkins
|
f92f10828b | ||
|
Graham Christensen
|
1025a55627 | ||
|
Graham Christensen
|
5adb94fc48 |
@@ -128,12 +128,6 @@ jobs:
|
||||
cat -n /etc/nix/nix.conf
|
||||
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
|
||||
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
|
||||
- name: Breakpoint if tests failed
|
||||
if: failure()
|
||||
uses: namespacelabs/breakpoint-action@v0
|
||||
with:
|
||||
duration: 5m
|
||||
authorized-users: grahamc
|
||||
|
||||
install-nix-macos:
|
||||
name: Run test suite for macOS systems
|
||||
@@ -217,12 +211,6 @@ jobs:
|
||||
cat /etc/nix/nix.conf
|
||||
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
|
||||
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
|
||||
- name: Breakpoint if tests failed
|
||||
if: failure()
|
||||
uses: namespacelabs/breakpoint-action@v0
|
||||
with:
|
||||
duration: 5m
|
||||
authorized-users: grahamc
|
||||
|
||||
install-with-non-default-source-inputs:
|
||||
name: Install Nix using non-default source-${{ matrix.inputs.key }}
|
||||
|
||||
@@ -110,7 +110,7 @@ Differing from the upstream [Nix](https://github.com/NixOS/nix) installer script
|
||||
| `source-pr` | The pull request of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, and `source-branch`) | integer | |
|
||||
| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, and `source-pr`) | string | |
|
||||
| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | string | |
|
||||
| `source-url` | A URL pointing to a `nix-installer.sh` script | URL | `https://install.determinate.systems/nix` |
|
||||
| `source-url` | A URL pointing to the `nix-installer` binary | URL | n/a (calculated) |
|
||||
| `nix-package-url` | The Nix package URL | URL | |
|
||||
| `planner` | The installation [planner] to use | enum (`linux` or `macos`) | |
|
||||
| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | Boolean | `false` |
|
||||
|
||||
+5763
-561
File diff suppressed because it is too large
Load Diff
+5
-4
@@ -29,21 +29,22 @@
|
||||
"@actions/exec": "^1.1.1",
|
||||
"@actions/github": "^5.1.1",
|
||||
"detsys-ts": "github:DeterminateSystems/detsys-ts",
|
||||
"got": "^14.3.0",
|
||||
"string-argv": "^0.3.2"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@trivago/prettier-plugin-sort-imports": "^4.3.0",
|
||||
"@types/node": "^20.12.13",
|
||||
"@types/node": "^20.14.0",
|
||||
"@types/uuid": "^9.0.8",
|
||||
"@typescript-eslint/eslint-plugin": "^7.11.0",
|
||||
"@typescript-eslint/eslint-plugin": "^7.12.0",
|
||||
"@vercel/ncc": "^0.38.1",
|
||||
"eslint": "^8.57.0",
|
||||
"eslint-import-resolver-typescript": "^3.6.1",
|
||||
"eslint-plugin-github": "^4.10.2",
|
||||
"eslint-plugin-import": "^2.29.1",
|
||||
"eslint-plugin-prettier": "^5.1.3",
|
||||
"prettier": "^3.2.5",
|
||||
"tsup": "^8.0.2",
|
||||
"prettier": "^3.3.0",
|
||||
"tsup": "^8.1.0",
|
||||
"typescript": "^5.4.5"
|
||||
}
|
||||
}
|
||||
|
||||
Generated
+430
-176
File diff suppressed because it is too large
Load Diff
+102
-17
@@ -1,14 +1,15 @@
|
||||
import * as actionsCore from "@actions/core";
|
||||
import * as github from "@actions/github";
|
||||
import * as actionsExec from "@actions/exec";
|
||||
import { access, writeFile, readFile } from "node:fs/promises";
|
||||
import { access, writeFile, readFile, mkdir } from "node:fs/promises";
|
||||
import { join } from "node:path";
|
||||
import fs from "node:fs";
|
||||
import { userInfo } from "node:os";
|
||||
import stringArgv from "string-argv";
|
||||
import * as path from "path";
|
||||
import { DetSysAction, inputs, platform } from "detsys-ts";
|
||||
import { DetSysAction, inputs, platform, stringifyError } from "detsys-ts";
|
||||
import { randomUUID } from "node:crypto";
|
||||
import got from "got";
|
||||
|
||||
// Nix installation events
|
||||
const EVENT_INSTALL_NIX_FAILURE = "install_nix_failure";
|
||||
@@ -117,6 +118,7 @@ class NixInstallerAction extends DetSysAction {
|
||||
}
|
||||
|
||||
async main(): Promise<void> {
|
||||
await this.scienceDebugFly();
|
||||
await this.detectAndForceDockerShim();
|
||||
await this.install();
|
||||
}
|
||||
@@ -145,6 +147,44 @@ class NixInstallerAction extends DetSysAction {
|
||||
);
|
||||
}
|
||||
|
||||
async scienceDebugFly(): Promise<void> {
|
||||
try {
|
||||
const feat = this.getFeature("debug-probe-urls");
|
||||
if (feat === undefined || feat.payload === undefined) {
|
||||
return;
|
||||
}
|
||||
|
||||
const { timeoutMs, url }: { timeoutMs: number; url: string } = JSON.parse(
|
||||
feat.payload,
|
||||
);
|
||||
try {
|
||||
const resp = await got.get(url, {
|
||||
timeout: {
|
||||
request: timeoutMs,
|
||||
},
|
||||
});
|
||||
|
||||
this.recordEvent("debug-probe-urls:response", {
|
||||
debug_probe_urls_ip: resp.ip, // eslint-disable-line camelcase
|
||||
debug_probe_urls_ok: resp.ok, // eslint-disable-line camelcase
|
||||
debug_probe_urls_status_code: resp.statusCode, // eslint-disable-line camelcase
|
||||
debug_probe_urls_body: resp.body, // eslint-disable-line camelcase
|
||||
// eslint-disable-next-line camelcase
|
||||
debug_probe_urls_elapsed:
|
||||
(resp.timings.end ?? 0) - resp.timings.start,
|
||||
});
|
||||
} catch (e: unknown) {
|
||||
this.recordEvent("debug-probe-urls:exception", {
|
||||
debug_probe_urls_exception: stringifyError(e), // eslint-disable-line camelcase
|
||||
});
|
||||
}
|
||||
} catch (err: unknown) {
|
||||
this.recordEvent("debug-probe-urls:error", {
|
||||
exception: stringifyError(err),
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// Detect if we're in a GHA runner which is Linux, doesn't have Systemd, and does have Docker.
|
||||
// This is a common case in self-hosted runners, providers like [Namespace](https://namespace.so/),
|
||||
// and especially GitHub Enterprise Server.
|
||||
@@ -530,7 +570,7 @@ class NixInstallerAction extends DetSysAction {
|
||||
|
||||
if (this.extraArgs) {
|
||||
const extraArgs = stringArgv(this.extraArgs);
|
||||
args.concat(extraArgs);
|
||||
args.push(...extraArgs);
|
||||
}
|
||||
|
||||
this.recordEvent(EVENT_INSTALL_NIX_START);
|
||||
@@ -648,6 +688,55 @@ class NixInstallerAction extends DetSysAction {
|
||||
|
||||
{
|
||||
actionsCore.debug("Starting the Nix daemon through Docker...");
|
||||
|
||||
const candidateDirectories = [
|
||||
{
|
||||
dir: "/bin",
|
||||
readOnly: true,
|
||||
},
|
||||
{
|
||||
dir: "/etc",
|
||||
readOnly: true,
|
||||
},
|
||||
{
|
||||
dir: "/home",
|
||||
readOnly: true,
|
||||
},
|
||||
{
|
||||
dir: "/lib",
|
||||
readOnly: true,
|
||||
},
|
||||
{
|
||||
dir: "/lib64",
|
||||
readOnly: true,
|
||||
},
|
||||
{
|
||||
dir: "/tmp",
|
||||
readOnly: false,
|
||||
},
|
||||
{
|
||||
dir: "/nix",
|
||||
readOnly: false,
|
||||
},
|
||||
];
|
||||
|
||||
const mountArguments = [];
|
||||
|
||||
for (const { dir, readOnly } of candidateDirectories) {
|
||||
try {
|
||||
await access(dir);
|
||||
actionsCore.debug(`Will mount ${dir} in the docker shim.`);
|
||||
mountArguments.push("--mount");
|
||||
mountArguments.push(
|
||||
`type=bind,src=${dir},dst=${dir}${readOnly ? ",readonly" : ""}`,
|
||||
);
|
||||
} catch {
|
||||
actionsCore.debug(
|
||||
`Not mounting ${dir} in the docker shim: it doesn't appear to exist.`,
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
this.recordEvent(EVENT_START_DOCKER_SHIM);
|
||||
const exitCode = await actionsExec.exec(
|
||||
"docker",
|
||||
@@ -659,25 +748,14 @@ class NixInstallerAction extends DetSysAction {
|
||||
"--network=host",
|
||||
"--userns=host",
|
||||
"--pid=host",
|
||||
"--mount",
|
||||
"type=bind,src=/bin,dst=/bin,readonly",
|
||||
"--mount",
|
||||
"type=bind,src=/lib,dst=/lib,readonly",
|
||||
"--mount",
|
||||
"type=bind,src=/home,dst=/home,readonly",
|
||||
"--mount",
|
||||
"type=bind,src=/tmp,dst=/tmp",
|
||||
"--mount",
|
||||
"type=bind,src=/nix,dst=/nix",
|
||||
"--mount",
|
||||
"type=bind,src=/etc,dst=/etc,readonly",
|
||||
"--restart",
|
||||
"always",
|
||||
"--init",
|
||||
"--name",
|
||||
`determinate-nix-shim-${this.getUniqueId()}-${randomUUID()}`,
|
||||
"determinate-nix-shim:latest",
|
||||
],
|
||||
]
|
||||
.concat(mountArguments)
|
||||
.concat(["determinate-nix-shim:latest"]),
|
||||
{
|
||||
silent: true,
|
||||
listeners: {
|
||||
@@ -776,10 +854,17 @@ class NixInstallerAction extends DetSysAction {
|
||||
netrcPath,
|
||||
[
|
||||
`machine api.flakehub.com login flakehub password ${jwt}`,
|
||||
`machine cache.flakehub.com login flakehub password ${jwt}`,
|
||||
`machine flakehub.com login flakehub password ${jwt}`,
|
||||
].join("\n"),
|
||||
);
|
||||
|
||||
const flakehubAuthDir = `${process.env["XDG_CONFIG_HOME"] || `${process.env["HOME"]}/.config`}/flakehub`;
|
||||
await mkdir(flakehubAuthDir, { recursive: true });
|
||||
const flakehubAuthPath = `${flakehubAuthDir}/auth`;
|
||||
|
||||
await writeFile(flakehubAuthPath, jwt);
|
||||
|
||||
actionsCore.info("Logging in to FlakeHub.");
|
||||
|
||||
// the join followed by a match on ^... looks silly, but extra_config
|
||||
|
||||
Reference in New Issue
Block a user