DeterminateSystems/nix-installer-action
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: DeterminateSystems/nix-installer-action:v5
Branches Tags
DeterminateSystems/nix-installer-action:main DeterminateSystems/nix-installer-action:actions-pinning DeterminateSystems/nix-installer-action:push-zutqoklymuso DeterminateSystems/nix-installer-action:gustavderdrache/write-correlation DeterminateSystems/nix-installer-action:biomejs DeterminateSystems/nix-installer-action:curl-data DeterminateSystems/nix-installer-action:colemickens/debug DeterminateSystems/nix-installer-action:try-env-style-settings DeterminateSystems/nix-installer-action:test-extra-conf
DeterminateSystems/nix-installer-action:v22 DeterminateSystems/nix-installer-action:v21 DeterminateSystems/nix-installer-action:v20 DeterminateSystems/nix-installer-action:v19 DeterminateSystems/nix-installer-action:v18 DeterminateSystems/nix-installer-action:v17 DeterminateSystems/nix-installer-action:v16 DeterminateSystems/nix-installer-action:v15 DeterminateSystems/nix-installer-action:v14 DeterminateSystems/nix-installer-action:v13 DeterminateSystems/nix-installer-action:v12 DeterminateSystems/nix-installer-action:v11 DeterminateSystems/nix-installer-action:v10 DeterminateSystems/nix-installer-action:v9 DeterminateSystems/nix-installer-action:v8 DeterminateSystems/nix-installer-action:v7 DeterminateSystems/nix-installer-action:v6 DeterminateSystems/nix-installer-action:v5 DeterminateSystems/nix-installer-action:v4 DeterminateSystems/nix-installer-action:v3 DeterminateSystems/nix-installer-action:v2 DeterminateSystems/nix-installer-action:v1
..
compare: DeterminateSystems/nix-installer-action:v11
Branches Tags
DeterminateSystems/nix-installer-action:actions-pinning DeterminateSystems/nix-installer-action:main DeterminateSystems/nix-installer-action:push-zutqoklymuso DeterminateSystems/nix-installer-action:gustavderdrache/write-correlation DeterminateSystems/nix-installer-action:biomejs DeterminateSystems/nix-installer-action:curl-data DeterminateSystems/nix-installer-action:colemickens/debug DeterminateSystems/nix-installer-action:try-env-style-settings DeterminateSystems/nix-installer-action:test-extra-conf
DeterminateSystems/nix-installer-action:v22 DeterminateSystems/nix-installer-action:v21 DeterminateSystems/nix-installer-action:v20 DeterminateSystems/nix-installer-action:v19 DeterminateSystems/nix-installer-action:v18 DeterminateSystems/nix-installer-action:v17 DeterminateSystems/nix-installer-action:v16 DeterminateSystems/nix-installer-action:v15 DeterminateSystems/nix-installer-action:v14 DeterminateSystems/nix-installer-action:v13 DeterminateSystems/nix-installer-action:v12 DeterminateSystems/nix-installer-action:v11 DeterminateSystems/nix-installer-action:v10 DeterminateSystems/nix-installer-action:v9 DeterminateSystems/nix-installer-action:v8 DeterminateSystems/nix-installer-action:v7 DeterminateSystems/nix-installer-action:v6 DeterminateSystems/nix-installer-action:v5 DeterminateSystems/nix-installer-action:v4 DeterminateSystems/nix-installer-action:v3 DeterminateSystems/nix-installer-action:v2 DeterminateSystems/nix-installer-action:v1

65 Commits
v5 .. v11

Author SHA1 Message Date
Graham Christensen 8cdf194da9 Update dependencies (#85) 
* Update dependencies

* Update deps again :)
 2024-05-09 20:29:18 +00:00
Luc Perkins 10f43c0d32 Merge pull request #82 from DeterminateSystems/tsup-build 
Switch to tsup for building
 2024-05-02 16:45:35 -03:00
Luc Perkins 337589f84d Switch to tsup for building 2024-05-02 16:35:58 -03:00
Luc Perkins 330a0ca1bc Merge pull request #80 from DeterminateSystems/update-checkout-action 
Standardize on v4 of the checkout action
 2024-05-02 14:20:56 -03:00
Luc Perkins 2c90bb97d0 Standardize on v4 of the checkout action 2024-05-02 14:10:17 -03:00
Luc Perkins 91b8eb110e Merge pull request #79 from DeterminateSystems/fix-mnc-issue 
Fix broken CI
 2024-05-02 14:05:28 -03:00
Luc Perkins ff2ea37e97 Remove MNC from workflow 2024-05-02 13:58:19 -03:00
Luc Perkins f957521643 Reinstate the MNC prior to reinstall 2024-05-02 13:54:44 -03:00
Luc Perkins 23ddac323e Remove second reinstall setting 2024-05-02 13:49:26 -03:00
Luc Perkins 3785eaaa9b Fix other instance of uninstall/reinstall 2024-05-02 13:48:27 -03:00
Luc Perkins 6b7860826e Remove reinstall setting 2024-05-02 13:47:23 -03:00
Luc Perkins f69dd1d935 Merge pull request #76 from DeterminateSystems/general-cleanup 
General JS cleanup
 2024-05-02 13:09:27 -03:00
Luc Perkins ff707a0bf7 Fix merge conflict with main 2024-05-02 13:03:16 -03:00
Cole Helbling 7d2a9c4c9d Merge pull request #77 from DeterminateSystems/flakehub-fallback 
Gracefully handle FlakeHub login failure
 2024-05-02 07:15:43 -07:00
Luc Perkins 1ebf6caddc Remove unnecessary dependencies 2024-05-02 11:05:47 -03:00
Luc Perkins 7acbc80e00 Add names to CI steps 2024-05-02 10:56:42 -03:00
Luc Perkins 57a6360160 Fix build issue due to detsys-ts update 2024-05-02 10:52:54 -03:00
Luc Perkins a2856cdfd2 Prefer coalescing over or-ing 2024-04-24 11:13:40 -03:00
Luc Perkins b87931b2dd Add camelcase check 2024-04-24 11:09:55 -03:00
Cole Helbling 413ac98332 Gracefully handle FlakeHub login failure 2024-04-23 09:55:39 -07:00
Luc Perkins 86cdba7a6e Switch to git diff --exit-code 2024-04-22 13:17:32 -03:00
Luc Perkins c9a02f1141 Use bracket notation for env vars 2024-04-15 19:42:44 -03:00
Luc Perkins 413fb1beb4 Constify events and facts 2024-04-15 19:34:51 -03:00
Luc Perkins 8f4ca496eb Enforce proper casing 2024-04-15 19:23:29 -03:00
Luc Perkins c89881253c Use detsys-ts functions for inputs 2024-04-15 19:09:42 -03:00
Graham Christensen 5c49fa4feb Update detsys-ts (#75) 2024-04-12 15:31:59 -04:00
Graham Christensen 5d2215c1e1 Rebase on top of detsys-ts for abstracting over install.determinate.systems (#74) 
* Rebase on top of detsys-ts for abstracting over install.determinate.systems

* Support the legacy nix-installer-xxx source prefs

* Document source-* opts

* Update deps

* cut duration so it doesn't take forever

* Move the complete step into a finally block

* Test a busted run

* come on ...

* update to the main detsys-ts

* Switch to the delegated execution model

* throw an error to check behavior

* Fixup lint errors

* Drop the forced error
 2024-04-11 11:58:56 -04:00
Graham Christensen de22e16c47 DETERMINATE_NIX_KVM fixup, support Magic Nix Cache + FlakeHub Cache on Namespace runners (#72) 
* Share /bin with nix for post-build-hooks

* test the magic nix cache

* wtf

* permissions

* Share /home and the network namespace too

* test the devshell

* Don't force-set kvm to 0 ... d'oh!

* dev shell support for aarch64-linux

* ?

* More testing /  debug

* Make it run anyway

* Bind /lib too so /bin/sh works ... sigh

* Disable gha-cache for tesing

* Kill the magic nix cache before reinstalling

* Don't set the extra environment variables extraniously

* Enable gha cache again
 2024-03-11 19:53:25 -04:00
Ana Hobden e279ba56d8 Merge pull request #67 from DeterminateSystems/hoverbear/fh-161-after-running-in-act-hosts-nix-daemon-is-unusable 
Don't use docker shim if only using a mounted docker.sock instead of docker-in-docker
 2024-01-11 07:55:46 -08:00
Ana Hobden f4a0ffe230 Don't use docker shim if only using a mounted docker.sock instead of docker-in-docker 2024-01-10 11:45:04 -08:00
Ana Hobden ffea801f30 Merge pull request #66 from DeterminateSystems/hoverbear/fh-160-action-should-work-under-nektosact-in-the-absence-of-systemd 
Handle docker not existing.
 2024-01-10 08:36:26 -08:00
Ana Hobden 4126bb83b3 Merge branch 'main' into hoverbear/fh-160-action-should-work-under-nektosact-in-the-absence-of-systemd 2024-01-09 10:38:56 -08:00
Ana Hobden 81ee88fd4a Handle docker not existing 2024-01-09 10:36:54 -08:00
Ana Hobden 0f8fa3d242 Merge pull request #64 from DeterminateSystems/hoverbear/fh-156-installer-action-shouldnt-require-sudo 
No longer require sudo
 2024-01-09 09:50:39 -08:00
Ana Hobden f576e90e2d Fix logic inversion 2024-01-08 13:29:15 -08:00
Ana Hobden 161c1f6904 Use uid not username 2024-01-08 13:06:51 -08:00
Ana Hobden 0e5b724979 No longer require sudo 2024-01-08 10:50:02 -08:00
Cole Mickens 21affdd5d3 action: post-run-job: try clean daemon container, warn on failure (#61) 
* flake: add typescript LSP tool

* action: post-run-job: try clean daemon container, warn on failure
 2023-12-19 11:01:56 -05:00
Graham Christensen cd46bde16a Support GitHub Enterprise Server using ARC (#59) 
* Test nix-installer-action on Namespace.so

It is special in that it doesn't have systemd, and it'd be great to
support Namespace.so. It is also a good test case for a variety
of self-hosted GHA runner use cases.

* Make correlation more confident

* Borrow docker as a process supervisor on Linux GHA runners without systemd

This change introduces a Docker container shim which spawns the Nix
daemon after bind mounting all the relevant paths into the container.

The image is actually completely empty, other than metadata about what
to run.

This is a cheap and cheerful way to get decent process supervision in
environments that don't bring systemd, but do have docker ... which
is most everywhere in the GHA ecosystem.

* Ignore generated files

* Run on arm64 why not

* Load a pre-built image, don't build

* Check the userInfo.username instead of an env var

* Stop double-printing output to the console

* can't rm and restart

* what

* Clean up the container at the end

* Emit the fetch line in the 'installing nix' section

* tweak output

* delete what
 2023-12-04 14:17:47 -05:00
Graham Christensen 84fe9e450f Support GitHub Enterprise Server in the github-token access token. (#58) 2023-12-01 10:23:32 -05:00
Graham Christensen 07b8bcba1b KVM support out of the box, plus a refreshed README (#56) 
* support kvm

* Refresh the readme

* Update README.md

Co-authored-by: Ana Hobden <operator@hoverbear.org>

* Update README.md

Co-authored-by: Luc Perkins <lucperkins@gmail.com>

* Update README.md

---------

Co-authored-by: Ana Hobden <operator@hoverbear.org>
Co-authored-by: Luc Perkins <lucperkins@gmail.com>
 2023-11-21 19:06:06 +00:00
Ana Hobden 5620eb4af6 Merge pull request #53 from DeterminateSystems/use-github-tool-cache-and-exec 
Use Github Actions provided tool cache and exec
 2023-11-03 08:31:14 -07:00
Ana Hobden 8b5f066806 Use Github Actions provided tool cache and exec 2023-11-02 10:48:10 -07:00
Hugo Santos 7fa8f59903 Detected whether we're running in a Namespace runner, and if so, set init: none. (#52) 
Background: Namespace managed runners run each github job in a container, in a
separate micro-vm managed by Namespace. These VMs and containers do not rely on
systemd, and instead use Namespace's own init/process management.
 2023-11-02 15:58:37 +00:00
Ana Hobden 721f94f7df Merge pull request #47 from DeterminateSystems/colemickens/fix-stream-close 
fix: end the FileStreamWriter for the installer file
 2023-10-24 09:22:10 -07:00
Cole Mickens bb22c86823 retries: autoClose, but open file with O_SYNC 2023-10-24 18:01:08 +02:00
Cole Mickens d46d5b144a retries: switch back to piping with non-web node streams 2023-10-24 17:45:43 +02:00
Cole Mickens 663467bee8 main.ts: installer use filehandle, make sure we fsync it before close 2023-10-24 17:35:04 +02:00
Cole Mickens 4e0fccbf7c eslint/tsconfig: validate no floating Promises, adjust tsconfig 2023-10-24 10:40:08 +02:00
Cole Mickens 806550d223 package-lock.json: include node-fetch removal 
I'm guessing this got dropped again as part of having multiple
branches in flight and rebasing. It would be good if CI checked that
`npm install` and `npm run build` resulted in *zero* diffs to validate
that generated/lock files match their source at time of CI.
 2023-10-24 10:39:49 +02:00
Ana Hobden a5a150bc8f Merge pull request #48 from DeterminateSystems/add-dist-folder-checkl 
Add check for dist folder
 2023-10-24 01:25:48 -07:00
Ana Hobden 3177c7dd91 npm options wrong post 2023-10-23 11:57:00 -07:00
Ana Hobden 0e429bedc6 Nosave 2023-10-23 11:54:33 -07:00
Ana Hobden 4420be335b Show more in report 2023-10-23 11:53:07 -07:00
Ana Hobden 1ae92f01c0 Of course npm run all does not install, why would it. 2023-10-23 11:51:50 -07:00
Ana Hobden bbcd1efad1 Add check for dist folder 2023-10-23 11:50:08 -07:00
Ana Hobden ba1bee1704 Merge pull request #46 from colemickens/retries 
Retry (w/ back-off) downloading the installer binary
 2023-10-19 06:42:24 -07:00
Cole Mickens c906fbe810 regenerate dist after rebasing 2023-10-19 11:45:11 +02:00
Cole Mickens 5c1457fc8d retries: interate on stream handling, remove downcast 2023-10-19 11:44:42 +02:00
Cole Mickens 58853de798 main.ts: use fetch-retry, add retry/backoff to fetching installer 2023-10-19 11:44:41 +02:00
Cole Mickens e0fea1fb58 package.json: replace node-fetch with fetch-retry w/ native node fetch 2023-10-19 11:44:41 +02:00
Ana Hobden df82330768 Merge pull request #44 from colemickens/fixup-nix-url-check 
main.ts: fixup logic to ensure only one installer url override is set
 2023-10-18 10:24:39 -07:00
Cole Mickens 1cd89e7945 .github: allow trigger ci manually (#45) 2023-10-18 11:14:39 -04:00
Cole Mickens b1240359dd main.ts: fixup logic to ensure only one installer url override is set 2023-10-18 16:31:36 +02:00
Graham Christensen bc7b192574 Update the action to use node20 (#41) 
* Update nixpkgs to unstable, and nodejs to latest

* Upgrade the action to use node20
 2023-10-12 11:19:09 -04:00
30 changed files with 95462 additions and 15662 deletions
Expand all files Collapse all files
.eslintrc.json
+71 -72
View File
@@ -1,74 +1,73 @@
{
"plugins": [
"@typescript-eslint"
],
"extends": [
"plugin:github/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 9,
"sourceType": "module",
"project": "./tsconfig.json"
},
"rules": {
"i18n-text/no-en": "off",
"eslint-comments/no-use": "off",
"import/no-namespace": "off",
"no-unused-vars": "off",
"@typescript-eslint/no-unused-vars": [
"error",
{
"argsIgnorePattern": "^_"
}
],
"@typescript-eslint/explicit-member-accessibility": [
"error",
{
"accessibility": "no-public"
}
],
"@typescript-eslint/no-require-imports": "error",
"@typescript-eslint/array-type": "error",
"@typescript-eslint/await-thenable": "error",
"@typescript-eslint/ban-ts-comment": "error",
"camelcase": "off",
"@typescript-eslint/consistent-type-assertions": "error",
"@typescript-eslint/explicit-function-return-type": [
"error",
{
"allowExpressions": true
}
],
"@typescript-eslint/func-call-spacing": [
"error",
"never"
],
"@typescript-eslint/no-array-constructor": "error",
"@typescript-eslint/no-empty-interface": "error",
"@typescript-eslint/no-explicit-any": "error",
"@typescript-eslint/no-extraneous-class": "error",
"@typescript-eslint/no-for-in-array": "error",
"@typescript-eslint/no-inferrable-types": "error",
"@typescript-eslint/no-misused-new": "error",
"@typescript-eslint/no-namespace": "error",
"@typescript-eslint/no-non-null-assertion": "warn",
"@typescript-eslint/no-unnecessary-qualifier": "error",
"@typescript-eslint/no-unnecessary-type-assertion": "error",
"@typescript-eslint/no-useless-constructor": "error",
"@typescript-eslint/no-var-requires": "error",
"@typescript-eslint/prefer-for-of": "warn",
"@typescript-eslint/prefer-function-type": "warn",
"@typescript-eslint/prefer-includes": "error",
"@typescript-eslint/prefer-string-starts-ends-with": "error",
"@typescript-eslint/promise-function-async": "error",
"@typescript-eslint/require-array-sort-compare": "error",
"@typescript-eslint/restrict-plus-operands": "error",
"@typescript-eslint/type-annotation-spacing": "error",
"@typescript-eslint/unbound-method": "error"
},
"env": {
"node": true,
"es6": true
"plugins": ["@typescript-eslint"],
"extends": ["plugin:github/recommended"],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"ecmaVersion": 9,
"sourceType": "module",
"project": "./tsconfig.json"
},
"settings": {
"import/resolver": {
"typescript": {}
}
}
},
"rules": {
"i18n-text/no-en": "off",
"eslint-comments/no-use": "off",
"import/no-namespace": "off",
"no-unused-vars": "off",
"@typescript-eslint/no-unused-vars": [
"error",
{
"argsIgnorePattern": "^_"
}
],
"@typescript-eslint/explicit-member-accessibility": [
"error",
{
"accessibility": "no-public"
}
],
"@typescript-eslint/no-require-imports": "error",
"@typescript-eslint/array-type": "error",
"@typescript-eslint/await-thenable": "error",
"@typescript-eslint/ban-ts-comment": "error",
"camelcase": "error",
"@typescript-eslint/consistent-type-assertions": "error",
"@typescript-eslint/explicit-function-return-type": [
"error",
{
"allowExpressions": true
}
],
"@typescript-eslint/func-call-spacing": ["error", "never"],
"@typescript-eslint/no-array-constructor": "error",
"@typescript-eslint/no-empty-interface": "error",
"@typescript-eslint/no-explicit-any": "error",
"@typescript-eslint/no-floating-promises": "error",
"@typescript-eslint/no-extraneous-class": "error",
"@typescript-eslint/no-for-in-array": "error",
"@typescript-eslint/no-inferrable-types": "error",
"@typescript-eslint/no-misused-new": "error",
"@typescript-eslint/no-namespace": "error",
"@typescript-eslint/no-non-null-assertion": "warn",
"@typescript-eslint/no-unnecessary-qualifier": "error",
"@typescript-eslint/no-unnecessary-type-assertion": "error",
"@typescript-eslint/no-useless-constructor": "error",
"@typescript-eslint/no-var-requires": "error",
"@typescript-eslint/prefer-for-of": "warn",
"@typescript-eslint/prefer-function-type": "warn",
"@typescript-eslint/prefer-includes": "error",
"@typescript-eslint/prefer-string-starts-ends-with": "error",
"@typescript-eslint/promise-function-async": "error",
"@typescript-eslint/require-array-sort-compare": "error",
"@typescript-eslint/restrict-plus-operands": "error",
"@typescript-eslint/type-annotation-spacing": "error",
"@typescript-eslint/unbound-method": "error"
},
"env": {
"node": true,
"es6": true
}
}
.gitattributes
+2
View File
@@ -0,0 +1,2 @@
dist/* linguist-generated=true
.github/workflows/ci.yml
+57 -4
View File
@@ -4,13 +4,44 @@ on:
pull_request:
push:
branches: [main]
workflow_dispatch:
jobs:
run-x86_64-linux:
name: Run x86_64 Linux
check-dist-up-to-date:
name: Check the dist/ folder is up to date
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: pnpm install
run: nix develop --command pnpm install
- name: prettier format
run: nix develop --command pnpm run check-fmt
- name: ESLint
run: nix develop --command pnpm run lint
- name: tsup build
run: nix develop --command pnpm run build
- name: ncc package
run: nix develop --command pnpm run package
- name: Git status
run: git status --porcelain=v1
- name: Ensure no staged changes
run: git diff --exit-code
run-test-suite:
name: Run test suite
strategy:
matrix:
runner:
- ubuntu-latest
- nscloud-ubuntu-22.04-amd64-4x16
- namespace-profile-default-arm64
runs-on: ${{ matrix.runner }}
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: ./
with:
@@ -19,6 +50,12 @@ jobs:
backtrace: full
- name: echo $PATH
run: echo $PATH
- name: Render the devshell
if: success() || failure()
run: |
nix develop --command date
- name: Test `nix` with `$GITHUB_PATH`
if: success() || failure()
run: |
@@ -27,6 +64,7 @@ jobs:
hello
nix store gc
nix run nixpkgs#hello
- name: Test bash
run: nix-instantiate -E 'builtins.currentTime' --eval
if: success() || failure()
@@ -71,12 +109,21 @@ jobs:
cat -n /etc/nix/nix.conf
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
- name: Breakpoint if tests failed
if: failure()
uses: namespacelabs/breakpoint-action@v0
with:
duration: 5m
authorized-users: grahamc
run-x86_64-darwin:
name: Run x86_64 Darwin
runs-on: macos-12
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v4
- name: Install Nix
uses: ./
with:
@@ -141,3 +188,9 @@ jobs:
cat /etc/nix/nix.conf
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
- name: Breakpoint if tests failed
if: failure()
uses: namespacelabs/breakpoint-action@v0
with:
duration: 5m
authorized-users: grahamc
.prettierrc.json
+1 -1
View File
@@ -1 +1 @@
{}
{}
CONTRIBUTING.md
+3
View File
@@ -0,0 +1,3 @@
# Submitting Pull Requests
This action is based off https://github.com/actions/javascript-action. As part of your contributing flow you **must** run `npm run all` before we can merge.
README.md
+86 -50
View File
@@ -1,6 +1,20 @@
# Nix Installer Action
# The Determinate Nix Installer Action
You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github action like so:
Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer), responsible for over tens of thousands of Nix installs daily.
The fast, friendly, and reliable GitHub Action to install Nix with Flakes.
## Supports
-**Accelerated KVM** on open source projects and larger runners. See [GitHub's announcement](https://github.blog/changelog/2023-02-23-hardware-accelerated-android-virtualization-on-actions-windows-and-linux-larger-hosted-runners/) for more info.
- ✅ Linux, x86_64, aarch64, and i686
- ✅ macOS, x86_64 and aarch64
- ✅ WSL2, x86_64 and aarch64
- ✅ Containers
- ✅ Valve's SteamOS
- ✅ GitHub Enterprise Server
- ✅ GitHub Hosted, self-hosted, and long running Actions Runners
## Usage
```yaml
on:
@@ -11,18 +25,16 @@ on:
jobs:
lints:
name: Build
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Run `nix build`
run: nix build .
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- run: nix build .
```
See [`.github/workflows/ci.yml`](.github/workflows/ci.yml) for a full example.
### With FlakeHub
To use private flakes from FlakeHub, use a configuration like this:
To fetch private flakes from FlakeHub, update the `permissions` block and pass `flakehub: true`:
```yaml
on:
@@ -33,56 +45,80 @@ on:
jobs:
lints:
name: Build
runs-on: ubuntu-22.04
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
with:
flakehub: true
- name: Run `nix build`
run: nix build .
- run: nix build .
```
See [`.github/workflows/ci.yml`](.github/workflows/ci.yml) for a full example.
### Advanced Usage
- If KVM is available, the installer sets up KVM so that Nix can use it ,and exports the `DETERMINATE_NIX_KVM` environment variable set to 1.
If KVM is not available, `DETERMINATE_NIX_KVM` is set to 0.
This can be used in combination with GitHub Actions' `if` syntax for turning on and off steps.
## Installation Differences
Differing from the upstream [Nix](https://github.com/NixOS/nix) installer scripts:
- In `nix.conf`:
- the `nix-command` and `flakes` features are enabled
- `bash-prompt-prefix` is set
- `auto-optimise-store` is set to `true` (On Linux only)
* `extra-nix-path` is set to `nixpkgs=flake:nixpkgs`
* `max-jobs` is set to `auto`
- KVM is enabled by default.
- an installation receipt (for uninstalling) is stored at `/nix/receipt.json` as well as a copy of the install binary at `/nix/nix-installer`
- `nix-channel --update` is not run, `~/.nix-channels` is not provisioned
- `ssl-cert-file` is set in `/etc/nix/nix.conf` if the `ssl-cert-file` argument is used.
## Configuration
| Parameter | Description | Type | Default |
| :----------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------- | :--------------------------------------------------- |
| `backtrace` | The setting for [`RUST_BACKTRACE`][backtrace] | string | |
| `extra-args` | Extra arguments to pass to the planner (prefer using structured `with:` arguments unless using a custom [planner]!) | string | |
| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | string | |
| `flakehub` | Log in to FlakeHub to pull private flakes using the GitHub Actions [JSON Web Token](https://jwt.io) (JWT), which is bound to the `api.flakehub.com` audience. | Boolean | `false` |
| `github-token` | A [GitHub token] for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | string | `${{ github.token }}` |
| `init` | The init system to configure (requires `planner: linux-multi`) | enum (`none` or `systemd`) | |
| `local-root` | A local `nix-installer` binary root. Overrides the `nix-installer-url` setting (a `nix-installer.sh` should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`). | Boolean | `false` |
| `log-directives` | A list of [tracing directives], comma separated with `-`s replaced with `_` (eg. `nix_installer=trace`) | string | |
| `logger` | The logger to use during installation | enum (`pretty`, `json`, `full`, `compact`) | |
| `mac-case-sensitive` | Use a case-sensitive volume (`planner: macos` only) | Boolean | `false` |
| `mac-encrypt` | Force encryption on the volume (`planner: macos` only) | Boolean | `false` |
| `mac-root-disk` | The root disk of the target (`planner: macos` only) | string | |
| `mac-volume-label` | The label for the created [APFS] volume (`planner: macos` only) | string | |
| `modify-profile` | Modify the user [profile] to automatically load Nix | Boolean | `false` |
| `nix-build-group-id` | The Nix build group GID | integer | |
| `nix-build-group-name` | The Nix build group name | string | |
| `nix-build-user-base` | The Nix build user base UID (ascending) | integer | |
| `nix-build-user-count` | The number of build users to create | integer | 32 |
| `nix-build-user-prefix` | The Nix build user prefix (user numbers will be postfixed) | string | |
| `nix-installer-branch` | The branch of `nix-installer` to use (conflicts with the `nix-installer-tag`, `nix-installer-revision`, and `nix-installer-branch`) | string | |
| `nix-installer-pr` | The pull request of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, and `nix-installer-branch`) | integer | |
| `nix-installer-revision` | The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, and `nix-installer-pr`) | string | |
| `nix-installer-tag` | The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`) | string | |
| `nix-installer-url` | A URL pointing to a `nix-installer.sh` script | URL | `https://install.determinate.systems/nix` |
| `nix-package-url` | The Nix package URL | URL | |
| `planner` | The installation [planner] to use | enum (`linux` or `macos`) | |
| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | Boolean | `false` |
| `start-daemon` | If the daemon should be started, requires `planner: linux-multi` | Boolean | `false` |
| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | Boolean | `true` |
| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends install [diagnostic reports](https://github.com/DeterminateSystems/nix-installer#diagnostics) to, to disable set this to an empty string | string | `https://install.determinate.systems/nix/diagnostic` |
| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | string | |
| `ssl-cert-file` | An SSL cert to use (if any), used for fetching Nix and sets `NIX_SSL_CERT_FILE` for Nix | string | |
| Parameter | Description | Type | Default |
| :---------------------- | :----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------- | :------------------------------------------------------------- |
| `backtrace` | The setting for [`RUST_BACKTRACE`][backtrace] | string | |
| `extra-args` | Extra arguments to pass to the planner (prefer using structured `with:` arguments unless using a custom [planner]!) | string | |
| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | string | |
| `flakehub` | Log in to FlakeHub to pull private flakes using the GitHub Actions [JSON Web Token](https://jwt.io) (JWT), which is bound to the `api.flakehub.com` audience. | Boolean | `false` |
| `force-docker-shim` | Force the use of Docker as a process supervisor. This setting is automatically enabled when necessary. | Boolean | `false` |
| `github-token` | A [GitHub token] for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | string | `${{ github.token }}` |
| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | string | `${{ github.server }}` |
| `init` | The init system to configure (requires `planner: linux-multi`) | enum (`none` or `systemd`) | |
| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test support, if the host supports it. | Boolean | `true` |
| `local-root` | A local `nix-installer` binary root. Overrides the `nix-installer-url` setting (a `nix-installer.sh` should exist, binaries should be named `nix-installer-$ARCH`, eg. `nix-installer-x86_64-linux`). | Boolean | `false` |
| `log-directives` | A list of [tracing directives], comma separated with `-`s replaced with `_` (eg. `nix_installer=trace`) | string | |
| `logger` | The logger to use during installation | enum (`pretty`, `json`, `full`, `compact`) | |
| `mac-case-sensitive` | Use a case-sensitive volume (`planner: macos` only) | Boolean | `false` |
| `mac-encrypt` | Force encryption on the volume (`planner: macos` only) | Boolean | `false` |
| `mac-root-disk` | The root disk of the target (`planner: macos` only) | string | |
| `mac-volume-label` | The label for the created [APFS] volume (`planner: macos` only) | string | |
| `modify-profile` | Modify the user [profile] to automatically load Nix | Boolean | `false` |
| `nix-build-group-id` | The Nix build group GID | integer | |
| `nix-build-group-name` | The Nix build group name | string | |
| `nix-build-user-base` | The Nix build user base UID (ascending) | integer | |
| `nix-build-user-count` | The number of build users to create | integer | 32 |
| `nix-build-user-prefix` | The Nix build user prefix (user numbers will be postfixed) | string | |
| `source-branch` | The branch of `nix-installer` to use (conflicts with the `source-tag`, `source-revision`, and `source-branch`) | string | |
| `source-pr` | The pull request of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, and `source-branch`) | integer | |
| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, and `source-pr`) | string | |
| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | string | |
| `source-url` | A URL pointing to a `nix-installer.sh` script | URL | `https://install.determinate.systems/nix` |
| `nix-package-url` | The Nix package URL | URL | |
| `planner` | The installation [planner] to use | enum (`linux` or `macos`) | |
| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | Boolean | `false` |
| `start-daemon` | If the daemon should be started, requires `planner: linux-multi` | Boolean | `false` |
| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | Boolean | `true` |
| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends install [diagnostic reports](https://github.com/DeterminateSystems/nix-installer#diagnostics) to, to disable set this to an empty string | string | `https://install.determinate.systems/nix-installer/diagnostic` |
| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | string | |
| `ssl-cert-file` | An SSL cert to use (if any), used for fetching Nix and sets `NIX_SSL_CERT_FILE` for Nix | string | |
[apfs]: https://en.wikipedia.org/wiki/Apple_File_System
[backtrace]: https://doc.rust-lang.org/std/backtrace/index.html#environment-variables
action.yml
+38 -13
View File
@@ -17,12 +17,22 @@ inputs:
description: Automatically log in to your [FlakeHub](https://flakehub.com) account, for accessing private flakes.
required: false
default: false
force-docker-shim:
description: Force the use of Docker as a process supervisor. This setting is automatically enabled when necessary.
default: false
github-token:
description: A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)
default: ${{ github.token }}
github-server-url:
description: The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server.
default: ${{ github.server_url }}
init:
description: "The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)"
required: false
kvm:
description: Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it.
required: false
default: true
local-root:
description: A local `nix-installer` binary root, overrides any settings which change the `nix-installer` used (binaries should be named `nix-installer-$ARCH-$OS`, eg. `nix-installer-x86_64-linux`)
required: false
@@ -69,19 +79,19 @@ inputs:
nix-build-user-prefix:
description: The Nix build user prefix (user numbers will be postfixed)
required: false
nix-installer-branch:
description: The branch of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-pr`)
source-branch:
description: The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`)
required: false
nix-installer-pr:
description: The PR of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-branch`)
source-pr:
description: The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`)
required: false
nix-installer-revision:
description: The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, `nix-installer-pr`)
source-revision:
description: The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`)
required: false
nix-installer-tag:
description: The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`)
source-tag:
description: The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)
required: false
nix-installer-url:
source-url:
description: A URL pointing to a `nix-installer.sh` script
required: false
nix-package-url:
@@ -100,12 +110,27 @@ inputs:
default: true
diagnostic-endpoint:
description: "Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string."
default: "https://install.determinate.systems/nix/diagnostic"
default: "https://install.determinate.systems/nix-installer/diagnostic"
trust-runner-user:
description: Whether to make the runner user trusted by the Nix daemon
default: "true"
nix-installer-branch:
description: (deprecated) The branch of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-pr`)
required: false
nix-installer-pr:
description: (deprecated) The PR of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-revision`, `nix-installer-branch`)
required: false
nix-installer-revision:
description: (deprecated) The revision of `nix-installer` to use (conflicts with `nix-installer-tag`, `nix-installer-branch`, `nix-installer-pr`)
required: false
nix-installer-tag:
description: (deprecated) The tag of `nix-installer` to use (conflicts with `nix-installer-revision`, `nix-installer-branch`, `nix-installer-pr`)
required: false
nix-installer-url:
description: (deprecated) A URL pointing to a `nix-installer.sh` script
required: false
runs:
using: "node16"
main: 'dist/index.js'
post: 'dist/index.js'
using: "node20"
main: "dist/index.js"
post: "dist/index.js"
dist/37.index.js
Generated Vendored
-453
View File
@@ -1,453 +0,0 @@
"use strict";
exports.id = 37;
exports.ids = [37];
exports.modules = {
/***/ 4037:
/***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
__webpack_require__.r(__webpack_exports__);
/* harmony export */ __webpack_require__.d(__webpack_exports__, {
/* harmony export */ "toFormData": () => (/* binding */ toFormData)
/* harmony export */ });
/* harmony import */ var fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(2185);
/* harmony import */ var formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(8010);
let s = 0;
const S = {
START_BOUNDARY: s++,
HEADER_FIELD_START: s++,
HEADER_FIELD: s++,
HEADER_VALUE_START: s++,
HEADER_VALUE: s++,
HEADER_VALUE_ALMOST_DONE: s++,
HEADERS_ALMOST_DONE: s++,
PART_DATA_START: s++,
PART_DATA: s++,
END: s++
};
let f = 1;
const F = {
PART_BOUNDARY: f,
LAST_BOUNDARY: f *= 2
};
const LF = 10;
const CR = 13;
const SPACE = 32;
const HYPHEN = 45;
const COLON = 58;
const A = 97;
const Z = 122;
const lower = c => c | 0x20;
const noop = () => {};
class MultipartParser {
/**
* @param {string} boundary
*/
constructor(boundary) {
this.index = 0;
this.flags = 0;
this.onHeaderEnd = noop;
this.onHeaderField = noop;
this.onHeadersEnd = noop;
this.onHeaderValue = noop;
this.onPartBegin = noop;
this.onPartData = noop;
this.onPartEnd = noop;
this.boundaryChars = {};
boundary = '\r\n--' + boundary;
const ui8a = new Uint8Array(boundary.length);
for (let i = 0; i < boundary.length; i++) {
ui8a[i] = boundary.charCodeAt(i);
this.boundaryChars[ui8a[i]] = true;
}
this.boundary = ui8a;
this.lookbehind = new Uint8Array(this.boundary.length + 8);
this.state = S.START_BOUNDARY;
}
/**
* @param {Uint8Array} data
*/
write(data) {
let i = 0;
const length_ = data.length;
let previousIndex = this.index;
let {lookbehind, boundary, boundaryChars, index, state, flags} = this;
const boundaryLength = this.boundary.length;
const boundaryEnd = boundaryLength - 1;
const bufferLength = data.length;
let c;
let cl;
const mark = name => {
this[name + 'Mark'] = i;
};
const clear = name => {
delete this[name + 'Mark'];
};
const callback = (callbackSymbol, start, end, ui8a) => {
if (start === undefined || start !== end) {
this[callbackSymbol](ui8a && ui8a.subarray(start, end));
}
};
const dataCallback = (name, clear) => {
const markSymbol = name + 'Mark';
if (!(markSymbol in this)) {
return;
}
if (clear) {
callback(name, this[markSymbol], i, data);
delete this[markSymbol];
} else {
callback(name, this[markSymbol], data.length, data);
this[markSymbol] = 0;
}
};
for (i = 0; i < length_; i++) {
c = data[i];
switch (state) {
case S.START_BOUNDARY:
if (index === boundary.length - 2) {
if (c === HYPHEN) {
flags |= F.LAST_BOUNDARY;
} else if (c !== CR) {
return;
}
index++;
break;
} else if (index - 1 === boundary.length - 2) {
if (flags & F.LAST_BOUNDARY && c === HYPHEN) {
state = S.END;
flags = 0;
} else if (!(flags & F.LAST_BOUNDARY) && c === LF) {
index = 0;
callback('onPartBegin');
state = S.HEADER_FIELD_START;
} else {
return;
}
break;
}
if (c !== boundary[index + 2]) {
index = -2;
}
if (c === boundary[index + 2]) {
index++;
}
break;
case S.HEADER_FIELD_START:
state = S.HEADER_FIELD;
mark('onHeaderField');
index = 0;
// falls through
case S.HEADER_FIELD:
if (c === CR) {
clear('onHeaderField');
state = S.HEADERS_ALMOST_DONE;
break;
}
index++;
if (c === HYPHEN) {
break;
}
if (c === COLON) {
if (index === 1) {
// empty header field
return;
}
dataCallback('onHeaderField', true);
state = S.HEADER_VALUE_START;
break;
}
cl = lower(c);
if (cl < A || cl > Z) {
return;
}
break;
case S.HEADER_VALUE_START:
if (c === SPACE) {
break;
}
mark('onHeaderValue');
state = S.HEADER_VALUE;
// falls through
case S.HEADER_VALUE:
if (c === CR) {
dataCallback('onHeaderValue', true);
callback('onHeaderEnd');
state = S.HEADER_VALUE_ALMOST_DONE;
}
break;
case S.HEADER_VALUE_ALMOST_DONE:
if (c !== LF) {
return;
}
state = S.HEADER_FIELD_START;
break;
case S.HEADERS_ALMOST_DONE:
if (c !== LF) {
return;
}
callback('onHeadersEnd');
state = S.PART_DATA_START;
break;
case S.PART_DATA_START:
state = S.PART_DATA;
mark('onPartData');
// falls through
case S.PART_DATA:
previousIndex = index;
if (index === 0) {
// boyer-moore derrived algorithm to safely skip non-boundary data
i += boundaryEnd;
while (i < bufferLength && !(data[i] in boundaryChars)) {
i += boundaryLength;
}
i -= boundaryEnd;
c = data[i];
}
if (index < boundary.length) {
if (boundary[index] === c) {
if (index === 0) {
dataCallback('onPartData', true);
}
index++;
} else {
index = 0;
}
} else if (index === boundary.length) {
index++;
if (c === CR) {
// CR = part boundary
flags |= F.PART_BOUNDARY;
} else if (c === HYPHEN) {
// HYPHEN = end boundary
flags |= F.LAST_BOUNDARY;
} else {
index = 0;
}
} else if (index - 1 === boundary.length) {
if (flags & F.PART_BOUNDARY) {
index = 0;
if (c === LF) {
// unset the PART_BOUNDARY flag
flags &= ~F.PART_BOUNDARY;
callback('onPartEnd');
callback('onPartBegin');
state = S.HEADER_FIELD_START;
break;
}
} else if (flags & F.LAST_BOUNDARY) {
if (c === HYPHEN) {
callback('onPartEnd');
state = S.END;
flags = 0;
} else {
index = 0;
}
} else {
index = 0;
}
}
if (index > 0) {
// when matching a possible boundary, keep a lookbehind reference
// in case it turns out to be a false lead
lookbehind[index - 1] = c;
} else if (previousIndex > 0) {
// if our boundary turned out to be rubbish, the captured lookbehind
// belongs to partData
const _lookbehind = new Uint8Array(lookbehind.buffer, lookbehind.byteOffset, lookbehind.byteLength);
callback('onPartData', 0, previousIndex, _lookbehind);
previousIndex = 0;
mark('onPartData');
// reconsider the current character even so it interrupted the sequence
// it could be the beginning of a new sequence
i--;
}
break;
case S.END:
break;
default:
throw new Error(`Unexpected state entered: ${state}`);
}
}
dataCallback('onHeaderField');
dataCallback('onHeaderValue');
dataCallback('onPartData');
// Update properties for the next call
this.index = index;
this.state = state;
this.flags = flags;
}
end() {
if ((this.state === S.HEADER_FIELD_START && this.index === 0) ||
(this.state === S.PART_DATA && this.index === this.boundary.length)) {
this.onPartEnd();
} else if (this.state !== S.END) {
throw new Error('MultipartParser.end(): stream ended unexpectedly');
}
}
}
function _fileName(headerValue) {
// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
const m = headerValue.match(/\bfilename=("(.*?)"|([^()<>@,;:\\"/[\]?={}\s\t]+))($|;\s)/i);
if (!m) {
return;
}
const match = m[2] || m[3] || '';
let filename = match.slice(match.lastIndexOf('\\') + 1);
filename = filename.replace(/%22/g, '"');
filename = filename.replace(/&#(\d{4});/g, (m, code) => {
return String.fromCharCode(code);
});
return filename;
}
async function toFormData(Body, ct) {
if (!/multipart/i.test(ct)) {
throw new TypeError('Failed to fetch');
}
const m = ct.match(/boundary=(?:"([^"]+)"|([^;]+))/i);
if (!m) {
throw new TypeError('no or bad content-type header, no multipart boundary');
}
const parser = new MultipartParser(m[1] || m[2]);
let headerField;
let headerValue;
let entryValue;
let entryName;
let contentType;
let filename;
const entryChunks = [];
const formData = new formdata_polyfill_esm_min_js__WEBPACK_IMPORTED_MODULE_1__/* .FormData */ .Ct();
const onPartData = ui8a => {
entryValue += decoder.decode(ui8a, {stream: true});
};
const appendToFile = ui8a => {
entryChunks.push(ui8a);
};
const appendFileToFormData = () => {
const file = new fetch_blob_from_js__WEBPACK_IMPORTED_MODULE_0__/* .File */ .$B(entryChunks, filename, {type: contentType});
formData.append(entryName, file);
};
const appendEntryToFormData = () => {
formData.append(entryName, entryValue);
};
const decoder = new TextDecoder('utf-8');
decoder.decode();
parser.onPartBegin = function () {
parser.onPartData = onPartData;
parser.onPartEnd = appendEntryToFormData;
headerField = '';
headerValue = '';
entryValue = '';
entryName = '';
contentType = '';
filename = null;
entryChunks.length = 0;
};
parser.onHeaderField = function (ui8a) {
headerField += decoder.decode(ui8a, {stream: true});
};
parser.onHeaderValue = function (ui8a) {
headerValue += decoder.decode(ui8a, {stream: true});
};
parser.onHeaderEnd = function () {
headerValue += decoder.decode();
headerField = headerField.toLowerCase();
if (headerField === 'content-disposition') {
// matches either a quoted-string or a token (RFC 2616 section 19.5.1)
const m = headerValue.match(/\bname=("([^"]*)"|([^()<>@,;:\\"/[\]?={}\s\t]+))/i);
if (m) {
entryName = m[2] || m[3] || '';
}
filename = _fileName(headerValue);
if (filename) {
parser.onPartData = appendToFile;
parser.onPartEnd = appendFileToFormData;
}
} else if (headerField === 'content-type') {
contentType = headerValue;
}
headerValue = '';
headerField = '';
};
for await (const chunk of Body) {
parser.write(chunk);
}
parser.end();
return formData;
}
/***/ })
};
;
//# sourceMappingURL=37.index.js.map
dist/37.index.js.map
Generated Vendored
-1
View File
File diff suppressed because one or more lines are too long
dist/amd64.tar.gz
Generated Vendored
BIN
View File
Binary file not shown.
dist/arm64.tar.gz
Generated Vendored
BIN
View File
Binary file not shown.
dist/index.d.ts
Generated Vendored
+2
View File
@@ -0,0 +1,2 @@
export { }
dist/index.js
Generated Vendored
+88619 -8098
View File
File diff suppressed because one or more lines are too long
dist/index.js.map
Generated Vendored
-1
View File
File diff suppressed because one or more lines are too long
dist/licenses.txt
Generated Vendored
-23
View File
@@ -1,23 +0,0 @@
node-fetch
MIT
The MIT License (MIT)
Copyright (c) 2016 David Frank
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
dist/package.json
Generated Vendored
+3
View File
@@ -0,0 +1,3 @@
{
"type": "module"
}
dist/sourcemap-register.js
Generated Vendored
-1
View File
File diff suppressed because one or more lines are too long
docker-shim/Dockerfile
+19
View File
@@ -0,0 +1,19 @@
# Determinate Nix Installer: Docker Shim
#
# This empty image exists to lean on Docker as a process supervisor when
# systemd isn't available. Specifically intended for self-hosted GitHub
# Actions runners using Docker-in-Docker.
#
# See: https://github.com/DeterminateSystems/nix-installer-action
FROM scratch
ENTRYPOINT [ "/nix/var/nix/profiles/default/bin/nix-daemon"]
CMD []
HEALTHCHECK \
--interval=5m \
--timeout=3s \
CMD ["/nix/var/nix/profiles/default/bin/nix", "store", "ping", "--store", "daemon"]
COPY ./Dockerfile /README.md
docker-shim/README.md
+52
View File
@@ -0,0 +1,52 @@
# Determinate Nix Installer Action: Docker Shim
The image in this repository is a product of the contained Dockerfile.
It is an otherwise empty image with a configuration layer.
This image is to be used in GitHub Actions runners which don't have systemd available, like self-hosted ARC runners.
The image would have no layers / content at all, however Docker has a bug and refuses to export those images.
This isn't a technical limitation preventing us from creating and distributing that image, but an ease-of-use limitation.
Since some of Docker's inspection tools break on an empty image, the image contains a single layer containing a README.
To build:
```shell
docker build . --tag determinate-nix-shim:latest
docker image save determinate-nix-shim:latest | gzip --best > amd64.tar
```
Then, extract the tarball:
```
mkdir extract
cd extract
tar -xf ../amd64.tar
```
It'll look like this, though the hashes will be different.
```
.
├── 771204abb853cdde06bbbc680001a02642050a1db1a7b0a48cf5f20efa8bdc5d.json
├── c4088111818e553e834adfc81bda8fe6da281afa9a40012eaa82796fb5476e98
│   ├── VERSION
│   ├── json
│   └── layer.tar
├── manifest.json
└── repositories
```
Ignore `manifest.json`, and edit the other two JSON documents to replace `amd64` with `arm64`, both in a key named "architecture:
```
"architecture":"amd64"
```
Then re-create the tar, from within the `extract` directory:
```
tar --options gzip:compression-level=9 -zcf ../arm64.tar.gz .
```
Then `git add` the two .tar.gz's and you're done.
docker-shim/amd64.tar.gz
BIN
View File
Binary file not shown.
docker-shim/arm64.tar.gz
BIN
View File
Binary file not shown.
flake.lock
Generated
+7 -5
View File
@@ -2,6 +2,7 @@
"nodes": {
"flake-schemas": {
"locked": {
"lastModified": 1693491534,
"narHash": "sha256-ifw8Td8kD08J8DxFbYjeIx5naHcDLz7s2IFP3X42I/U=",
"rev": "c702cbb663d6d70bbb716584a2ee3aeb35017279",
"revCount": 21,
@@ -15,15 +16,16 @@
},
"nixpkgs": {
"locked": {
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
"revCount": 491340,
"lastModified": 1696879762,
"narHash": "sha256-Ud6bH4DMcYHUDKavNMxAhcIpDGgHMyL/yaDEAVSImQY=",
"rev": "f99e5f03cc0aa231ab5950a15ed02afec45ed51a",
"revCount": 534224,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2305.491340%2Brev-32dcb45f66c0487e92db8303a798ebc548cadedc/018aebfc-faf0-743e-aeb4-28acf5a64d95/source.tar.gz"
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.534224%2Brev-f99e5f03cc0aa231ab5950a15ed02afec45ed51a/018b1d3c-12f0-76a5-b796-7668d7633f08/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/%2A.tar.gz"
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.0.tar.gz"
}
},
"root": {
flake.nix
+5 -3
View File
@@ -4,12 +4,12 @@
inputs = {
flake-schemas.url = "https://flakehub.com/f/DeterminateSystems/flake-schemas/*.tar.gz";
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/*.tar.gz";
nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.0.tar.gz";
};
outputs = { self, flake-schemas, nixpkgs }:
let
supportedSystems = [ "x86_64-linux" "aarch64-darwin" ];
supportedSystems = [ "x86_64-linux" "aarch64-darwin" "aarch64-linux" "x86_64-darwin" ];
forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
pkgs = import nixpkgs { inherit system; };
});
@@ -20,8 +20,10 @@
devShells = forEachSupportedSystem ({ pkgs }: {
default = pkgs.mkShell {
packages = with pkgs; [
nodejs-18_x
nodejs_latest
nixpkgs-fmt
nodePackages_latest.pnpm
nodePackages_latest.typescript-language-server
];
};
});
package-lock.json
Generated
-6222
View File
File diff suppressed because it is too large Load Diff
package.json
+25 -17
View File
@@ -1,14 +1,17 @@
{
"name": "nix-installer-action",
"version": "1.0.0",
"description": "You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github action:",
"main": "lib/main.js",
"description": "You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github Action:",
"main": "./dist/index.js",
"types": "./dist/index.d.ts",
"type": "module",
"scripts": {
"build": "tsc",
"format": "prettier --write '**/*.ts'",
"build": "tsup",
"format": "prettier --write .",
"check-fmt": "prettier --check .",
"lint": "eslint src/**/*.ts",
"package": "ncc build --source-map --license licenses.txt",
"all": "npm run build && npm run format && npm run lint && npm run package"
"package": "ncc build",
"all": "pnpm run format && pnpm run lint && pnpm run build && pnpm run package"
},
"repository": {
"type": "git",
@@ -22,20 +25,25 @@
},
"homepage": "https://github.com/DeterminateSystems/nix-installer-action#readme",
"dependencies": {
"@actions/core": "^1.10.0",
"@actions/core": "^1.10.1",
"@actions/exec": "^1.1.1",
"@actions/github": "^5.1.1",
"node-fetch": "^3.3.1",
"detsys-ts": "github:DeterminateSystems/detsys-ts",
"string-argv": "^0.3.2"
},
"devDependencies": {
"@types/node": "^18.16.3",
"@typescript-eslint/parser": "^5.59.2",
"@vercel/ncc": "^0.36.1",
"eslint": "^8.44.0",
"eslint-plugin-github": "^4.3.6",
"eslint-plugin-import": "^2.26.0",
"eslint-plugin-prettier": "^5.0.0-alpha.1",
"prettier": "^3.0.0",
"typescript": "^5.1.6"
"@trivago/prettier-plugin-sort-imports": "^4.3.0",
"@types/node": "^20.12.11",
"@types/uuid": "^9.0.8",
"@typescript-eslint/eslint-plugin": "^7.8.0",
"@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0",
"eslint-import-resolver-typescript": "^3.6.1",
"eslint-plugin-github": "^4.10.2",
"eslint-plugin-import": "^2.29.1",
"eslint-plugin-prettier": "^5.1.3",
"prettier": "^3.2.5",
"tsup": "^8.0.2",
"typescript": "^5.4.5"
}
}
pnpm-lock.yaml
Generated
+5438
View File
File diff suppressed because it is too large Load Diff
src/index.ts
+1005
View File
File diff suppressed because it is too large Load Diff
src/main.ts
-684
View File
@@ -1,684 +0,0 @@
import * as actions_core from "@actions/core";
import * as github from "@actions/github";
import { mkdtemp, chmod, access, writeFile } from "node:fs/promises";
import { spawn } from "node:child_process";
import { randomUUID } from "node:crypto";
import { join } from "node:path";
import { tmpdir } from "node:os";
import { pipeline } from "node:stream";
import fetch from "node-fetch";
import { promisify } from "node:util";
import fs from "node:fs";
import stringArgv from "string-argv";
class NixInstallerAction {
platform: string;
nix_package_url: string | null;
backtrace: string | null;
extra_args: string | null;
extra_conf: string[] | null;
flakehub: boolean;
github_token: string | null;
// TODO: linux_init
init: string | null;
local_root: string | null;
log_directives: string | null;
logger: string | null;
ssl_cert_file: string | null;
proxy: string | null;
mac_case_sensitive: string | null;
mac_encrypt: string | null;
mac_root_disk: string | null;
mac_volume_label: string | null;
modify_profile: boolean;
nix_build_group_id: number | null;
nix_build_group_name: string | null;
nix_build_user_base: number | null;
nix_build_user_count: number | null;
nix_build_user_prefix: string | null;
planner: string | null;
reinstall: boolean;
start_daemon: boolean;
diagnostic_endpoint: string | null;
trust_runner_user: boolean | null;
nix_installer_url: URL;
// Connects the installation diagnostic report to the post-run diagnostic report.
// This is for monitoring the real impact of Nix updates, to avoid breaking large
// swaths of users at once with botched Nix releases. For example:
// https://github.com/NixOS/nix/issues/9052.
correlation: string | undefined;
constructor() {
this.platform = get_nix_platform();
this.nix_package_url = action_input_string_or_null("nix-package-url");
this.backtrace = action_input_string_or_null("backtrace");
this.extra_args = action_input_string_or_null("extra-args");
this.extra_conf = action_input_multiline_string_or_null("extra-conf");
this.flakehub = action_input_bool("flakehub");
this.github_token = action_input_string_or_null("github-token");
this.init = action_input_string_or_null("init");
this.local_root = action_input_string_or_null("local-root");
this.log_directives = action_input_string_or_null("log-directives");
this.logger = action_input_string_or_null("logger");
this.ssl_cert_file = action_input_string_or_null("ssl-cert-file");
this.proxy = action_input_string_or_null("proxy");
this.mac_case_sensitive = action_input_string_or_null("mac-case-sensitive");
this.mac_encrypt = action_input_string_or_null("mac-encrypt");
this.mac_root_disk = action_input_string_or_null("mac-root-disk");
this.mac_volume_label = action_input_string_or_null("mac-volume-label");
this.modify_profile = action_input_bool("modify-profile");
this.nix_build_group_id = action_input_number_or_null("nix-build-group-id");
this.nix_build_group_name = action_input_string_or_null(
"nix-build-group-name",
);
this.nix_build_user_base = action_input_number_or_null(
"nix_build-user-base",
);
this.nix_build_user_count = action_input_number_or_null(
"nix-build-user-count",
);
this.nix_build_user_prefix = action_input_string_or_null(
"nix-build-user-prefix",
);
this.planner = action_input_string_or_null("planner");
this.reinstall = action_input_bool("reinstall");
this.start_daemon = action_input_bool("start-daemon");
this.diagnostic_endpoint = action_input_string_or_null(
"diagnostic-endpoint",
);
this.trust_runner_user = action_input_bool("trust-runner-user");
this.correlation = process.env["STATE_correlation"];
this.nix_installer_url = resolve_nix_installer_url(
this.platform,
this.correlation,
);
}
private async executionEnvironment(): Promise<ExecuteEnvironment> {
const execution_env: ExecuteEnvironment = {};
execution_env.NIX_INSTALLER_NO_CONFIRM = "true";
execution_env.NIX_INSTALLER_DIAGNOSTIC_ATTRIBUTION = this.correlation;
if (this.backtrace !== null) {
execution_env.RUST_BACKTRACE = this.backtrace;
}
if (this.modify_profile !== null) {
if (this.modify_profile) {
execution_env.NIX_INSTALLER_MODIFY_PROFILE = "true";
} else {
execution_env.NIX_INSTALLER_MODIFY_PROFILE = "false";
}
}
if (this.nix_build_group_id !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_GROUP_ID = `${this.nix_build_group_id}`;
}
if (this.nix_build_group_name !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_GROUP_NAME =
this.nix_build_group_name;
}
if (this.nix_build_user_prefix !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_USER_PREFIX =
this.nix_build_user_prefix;
}
if (this.nix_build_user_count !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_USER_COUNT = `${this.nix_build_user_count}`;
}
if (this.nix_build_user_base !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nix_build_user_count}`;
}
if (this.nix_package_url !== null) {
execution_env.NIX_INSTALLER_NIX_PACKAGE_URL = `${this.nix_package_url}`;
}
if (this.proxy !== null) {
execution_env.NIX_INSTALLER_PROXY = this.proxy;
}
if (this.ssl_cert_file !== null) {
execution_env.NIX_INSTALLER_SSL_CERT_FILE = this.ssl_cert_file;
}
if (this.diagnostic_endpoint !== null) {
execution_env.NIX_INSTALLER_DIAGNOSTIC_ENDPOINT =
this.diagnostic_endpoint;
}
// TODO: Error if the user uses these on not-MacOS
if (this.mac_encrypt !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error("`mac-encrypt` while `$RUNNER_OS` was not `macOS`");
}
execution_env.NIX_INSTALLER_ENCRYPT = this.mac_encrypt;
}
if (this.mac_case_sensitive !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error(
"`mac-case-sensitive` while `$RUNNER_OS` was not `macOS`",
);
}
execution_env.NIX_INSTALLER_CASE_SENSITIVE = this.mac_case_sensitive;
}
if (this.mac_volume_label !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error(
"`mac-volume-label` while `$RUNNER_OS` was not `macOS`",
);
}
execution_env.NIX_INSTALLER_VOLUME_LABEL = this.mac_volume_label;
}
if (this.mac_root_disk !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error("`mac-root-disk` while `$RUNNER_OS` was not `macOS`");
}
execution_env.NIX_INSTALLER_ROOT_DISK = this.mac_root_disk;
}
if (this.logger !== null) {
execution_env.NIX_INSTALLER_LOGGER = this.logger;
}
if (this.log_directives !== null) {
execution_env.NIX_INSTALLER_LOG_DIRECTIVES = this.log_directives;
}
// TODO: Error if the user uses these on MacOS
if (this.init !== null) {
if (process.env.RUNNER_OS === "macOS") {
throw new Error(
"`init` is not a valid option when `$RUNNER_OS` is `macOS`",
);
}
execution_env.NIX_INSTALLER_INIT = this.init;
}
if (this.start_daemon !== null) {
if (this.start_daemon) {
execution_env.NIX_INSTALLER_START_DAEMON = "true";
} else {
execution_env.NIX_INSTALLER_START_DAEMON = "false";
}
}
let extra_conf = "";
if (this.github_token !== null) {
extra_conf += `access-tokens = github.com=${this.github_token}`;
extra_conf += "\n";
}
if (this.trust_runner_user !== null) {
extra_conf += `trusted-users = root ${process.env.USER}`;
extra_conf += "\n";
}
if (this.flakehub) {
extra_conf += `netrc-file = ${await this.flakehub_login()}`;
extra_conf += "\n";
}
if (this.extra_conf !== null && this.extra_conf.length !== 0) {
extra_conf += this.extra_conf.join("\n");
extra_conf += "\n";
}
execution_env.NIX_INSTALLER_EXTRA_CONF = extra_conf;
if (process.env.ACT && !process.env.NOT_ACT) {
actions_core.info(
"Detected `$ACT` environment, assuming this is a https://github.com/nektos/act created container, set `NOT_ACT=true` to override this. This will change the setting of the `init` to be compatible with `act`",
);
execution_env.NIX_INSTALLER_INIT = "none";
}
return execution_env;
}
private async execute_install(binary_path: string): Promise<number> {
const execution_env = await this.executionEnvironment();
actions_core.info(
`Execution environment: ${JSON.stringify(execution_env, null, 4)}`,
);
const args = ["install"];
if (this.planner) {
args.push(this.planner);
} else {
args.push(get_default_planner());
}
if (this.extra_args) {
const extra_args = stringArgv(this.extra_args);
args.concat(extra_args);
}
const merged_env = {
...process.env, // To get $PATH, etc
...execution_env,
};
const spawned = spawn(`${binary_path}`, args, {
env: merged_env,
});
spawned.stdout.setEncoding("utf-8");
spawned.stdout.on("data", (data) => {
const trimmed = data.trimEnd();
if (trimmed.length >= 0) {
actions_core.info(trimmed);
}
});
spawned.stderr.setEncoding("utf-8");
spawned.stderr.on("data", (data) => {
const trimmed = data.trimEnd();
if (trimmed.length >= 0) {
actions_core.info(trimmed);
}
});
const exit_code: number = await new Promise((resolve, _reject) => {
spawned.on("close", resolve);
});
if (exit_code !== 0) {
throw new Error(`Non-zero exit code of \`${exit_code}\` detected`);
}
return exit_code;
}
async install(): Promise<void> {
const existing_install = await this.detect_existing();
if (existing_install) {
if (this.reinstall) {
// We need to uninstall, then reinstall
actions_core.info(
"Nix was already installed, `reinstall` is set, uninstalling for a reinstall",
);
await this.execute_uninstall();
} else {
// We're already installed, and not reinstalling, just set GITHUB_PATH and finish early
await this.set_github_path();
actions_core.info("Nix was already installed, using existing install");
return;
}
}
// Normal just doing of the install
const binary_path = await this.fetch_binary();
await this.execute_install(binary_path);
await this.set_github_path();
}
async set_github_path(): Promise<void> {
// Interim versions of the `nix-installer` crate may have already manipulated `$GITHUB_PATH`, as root even! Accessing that will be an error.
try {
const nix_var_nix_profile_path = "/nix/var/nix/profiles/default/bin";
const home_nix_profile_path = `${process.env.HOME}/.nix-profile/bin`;
actions_core.addPath(nix_var_nix_profile_path);
actions_core.addPath(home_nix_profile_path);
actions_core.info(
`Added \`${nix_var_nix_profile_path}\` and \`${home_nix_profile_path}\` to \`$GITHUB_PATH\``,
);
} catch (error) {
actions_core.info(
"Skipping setting $GITHUB_PATH in action, the `nix-installer` crate seems to have done this already. From `nix-installer` version 0.11.0 and up, this step is done in the action. Prior to 0.11.0, this was only done in the `nix-installer` binary.",
);
}
}
async flakehub_login(): Promise<string> {
const netrc_path = `${process.env["RUNNER_TEMP"]}/determinate-nix-installer-netrc`;
const jwt = await actions_core.getIDToken("api.flakehub.com");
await writeFile(
netrc_path,
[
`machine api.flakehub.com login flakehub password ${jwt}`,
`machine flakehub.com login flakehub password ${jwt}`,
].join("\n"),
);
actions_core.info("Logging in to FlakeHub.");
// the join followed by a match on ^... looks silly, but extra_config
// could contain multi-line values
if (this.extra_conf?.join("\n").match(/^netrc-file/m)) {
actions_core.warning(
"Logging in to FlakeHub conflicts with the Nix option `netrc-file`.",
);
}
return netrc_path;
}
async execute_uninstall(): Promise<number> {
const spawned = spawn(`/nix/nix-installer`, ["uninstall"], {
env: {
NIX_INSTALLER_NO_CONFIRM: "true",
...process.env, // To get $PATH, etc
},
});
spawned.stdout.setEncoding("utf-8");
spawned.stdout.on("data", (data) => {
const trimmed = data.trimEnd();
if (trimmed.length >= 0) {
actions_core.info(trimmed);
}
});
spawned.stderr.setEncoding("utf-8");
spawned.stderr.on("data", (data) => {
const trimmed = data.trimEnd();
if (trimmed.length >= 0) {
actions_core.info(trimmed);
}
});
const exit_code: number = await new Promise((resolve, _reject) => {
spawned.on("close", resolve);
});
if (exit_code !== 0) {
throw new Error(`Non-zero exit code of \`${exit_code}\` detected`);
}
return exit_code;
}
async detect_existing(): Promise<boolean> {
const receipt_path = "/nix/receipt.json";
try {
await access(receipt_path);
// There is a /nix/receipt.json
return true;
} catch {
// No /nix/receipt.json
return false;
}
}
private async fetch_binary(): Promise<string> {
if (!this.local_root) {
actions_core.info(`Fetching binary from ${this.nix_installer_url}`);
const response = await fetch(this.nix_installer_url);
if (!response.ok) {
throw new Error(
`Got a status of ${response.status} from \`${this.nix_installer_url}\`, expected a 200`,
);
}
const tempdir = await mkdtemp(join(tmpdir(), "nix-installer-"));
const tempfile = join(tempdir, `nix-installer-${this.platform}`);
if (!response.ok) {
throw new Error(`unexpected response ${response.statusText}`);
}
if (response.body !== null) {
const streamPipeline = promisify(pipeline);
await streamPipeline(response.body, fs.createWriteStream(tempfile));
actions_core.info(`Downloaded \`nix-installer\` to \`${tempfile}\``);
} else {
throw new Error("No response body recieved");
}
// Make executable
await chmod(tempfile, fs.constants.S_IXUSR | fs.constants.S_IXGRP);
return tempfile;
} else {
const local_path = join(
this.local_root,
`nix-installer-${this.platform}`,
);
actions_core.info(`Using binary ${local_path}`);
return local_path;
}
}
async report_overall(): Promise<void> {
if (this.diagnostic_endpoint == null) {
return;
}
try {
await fetch(this.diagnostic_endpoint, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
"post-github-workflow-run-report": true,
correlation: this.correlation,
conclusion: await this.get_workflow_conclusion(),
}),
});
} catch (error) {
actions_core.debug(
`Error submitting post-run diagnostics report: ${error}`,
);
}
}
private async get_workflow_conclusion(): Promise<
undefined | "success" | "failure" | "cancelled" | "unavailable" | "no-jobs"
> {
if (this.github_token == null) {
return undefined;
}
try {
const octokit = github.getOctokit(this.github_token);
const jobs = await octokit.paginate(
octokit.rest.actions.listJobsForWorkflowRun,
{
owner: github.context.repo.owner,
repo: github.context.repo.repo,
run_id: github.context.runId,
},
);
actions_core.debug(`awaited jobs: ${jobs}`);
const job = jobs
.filter((candidate) => candidate.name === github.context.job)
.at(0);
if (job === undefined) {
return "no-jobs";
}
const outcomes = (job.steps || []).map((j) => j.conclusion || "unknown");
// Possible values: success, failure, cancelled, or skipped
// from: https://docs.github.com/en/actions/learn-github-actions/contexts
if (outcomes.includes("failure")) {
// Any failures fails the job
return "failure";
}
if (outcomes.includes("cancelled")) {
// Any cancellations cancels the job
return "cancelled";
}
// Assume success if no jobs failed or were canceled
return "success";
} catch (error) {
actions_core.debug(`Error determining final disposition: ${error}`);
return "unavailable";
}
}
}
type ExecuteEnvironment = {
// All env vars are strings, no fanciness here.
RUST_BACKTRACE?: string;
NIX_INSTALLER_MODIFY_PROFILE?: string;
NIX_INSTALLER_NIX_BUILD_GROUP_NAME?: string;
NIX_INSTALLER_NIX_BUILD_GROUP_ID?: string;
NIX_INSTALLER_NIX_BUILD_USER_PREFIX?: string;
NIX_INSTALLER_NIX_BUILD_USER_COUNT?: string;
NIX_INSTALLER_NIX_BUILD_USER_ID_BASE?: string;
NIX_INSTALLER_NIX_PACKAGE_URL?: string;
NIX_INSTALLER_PROXY?: string;
NIX_INSTALLER_SSL_CERT_FILE?: string;
NIX_INSTALLER_DIAGNOSTIC_ENDPOINT?: string;
NIX_INSTALLER_DIAGNOSTIC_ATTRIBUTION?: string;
NIX_INSTALLER_ENCRYPT?: string;
NIX_INSTALLER_CASE_SENSITIVE?: string;
NIX_INSTALLER_VOLUME_LABEL?: string;
NIX_INSTALLER_ROOT_DISK?: string;
NIX_INSTALLER_INIT?: string;
NIX_INSTALLER_START_DAEMON?: string;
NIX_INSTALLER_NO_CONFIRM?: string;
NIX_INSTALLER_EXTRA_CONF?: string;
NIX_INSTALLER_LOG_DIRECTIVES?: string;
NIX_INSTALLER_LOGGER?: string;
};
function get_nix_platform(): string {
const env_os = process.env.RUNNER_OS;
const env_arch = process.env.RUNNER_ARCH;
if (env_os === "macOS" && env_arch === "X64") {
return "x86_64-darwin";
} else if (env_os === "macOS" && env_arch === "ARM64") {
return "aarch64-darwin";
} else if (env_os === "Linux" && env_arch === "X64") {
return "x86_64-linux";
} else if (env_os === "Linux" && env_arch === "ARM64") {
return "aarch64-linux";
} else {
throw new Error(
`Unsupported \`RUNNER_OS\` (currently \`${env_os}\`) and \`RUNNER_ARCH\` (currently \`${env_arch}\`) combination`,
);
}
}
function get_default_planner(): string {
const env_os = process.env.RUNNER_OS;
if (env_os === "macOS") {
return "macos";
} else if (env_os === "Linux") {
return "linux";
} else {
throw new Error(`Unsupported \`RUNNER_OS\` (currently \`${env_os}\`)`);
}
}
function resolve_nix_installer_url(
platform: string,
correlation?: string,
): URL {
// Only one of these are allowed.
const nix_installer_branch = action_input_string_or_null(
"nix-installer-branch",
);
const nix_installer_pr = action_input_number_or_null("nix-installer-pr");
const nix_installer_revision = action_input_string_or_null(
"nix-installer-revision",
);
const nix_installer_tag = action_input_string_or_null("nix-installer-tag");
const nix_installer_url = action_input_string_or_null("nix-installer-url");
const url_suffix = `ci=github&correlation=${correlation}`;
let resolved_nix_installer_url = null;
let num_set = 0;
if (nix_installer_branch !== null) {
num_set += 1;
resolved_nix_installer_url = new URL(
`https://install.determinate.systems/nix/branch/${nix_installer_branch}/nix-installer-${platform}?${url_suffix}`,
);
} else if (nix_installer_pr !== null) {
num_set += 1;
resolved_nix_installer_url = new URL(
`https://install.determinate.systems/nix/pr/${nix_installer_pr}/nix-installer-${platform}?${url_suffix}`,
);
} else if (nix_installer_revision !== null) {
num_set += 1;
resolved_nix_installer_url = new URL(
`https://install.determinate.systems/nix/rev/${nix_installer_revision}/nix-installer-${platform}?${url_suffix}`,
);
} else if (nix_installer_tag !== null) {
num_set += 1;
resolved_nix_installer_url = new URL(
`https://install.determinate.systems/nix/tag/${nix_installer_tag}/nix-installer-${platform}?${url_suffix}`,
);
} else if (nix_installer_url !== null) {
num_set += 1;
resolved_nix_installer_url = new URL(nix_installer_url);
} else {
resolved_nix_installer_url = new URL(
`https://install.determinate.systems/nix/nix-installer-${platform}?${url_suffix}`,
);
}
if (num_set > 1) {
throw new Error(
`The following options are mututally exclusive, but ${num_set} were set: \`nix_installer_branch\`, \`nix_installer_pr\`, \`nix_installer_revision\`, \`nix_installer_tag\`, and \`nix_installer_url\``,
);
}
return resolved_nix_installer_url;
}
function action_input_string_or_null(name: string): string | null {
const value = actions_core.getInput(name);
if (value === "") {
return null;
} else {
return value;
}
}
function action_input_multiline_string_or_null(name: string): string[] | null {
const value = actions_core.getMultilineInput(name);
if (value.length === 0) {
return null;
} else {
return value;
}
}
function action_input_number_or_null(name: string): number | null {
const value = actions_core.getInput(name);
if (value === "") {
return null;
} else {
return Number(value);
}
}
function action_input_bool(name: string): boolean {
return actions_core.getBooleanInput(name);
}
async function main(): Promise<void> {
try {
if (!process.env["STATE_correlation"]) {
const correlation = `GH-${randomUUID()}`;
actions_core.saveState("correlation", correlation);
process.env["STATE_correlation"] = correlation;
}
const installer = new NixInstallerAction();
const isPost = !!process.env["STATE_isPost"];
if (!isPost) {
actions_core.saveState("isPost", "true");
await installer.install();
} else {
installer.report_overall();
}
} catch (error) {
if (error instanceof Error) actions_core.setFailed(error);
}
}
main();
tsconfig.json
+14 -14
View File
@@ -1,15 +1,15 @@
{
"compilerOptions": {
"target": "es6", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
"module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
"outDir": "./lib", /* Redirect output structure to the directory. */
"rootDir": "./src", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
"strict": true, /* Enable all strict type-checking options. */
"noImplicitAny": true, /* Raise error on expressions and declarations with an implied 'any' type. */
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
},
"exclude": [
"node_modules",
"**/*.test.ts"
]
}
"compilerOptions": {
"target": "ES2020" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */,
"module": "Node16",
"moduleResolution": "NodeNext",
"outDir": "./dist",
"rootDir": "./src",
"strict": true /* Enable all strict type-checking options. */,
"noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
"esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
"resolveJsonModule": true,
"declaration": true
},
"exclude": ["node_modules", "**/*.test.ts", "dist"]
}
tsup.config.ts
+15
View File
@@ -0,0 +1,15 @@
import { defineConfig } from "tsup";
import { name } from "./package.json";
export default defineConfig({
name,
entry: ["src/index.ts"],
format: ["esm"],
target: "node20",
bundle: true,
splitting: false,
clean: true,
dts: {
resolve: true,
},
});