pnpm run all

.github/verify-version.sh

@@ -7,8 +7,9 @@ EXPECTED_VERSION="${1}"
 
 INSTALLED_NIX_VERSION_OUTPUT=$(nix --version)
 INSTALLED_NIX_VERSION=$(echo "${INSTALLED_NIX_VERSION_OUTPUT}" | awk '{print $NF}')
+EXPECTED_OUTPUT="nix (Nix) ${EXPECTED_VERSION}"
 
-if [ "${INSTALLED_NIX_VERSION}" != "${EXPECTED_VERSION}" ]; then
+if [ "${INSTALLED_NIX_VERSION_OUTPUT}" != "${EXPECTED_OUTPUT}" ]; then
   echo "Nix version ${INSTALLED_NIX_VERSION} didn't match expected version ${EXPECTED_VERSION}"
   exit 1
 else

.github/workflows/ci.yml

@@ -78,7 +78,7 @@ jobs:
         run: echo $PATH
 
       - name: Render the devshell
-        if: (success() || failure()) && matrix.runner != 'macos-13-large' && matrix.runner != 'macos-14-large'
+        if: success() || failure()
         run: |
           nix develop --command date
 
@@ -150,10 +150,14 @@ jobs:
     strategy:
       matrix:
         inputs:
-          # https://github.com/DeterminateSystems/nix-installer/blob/v3.11.3
+          # https://github.com/DeterminateSystems/nix-installer/blob/v0.18.0
           - key: url
-            value: https://github.com/DeterminateSystems/nix-installer/releases/download/v3.11.3/nix-installer-x86_64-linux
-            nix-version: "2.31.2" # 3.11.3 is based on 2.31.2
+            value: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.18.0/nix-installer-x86_64-linux
+            nix-version: "2.21.2"
+          # https://github.com/DeterminateSystems/nix-installer/tree/7011c077ec491da410fbc39f68676b0908b9ce7e
+          - key: revision
+            value: 7011c077ec491da410fbc39f68676b0908b9ce7e
+            nix-version: "2.19.2"
 
     steps:
       - uses: actions/checkout@v4

README.md

@@ -96,7 +96,7 @@ Differing from the upstream [Nix](https://github.com/NixOS/nix) installer script
 | Parameter               | Description                                                                                                                                                                                                                                                                    | Type                                       | Default                                                        |
 | :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------- | :------------------------------------------------------------- |
 | `backtrace`             | The setting for [`RUST_BACKTRACE`][backtrace]                                                                                                                                                                                                                                  | string                                     |                                                                |
-| `determinate`           | Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches.                                                                                                                                      | Boolean                                    | `true`                                                         |
+| `determinate`           | Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches.                                                                                                                                      | Boolean                                    | `false`                                                        |
 | `extra-args`            | Extra arguments to pass to the planner (prefer using structured `with:` arguments unless using a custom [planner]!)                                                                                                                                                            | string                                     |                                                                |
 | `extra-conf`            | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)                                                                                                                                | string                                     |                                                                |
 | `flakehub`              | Deprecated. Implies `determinate`.                                                                                                                                                                                                                                             | Boolean                                    | `false`                                                        |

action.yml

@@ -10,7 +10,7 @@ inputs:
   determinate:
     description: |
       Whether to install [Determinate Nix](https://determinate.systems/enterprise) and log in to FlakeHub for private Flakes and binary caches.
-    default: true
+    default: false
   extra-args:
     description: Extra args to pass to the planner (prefer using structured `with:` arguments unless using a custom planner!)
     required: false

flake.nix

@@ -9,7 +9,7 @@
 
   outputs = { self, flake-schemas, nixpkgs }:
     let
-      supportedSystems = [ "x86_64-linux" "aarch64-darwin" "aarch64-linux" ];
+      supportedSystems = [ "x86_64-linux" "aarch64-darwin" "aarch64-linux" "x86_64-darwin" ];
       forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
         pkgs = import nixpkgs { inherit system; };
       });

package.json

@@ -29,24 +29,24 @@
     "@actions/core": "^1.11.1",
     "@actions/exec": "^1.1.1",
     "@actions/github": "^6.0.1",
-    "detsys-ts": "github:DeterminateSystems/detsys-ts",
-    "got": "^14.6.2",
+    "detsys-ts": "github:DeterminateSystems/detsys-ts#gustavderdrache/write-correlation",
+    "got": "^14.4.7",
     "string-argv": "^0.3.2",
-    "vitest": "^3.2.4"
+    "vitest": "^3.2.0"
   },
   "devDependencies": {
     "@trivago/prettier-plugin-sort-imports": "^4.3.0",
-    "@types/node": "^20.19.24",
+    "@types/node": "^20.17.57",
     "@types/uuid": "^9.0.8",
     "@typescript-eslint/eslint-plugin": "^7.18.0",
-    "@vercel/ncc": "^0.38.4",
+    "@vercel/ncc": "^0.38.3",
     "eslint": "^8.57.1",
     "eslint-import-resolver-typescript": "^3.10.1",
     "eslint-plugin-github": "^4.10.2",
-    "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-prettier": "^5.5.4",
-    "prettier": "^3.6.2",
+    "eslint-plugin-import": "^2.31.0",
+    "eslint-plugin-prettier": "^5.4.1",
+    "prettier": "^3.5.3",
     "tsup": "^8.5.0",
-    "typescript": "^5.9.3"
+    "typescript": "^5.8.3"
   }
 }

src/index.ts

@@ -12,7 +12,7 @@ import got from "got";
 import { setTimeout } from "node:timers/promises";
 import { getFixHashes } from "./fixHashes.js";
 import { annotateMismatches } from "./annotate.js";
-import { DEvent, getRecentEvents } from "./events.js";
+import { getRecentEvents } from "./events.js";
 import { makeMermaidReport } from "./mermaid.js";
 import { summarizeFailures } from "./failuresummary.js";
 import { SpawnOptions, spawn } from "node:child_process";
@@ -20,15 +20,12 @@ import { SpawnOptions, spawn } from "node:child_process";
 // Nix installation events
 const EVENT_INSTALL_NIX_FAILURE = "install_nix_failure";
 const EVENT_INSTALL_NIX_START = "install_nix_start";
-const EVENT_INSTALL_NIX_SUCCESS = "install_nix_success";
+const EVENT_INSTALL_NIX_SUCCESS = "install_nix_start";
 const EVENT_SETUP_KVM = "setup_kvm";
 const EVENT_UNINSTALL_NIX = "uninstall";
 
 // FlakeHub events
-const EVENT_LOGIN_START = "flakehub-login:start";
-const EVENT_LOGIN_FAILURE = "flakehub-login:failure";
-const EVENT_LOGIN_SUCCESS = "flakehub-login:success";
-const EVENT_LOGIN_END = "flakehub-login:end";
+const EVENT_LOGIN_TO_FLAKEHUB = "login_to_flakehub";
 
 // Other events
 const EVENT_CONCLUDE_JOB = "conclude_job";
@@ -48,7 +45,6 @@ const FACT_SENT_SIGTERM = "sent_sigterm";
 
 // Flags
 const FLAG_DETERMINATE = "--determinate";
-const FLAG_PREFER_UPSTREAM_NIX = "--prefer-upstream-nix";
 
 // Pre/post state keys
 const STATE_DAEMONDIR = "DNI_DAEMONDIR";
@@ -90,20 +86,6 @@ class NixInstallerAction extends DetSysAction {
   runnerOs: string | undefined;
 
   constructor() {
-    if (platform.getArchOs() === "X64-macOS") {
-      // Holy guacamole this is ugly
-      actionsCore.error(
-        "Determinate Nix Installer no longer supports macOS on Intel. Please migrate to Apple Silicon, and use Nix's built-in Rosetta support to build for Intel. See: https://github.com/DeterminateSystems/nix-src/issues/224",
-      );
-      const sourceTag = inputs.getStringOrUndefined("source-tag");
-      if (sourceTag === undefined) {
-        actionsCore.notice(
-          "Pinning the installer tag to v3.12.2 (the last version to support Intel Macs) as a temporary fallback.",
-        );
-        process.env["INPUT_SOURCE-TAG"] = "v3.12.2";
-      }
-    }
-
     super({
       name: "nix-installer",
       fetchStyle: "nix-style",
@@ -156,10 +138,10 @@ class NixInstallerAction extends DetSysAction {
   }
 
   async main(): Promise<void> {
-    actionsCore.saveState(STATE_START_DATETIME, new Date().toISOString());
     await this.scienceDebugFly();
     await this.detectAndForceNoSystemd();
     await this.install();
+    actionsCore.saveState(STATE_START_DATETIME, new Date().toISOString());
   }
 
   async post(): Promise<void> {
@@ -300,7 +282,7 @@ class NixInstallerAction extends DetSysAction {
     }
 
     if (this.nixBuildUserBase !== null) {
-      executionEnv.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nixBuildUserBase}`;
+      executionEnv.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nixBuildUserCount}`;
     }
 
     if (this.nixPackageUrl !== null) {
@@ -447,8 +429,6 @@ class NixInstallerAction extends DetSysAction {
       if (this.extraArgs && !this.extraArgs.includes(FLAG_DETERMINATE)) {
         args.push(FLAG_DETERMINATE);
       }
-    } else {
-      args.push(FLAG_PREFER_UPSTREAM_NIX);
     }
 
     return args;
@@ -636,8 +616,6 @@ class NixInstallerAction extends DetSysAction {
     const startDate = new Date(actionsCore.getState(STATE_START_DATETIME));
     const { events, hasMismatches } = await getRecentEvents(startDate);
 
-    await this.reportPassFailCount(events);
-
     const mermaidSummary = makeMermaidReport(events);
     const failureSummary = await summarizeFailures(events);
 
@@ -688,29 +666,6 @@ class NixInstallerAction extends DetSysAction {
     }
   }
 
-  async reportPassFailCount(events: DEvent[]): Promise<void> {
-    let built = 0;
-    let failed = 0;
-    let unknown = 0;
-
-    for (const event of events) {
-      switch (event.c) {
-        case "BuiltPathResponseEventV1":
-          built++;
-          break;
-        case "BuildFailureResponseEventV1":
-          failed++;
-          break;
-        default:
-          unknown++;
-      }
-    }
-
-    this.addFact("nix_builds_succeeded", built);
-    this.addFact("nix_builds_failed", failed);
-    this.addFact("nix_builds_unknown_event", unknown);
-  }
-
   async setGithubPath(): Promise<void> {
     // Interim versions of the `nix-installer` crate may have already manipulated `$GITHUB_PATH`, as root even! Accessing that will be an error.
     try {
@@ -735,8 +690,6 @@ class NixInstallerAction extends DetSysAction {
   }
 
   async flakehubLogin(): Promise<void> {
-    this.recordEvent(EVENT_LOGIN_START);
-
     const canLogin =
       process.env["ACTIONS_ID_TOKEN_REQUEST_URL"] &&
       process.env["ACTIONS_ID_TOKEN_REQUEST_TOKEN"];
@@ -747,20 +700,14 @@ class NixInstallerAction extends DetSysAction {
       const head = pr?.head?.repo?.full_name;
 
       if (pr && base !== head) {
-        this.recordEvent(EVENT_LOGIN_FAILURE, { reason: "fork" });
-        this.recordEvent(EVENT_LOGIN_END);
-
         actionsCore.info(
-          `FlakeHub is disabled because this is a fork. GitHub Actions does not allow OIDC authentication from forked repositories ("${head}" is not from the same repository as "${base}").`,
+          `Not logging in to FlakeHub: GitHub Actions does not allow OIDC authentication from forked repositories ("${head}" is not the same repository as "${base}").`,
         );
         return;
       }
 
-      this.recordEvent(EVENT_LOGIN_FAILURE, { reason: "not-configured" });
-      this.recordEvent(EVENT_LOGIN_END);
-
       actionsCore.info(
-        "FlakeHub is disabled because the workflow is misconfigured. Please make sure that `id-token: write` and `contents: read` are set for this step's (or job's) permissions so that GitHub Actions provides OIDC token endpoints.",
+        `Not logging in to FlakeHub: GitHub Actions has not provided OIDC token endpoints; please make sure that \`id-token: write\` and \`contents: read\` are set for this step's (or job's) permissions.`,
       );
       actionsCore.info(
         `For more information, see https://docs.determinate.systems/guides/github-actions/#nix-installer-action`,
@@ -769,18 +716,15 @@ class NixInstallerAction extends DetSysAction {
     }
 
     actionsCore.startGroup("Logging in to FlakeHub");
+    this.recordEvent(EVENT_LOGIN_TO_FLAKEHUB);
     try {
       await actionsExec.exec(`determinate-nixd`, ["login", "github-action"]);
-      this.recordEvent(EVENT_LOGIN_SUCCESS);
     } catch (e: unknown) {
       actionsCore.warning(`FlakeHub Login failure: ${stringifyError(e)}`);
-      this.recordEvent(EVENT_LOGIN_FAILURE, {
-        reason: "failed",
+      this.recordEvent("flakehub-login:failure", {
         exception: stringifyError(e),
       });
     }
-
-    this.recordEvent(EVENT_LOGIN_END);
     actionsCore.endGroup();
   }