Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 gustavderdrache
|
786fff0690 | ||
|
gustavderdrache
|
f161ab07ed | ||
|
gustavderdrache
|
61ce7897f4 | ||
|
gustavderdrache
|
44f3801e21 | ||
|
gustavderdrache
|
cb6d4e86fa | ||
|
gustavderdrache
|
e686131f84 | ||
|
Graham Christensen
|
2c3a2981f1 | ||
|
detsys-pr-bot
|
18b667a294 | ||
|
detsys-pr-bot
|
428f3c64a3 |
+30737
-26548
File diff suppressed because one or more lines are too long
+4
-4
@@ -30,13 +30,13 @@
|
||||
"@actions/exec": "^1.1.1",
|
||||
"@actions/github": "^6.0.1",
|
||||
"detsys-ts": "github:DeterminateSystems/detsys-ts",
|
||||
"got": "^14.4.7",
|
||||
"got": "^14.4.8",
|
||||
"string-argv": "^0.3.2",
|
||||
"vitest": "^3.2.4"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@trivago/prettier-plugin-sort-imports": "^4.3.0",
|
||||
"@types/node": "^20.19.7",
|
||||
"@types/node": "^20.19.12",
|
||||
"@types/uuid": "^9.0.8",
|
||||
"@typescript-eslint/eslint-plugin": "^7.18.0",
|
||||
"@vercel/ncc": "^0.38.3",
|
||||
@@ -44,9 +44,9 @@
|
||||
"eslint-import-resolver-typescript": "^3.10.1",
|
||||
"eslint-plugin-github": "^4.10.2",
|
||||
"eslint-plugin-import": "^2.32.0",
|
||||
"eslint-plugin-prettier": "^5.5.1",
|
||||
"eslint-plugin-prettier": "^5.5.4",
|
||||
"prettier": "^3.6.2",
|
||||
"tsup": "^8.5.0",
|
||||
"typescript": "^5.8.3"
|
||||
"typescript": "^5.9.2"
|
||||
}
|
||||
}
|
||||
|
||||
Generated
+362
-404
File diff suppressed because it is too large
Load Diff
+48
-9
@@ -12,7 +12,7 @@ import got from "got";
|
||||
import { setTimeout } from "node:timers/promises";
|
||||
import { getFixHashes } from "./fixHashes.js";
|
||||
import { annotateMismatches } from "./annotate.js";
|
||||
import { getRecentEvents } from "./events.js";
|
||||
import { DEvent, getRecentEvents } from "./events.js";
|
||||
import { makeMermaidReport } from "./mermaid.js";
|
||||
import { summarizeFailures } from "./failuresummary.js";
|
||||
import { SpawnOptions, spawn } from "node:child_process";
|
||||
@@ -20,12 +20,15 @@ import { SpawnOptions, spawn } from "node:child_process";
|
||||
// Nix installation events
|
||||
const EVENT_INSTALL_NIX_FAILURE = "install_nix_failure";
|
||||
const EVENT_INSTALL_NIX_START = "install_nix_start";
|
||||
const EVENT_INSTALL_NIX_SUCCESS = "install_nix_start";
|
||||
const EVENT_INSTALL_NIX_SUCCESS = "install_nix_success";
|
||||
const EVENT_SETUP_KVM = "setup_kvm";
|
||||
const EVENT_UNINSTALL_NIX = "uninstall";
|
||||
|
||||
// FlakeHub events
|
||||
const EVENT_LOGIN_TO_FLAKEHUB = "login_to_flakehub";
|
||||
const EVENT_LOGIN_START = "flakehub-login:start";
|
||||
const EVENT_LOGIN_FAILURE = "flakehub-login:failure";
|
||||
const EVENT_LOGIN_SUCCESS = "flakehub-login:success";
|
||||
const EVENT_LOGIN_END = "flakehub-login:end";
|
||||
|
||||
// Other events
|
||||
const EVENT_CONCLUDE_JOB = "conclude_job";
|
||||
@@ -138,10 +141,10 @@ class NixInstallerAction extends DetSysAction {
|
||||
}
|
||||
|
||||
async main(): Promise<void> {
|
||||
actionsCore.saveState(STATE_START_DATETIME, new Date().toISOString());
|
||||
await this.scienceDebugFly();
|
||||
await this.detectAndForceNoSystemd();
|
||||
await this.install();
|
||||
actionsCore.saveState(STATE_START_DATETIME, new Date().toISOString());
|
||||
}
|
||||
|
||||
async post(): Promise<void> {
|
||||
@@ -282,7 +285,7 @@ class NixInstallerAction extends DetSysAction {
|
||||
}
|
||||
|
||||
if (this.nixBuildUserBase !== null) {
|
||||
executionEnv.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nixBuildUserCount}`;
|
||||
executionEnv.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nixBuildUserBase}`;
|
||||
}
|
||||
|
||||
if (this.nixPackageUrl !== null) {
|
||||
@@ -616,6 +619,8 @@ class NixInstallerAction extends DetSysAction {
|
||||
const startDate = new Date(actionsCore.getState(STATE_START_DATETIME));
|
||||
const { events, hasMismatches } = await getRecentEvents(startDate);
|
||||
|
||||
await this.reportPassFailCount(events);
|
||||
|
||||
const mermaidSummary = makeMermaidReport(events);
|
||||
const failureSummary = await summarizeFailures(events);
|
||||
|
||||
@@ -666,6 +671,29 @@ class NixInstallerAction extends DetSysAction {
|
||||
}
|
||||
}
|
||||
|
||||
async reportPassFailCount(events: DEvent[]): Promise<void> {
|
||||
let built = 0;
|
||||
let failed = 0;
|
||||
let unknown = 0;
|
||||
|
||||
for (const event of events) {
|
||||
switch (event.c) {
|
||||
case "BuiltPathResponseEventV1":
|
||||
built++;
|
||||
break;
|
||||
case "BuildFailureResponseEventV1":
|
||||
failed++;
|
||||
break;
|
||||
default:
|
||||
unknown++;
|
||||
}
|
||||
}
|
||||
|
||||
this.addFact("nix_builds_succeeded", built);
|
||||
this.addFact("nix_builds_failed", failed);
|
||||
this.addFact("nix_builds_unknown_event", unknown);
|
||||
}
|
||||
|
||||
async setGithubPath(): Promise<void> {
|
||||
// Interim versions of the `nix-installer` crate may have already manipulated `$GITHUB_PATH`, as root even! Accessing that will be an error.
|
||||
try {
|
||||
@@ -690,6 +718,8 @@ class NixInstallerAction extends DetSysAction {
|
||||
}
|
||||
|
||||
async flakehubLogin(): Promise<void> {
|
||||
this.recordEvent(EVENT_LOGIN_START);
|
||||
|
||||
const canLogin =
|
||||
process.env["ACTIONS_ID_TOKEN_REQUEST_URL"] &&
|
||||
process.env["ACTIONS_ID_TOKEN_REQUEST_TOKEN"];
|
||||
@@ -700,14 +730,20 @@ class NixInstallerAction extends DetSysAction {
|
||||
const head = pr?.head?.repo?.full_name;
|
||||
|
||||
if (pr && base !== head) {
|
||||
this.recordEvent(EVENT_LOGIN_FAILURE, { reason: "fork" });
|
||||
this.recordEvent(EVENT_LOGIN_END);
|
||||
|
||||
actionsCore.info(
|
||||
`Not logging in to FlakeHub: GitHub Actions does not allow OIDC authentication from forked repositories ("${head}" is not the same repository as "${base}").`,
|
||||
`FlakeHub is disabled because this is a fork. GitHub Actions does not allow OIDC authentication from forked repositories ("${head}" is not from the same repository as "${base}").`,
|
||||
);
|
||||
return;
|
||||
}
|
||||
|
||||
this.recordEvent(EVENT_LOGIN_FAILURE, { reason: "not-configured" });
|
||||
this.recordEvent(EVENT_LOGIN_END);
|
||||
|
||||
actionsCore.info(
|
||||
`Not logging in to FlakeHub: GitHub Actions has not provided OIDC token endpoints; please make sure that \`id-token: write\` and \`contents: read\` are set for this step's (or job's) permissions.`,
|
||||
"FlakeHub is disabled because the workflow is misconfigured. Please make sure that `id-token: write` and `contents: read` are set for this step's (or job's) permissions so that GitHub Actions provides OIDC token endpoints.",
|
||||
);
|
||||
actionsCore.info(
|
||||
`For more information, see https://docs.determinate.systems/guides/github-actions/#nix-installer-action`,
|
||||
@@ -716,15 +752,18 @@ class NixInstallerAction extends DetSysAction {
|
||||
}
|
||||
|
||||
actionsCore.startGroup("Logging in to FlakeHub");
|
||||
this.recordEvent(EVENT_LOGIN_TO_FLAKEHUB);
|
||||
try {
|
||||
await actionsExec.exec(`determinate-nixd`, ["login", "github-action"]);
|
||||
this.recordEvent(EVENT_LOGIN_SUCCESS);
|
||||
} catch (e: unknown) {
|
||||
actionsCore.warning(`FlakeHub Login failure: ${stringifyError(e)}`);
|
||||
this.recordEvent("flakehub-login:failure", {
|
||||
this.recordEvent(EVENT_LOGIN_FAILURE, {
|
||||
reason: "failed",
|
||||
exception: stringifyError(e),
|
||||
});
|
||||
}
|
||||
|
||||
this.recordEvent(EVENT_LOGIN_END);
|
||||
actionsCore.endGroup();
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user