From ea9fbba63305ca975305b9a758724693b6abfbe1 Mon Sep 17 00:00:00 2001 From: tomberek Date: Tue, 5 Dec 2023 12:41:44 -0500 Subject: [PATCH 1/5] fix: skip installing if Nix is present (#44) ci: a test with install-nix-action ci: check for flox before checking flox version ci: debug configure-aws.sh fix: skip extracting NIX_SSL_CERT_FILE --- .github/workflows/ci.yml | 82 +++++++++++++++++++++++++++++++++------- badges/coverage.svg | 2 +- dist/index.js | 12 +++++- scripts/configure-aws.sh | 6 ++- src/main.js | 12 +++++- 5 files changed, 93 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7e12957..365fd24 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,20 +18,20 @@ jobs: test-javascript: name: "JavaScript Tests" runs-on: ${{ matrix.os }} - + strategy: matrix: os: - "ubuntu-latest" - "macos-latest" - + steps: - name: "Checkout" uses: actions/checkout@v4 - + - name: "Install Nix" uses: cachix/install-nix-action@v24 - + - name: "Cache Dependencies" id: cache uses: actions/cache@8070854e57d983bdd2887b0a708ad985f77398ab @@ -45,24 +45,24 @@ jobs: npm-feature-${{ matrix.os }}- npm-feature- npm- - + - name: "Install Dependencies" if: steps.cache.outputs.cache-hit != 'true' run: nix develop --command npm ci - + - name: "Check Format" run: nix develop --command npm run format:check - + - name: "Lint" run: nix develop --command npm run lint - + - name: "Test" run: nix develop --command npm run ci-test - + test-minimal-action: name: "Minimal - Github Action Test" runs-on: ${{ matrix.os }} - + strategy: matrix: os: @@ -72,16 +72,16 @@ jobs: #flox-version: # - stable # - prerelease - + steps: - name: "Checkout" uses: actions/checkout@v4 - + - name: "Test Local Action" uses: ./ with: github-access-token: ${{ secrets.NIX_GIT_TOKEN }} - + - name: "Build Example" env: # XXX: This is needed until we are in this limbo state and our "new" ui is @@ -90,10 +90,59 @@ jobs: run: | cd example flox build --no-write-lock-file - + test-all-action: name: "All - Github Action Test" runs-on: ${{ matrix.os }} + + strategy: + matrix: + os: + - "ubuntu-latest" + - "macos-latest" + + steps: + - name: "Checkout" + uses: actions/checkout@v4 + + - name: "Setup Tailscale" + if: ${{ runner.os == 'Linux' }} + uses: tailscale/github-action@v2 + with: + args: "--timeout 30s --login-server ${{ vars.TAILSCALE_URL }}" + tags: tag:ci + authkey: "${{ secrets.TAILSCALE_AUTH_KEY }}" + + - name: "Test Local Action" + uses: ./ + with: + github-access-token: ${{ secrets.NIX_GIT_TOKEN }} + substituter: s3://flox-store + substituter-key: ${{ secrets.FLOX_STORE_PUBLIC_NIX_SECRET_KEY }} + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + ssh-key: ${{ secrets.FLOXBOT_SSH_KEY }} + remote-builders: ${{ runner.os == 'Linux' && secrets.FLOX_BUILDERS || '' }} + + - name: "Test Remote Builders" + if: ${{ runner.os == 'Linux' }} + env: + # XXX: This is needed until we are in this limbo state and our "new" ui is + # not ready yet + FLOX_BASH_PASSTHRU: true + run: | + export NIX_CONFIG="experimental-features = nix-command flakes" + RAND=$RANDOM + nix build -L --impure --expr '(with import { system = "x86_64-linux"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' + nix build -L --impure --expr '(with import { system = "aarch64-linux"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' + nix build -L --impure --expr '(with import { system = "x86_64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' + nix build -L --impure --expr '(with import { system = "aarch64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' + cd example + flox build --no-write-lock-file + + test-nix-action: + name: "All - test integration with Nix" + runs-on: ${{ matrix.os }} strategy: matrix: @@ -105,6 +154,11 @@ jobs: - name: "Checkout" uses: actions/checkout@v4 + - name: "Install Nix" + uses: "cachix/install-nix-action@v24" + with: + nix_path: nixpkgs=channel:nixos-unstable + - name: "Setup Tailscale" if: ${{ runner.os == 'Linux' }} uses: tailscale/github-action@v2 diff --git a/badges/coverage.svg b/badges/coverage.svg index 20b5b30..fa25f9b 100644 --- a/badges/coverage.svg +++ b/badges/coverage.svg @@ -1 +1 @@ -Coverage: 6.66%Coverage6.66% \ No newline at end of file +Coverage: 6.34%Coverage6.34% \ No newline at end of file diff --git a/dist/index.js b/dist/index.js index 82c1fed..0f1ecf0 100644 --- a/dist/index.js +++ b/dist/index.js @@ -82247,8 +82247,16 @@ async function run() { await exec.exec('bash', ['-c', utils.SCRIPTS.restartNixDaemon]) core.endGroup() - core.startGroup('Checking Flox Version') - await exec.exec('flox', ['--version']) + const flox = await which('flox', { nothrow: true }) + if (flox !== null) { + core.startGroup('Checking Flox Version') + await exec.exec('flox', ['--version']) + core.endGroup() + } + + core.startGroup('Checking Nix Version') + await exec.exec('nix', ['--version']) + await exec.exec('nix', ['store', 'ping']) core.endGroup() core.startGroup('Record Nix Store Paths') diff --git a/scripts/configure-aws.sh b/scripts/configure-aws.sh index 833be7a..d81b4de 100755 --- a/scripts/configure-aws.sh +++ b/scripts/configure-aws.sh @@ -31,9 +31,11 @@ if [[ "$RUNNER_OS" == "Linux" ]]; then "Environment=AWS_SECRET_ACCESS_KEY=${INPUT_AWS_SECRET_ACCESS_KEY}" | sudo tee -a /etc/systemd/system/nix-daemon.service.d/aws-credentials.conf >/dev/null elif [[ "$RUNNER_OS" == "macOS" ]]; then - NIX_SSL_CERT_FILE="$(sudo plutil -extract EnvironmentVariables.NIX_SSL_CERT_FILE raw /Library/LaunchDaemons/org.nixos.nix-daemon.plist)" + : { - echo "NIX_SSL_CERT_FILE=$NIX_SSL_CERT_FILE" + if NIX_SSL_CERT_FILE="$(sudo plutil -extract EnvironmentVariables.NIX_SSL_CERT_FILE raw /Library/LaunchDaemons/org.nixos.nix-daemon.plist)" ; then + echo "NIX_SSL_CERT_FILE=$NIX_SSL_CERT_FILE" + fi echo "SSL_CERT_FILE=$NIX_SSL_CERT_FILE" } >>"${GITHUB_ENV}" sudo plutil \ diff --git a/src/main.js b/src/main.js index ab6beab..f12f838 100644 --- a/src/main.js +++ b/src/main.js @@ -67,8 +67,16 @@ export async function run() { await exec.exec('bash', ['-c', utils.SCRIPTS.restartNixDaemon]) core.endGroup() - core.startGroup('Checking Flox Version') - await exec.exec('flox', ['--version']) + const flox = await which('flox', { nothrow: true }) + if (flox !== null) { + core.startGroup('Checking Flox Version') + await exec.exec('flox', ['--version']) + core.endGroup() + } + + core.startGroup('Checking Nix Version') + await exec.exec('nix', ['--version']) + await exec.exec('nix', ['store', 'ping']) core.endGroup() core.startGroup('Record Nix Store Paths') From 3dcc43869b4ef1b73bdd5e50e188d0acae01f26b Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Tue, 5 Dec 2023 13:41:37 -0500 Subject: [PATCH 2/5] fix: use exp for nix installations that do not have it by default --- dist/index.js | 7 ++++++- src/main.js | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/dist/index.js b/dist/index.js index 0f1ecf0..fce2978 100644 --- a/dist/index.js +++ b/dist/index.js @@ -82256,7 +82256,12 @@ async function run() { core.startGroup('Checking Nix Version') await exec.exec('nix', ['--version']) - await exec.exec('nix', ['store', 'ping']) + await exec.exec('nix', [ + 'store', + 'ping', + '--extra-experimental-features', + 'nix-command' + ]) core.endGroup() core.startGroup('Record Nix Store Paths') diff --git a/src/main.js b/src/main.js index f12f838..2b3fb1a 100644 --- a/src/main.js +++ b/src/main.js @@ -76,7 +76,12 @@ export async function run() { core.startGroup('Checking Nix Version') await exec.exec('nix', ['--version']) - await exec.exec('nix', ['store', 'ping']) + await exec.exec('nix', [ + 'store', + 'ping', + '--extra-experimental-features', + 'nix-command' + ]) core.endGroup() core.startGroup('Record Nix Store Paths') From b01747ee7f9b2cc47505ece3fbf5c12d5e603b11 Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Tue, 5 Dec 2023 13:48:37 -0500 Subject: [PATCH 3/5] ci: test for nix usage --- .github/workflows/ci.yml | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 365fd24..10a4c6b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -83,13 +83,10 @@ jobs: github-access-token: ${{ secrets.NIX_GIT_TOKEN }} - name: "Build Example" - env: - # XXX: This is needed until we are in this limbo state and our "new" ui is - # not ready yet - FLOX_BASH_PASSTHRU: true run: | cd example - flox build --no-write-lock-file + export NIX_CONFIG="experimental-features = nix-command flakes" + nix build --no-write-lock-file test-all-action: name: "All - Github Action Test" @@ -138,7 +135,7 @@ jobs: nix build -L --impure --expr '(with import { system = "x86_64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' nix build -L --impure --expr '(with import { system = "aarch64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' cd example - flox build --no-write-lock-file + nix build --no-write-lock-file test-nix-action: name: "All - test integration with Nix" @@ -192,4 +189,4 @@ jobs: nix build -L --impure --expr '(with import { system = "x86_64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' nix build -L --impure --expr '(with import { system = "aarch64-darwin"; }; runCommand "foo-'"$RAND"'" {} "uname -mo > $out")' cd example - flox build --no-write-lock-file + nix build --no-write-lock-file From cb8796bfc7e2b8741729606441d2614025b059a7 Mon Sep 17 00:00:00 2001 From: Tom Bereknyei Date: Tue, 5 Dec 2023 14:01:47 -0500 Subject: [PATCH 4/5] ci: try both flox and nix due to incomplete nix installed via flox --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 10a4c6b..3ce53d2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -86,7 +86,8 @@ jobs: run: | cd example export NIX_CONFIG="experimental-features = nix-command flakes" - nix build --no-write-lock-file + # when installed with flox, nix can't see cacert + flox build .#default --no-write-lock-file || nix build --no-write-lock-file test-all-action: name: "All - Github Action Test" From 08fbebb876f91bdc3d7af5589127a93ed49ba367 Mon Sep 17 00:00:00 2001 From: Rok Garbas Date: Tue, 5 Dec 2023 20:28:55 +0100 Subject: [PATCH 5/5] ci: whitespace removal --- .github/workflows/ci.yml | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3ce53d2..0c50110 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,20 +18,20 @@ jobs: test-javascript: name: "JavaScript Tests" runs-on: ${{ matrix.os }} - + strategy: matrix: os: - "ubuntu-latest" - "macos-latest" - + steps: - name: "Checkout" uses: actions/checkout@v4 - + - name: "Install Nix" uses: cachix/install-nix-action@v24 - + - name: "Cache Dependencies" id: cache uses: actions/cache@8070854e57d983bdd2887b0a708ad985f77398ab @@ -45,24 +45,24 @@ jobs: npm-feature-${{ matrix.os }}- npm-feature- npm- - + - name: "Install Dependencies" if: steps.cache.outputs.cache-hit != 'true' run: nix develop --command npm ci - + - name: "Check Format" run: nix develop --command npm run format:check - + - name: "Lint" run: nix develop --command npm run lint - + - name: "Test" run: nix develop --command npm run ci-test - + test-minimal-action: name: "Minimal - Github Action Test" runs-on: ${{ matrix.os }} - + strategy: matrix: os: @@ -72,37 +72,37 @@ jobs: #flox-version: # - stable # - prerelease - + steps: - name: "Checkout" uses: actions/checkout@v4 - + - name: "Test Local Action" uses: ./ with: github-access-token: ${{ secrets.NIX_GIT_TOKEN }} - + - name: "Build Example" run: | cd example export NIX_CONFIG="experimental-features = nix-command flakes" # when installed with flox, nix can't see cacert flox build .#default --no-write-lock-file || nix build --no-write-lock-file - + test-all-action: name: "All - Github Action Test" runs-on: ${{ matrix.os }} - + strategy: matrix: os: - "ubuntu-latest" - "macos-latest" - + steps: - name: "Checkout" uses: actions/checkout@v4 - + - name: "Setup Tailscale" if: ${{ runner.os == 'Linux' }} uses: tailscale/github-action@v2 @@ -110,7 +110,7 @@ jobs: args: "--timeout 30s --login-server ${{ vars.TAILSCALE_URL }}" tags: tag:ci authkey: "${{ secrets.TAILSCALE_AUTH_KEY }}" - + - name: "Test Local Action" uses: ./ with: @@ -121,7 +121,7 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} ssh-key: ${{ secrets.FLOXBOT_SSH_KEY }} remote-builders: ${{ runner.os == 'Linux' && secrets.FLOX_BUILDERS || '' }} - + - name: "Test Remote Builders" if: ${{ runner.os == 'Linux' }} env: @@ -139,7 +139,7 @@ jobs: nix build --no-write-lock-file test-nix-action: - name: "All - test integration with Nix" + name: "Nix - test integration with Nix" runs-on: ${{ matrix.os }} strategy: