Make our Nix installation immune to macOS upgrades (#672) #1723
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: [main] | |
jobs: | |
lints: | |
name: Lints | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check Nixpkgs input | |
uses: DeterminateSystems/flake-checker-action@main | |
with: | |
fail-mode: true | |
check-outdated: false # PRs shouldn't fail because main's nixpkgs is out of date | |
- name: Install Nix | |
uses: DeterminateSystems/nix-installer-action@main | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- name: Check rustfmt | |
run: nix develop --command check-rustfmt | |
- name: Check Clippy | |
run: nix develop --command check-clippy | |
- name: Check Spelling | |
run: nix develop --command check-spelling | |
- name: Check nixpkgs-fmt formatting | |
run: nix develop --command check-nixpkgs-fmt | |
- name: Check EditorConfig conformance | |
run: nix develop --command check-editorconfig | |
- name: Download Buildkite Artifacts | |
uses: EnricoMi/[email protected] | |
with: | |
buildkite_token: ${{ secrets.BUILDKITE_TOKEN }} | |
output_path: artifacts | |
- name: Output list of Buildkite artifacts | |
run: | | |
ls -lah artifacts/ | |
ls -lah artifacts/**/* | |
# Mac's can't run this action, so we're forced to do this. | |
- name: Create Github cache from Buildkite artifacts | |
id: cache-buildkite-artifacts | |
uses: actions/cache/save@v3 | |
with: | |
path: artifacts | |
key: buildkite-artifacts-${{ github.sha }} | |
run-x86_64-linux: | |
name: Run x86_64 Linux | |
runs-on: ubuntu-22.04 | |
needs: [lints] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Restore Github cache of Buildkite artifacts | |
id: cache-buildkite-artifacts | |
uses: actions/cache/restore@v3 | |
with: | |
path: artifacts | |
key: buildkite-artifacts-${{ github.sha }} | |
- run: sudo apt install fish zsh | |
- name: Move & set executable | |
run: | | |
mkdir install-root | |
cp nix-installer.sh install-root/nix-installer.sh | |
mv ./artifacts/nix-installer-x86_64-linux-*/* install-root/nix-installer-x86_64-linux | |
chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh | |
- name: Initial install | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
local-root: install-root/ | |
logger: pretty | |
log-directives: nix_installer=debug | |
backtrace: full | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Initial uninstall (without a `nix run` first) | |
run: sudo -E /nix/nix-installer uninstall | |
env: | |
NIX_INSTALLER_NO_CONFIRM: true | |
NIX_INSTALLER_LOGGER: pretty | |
NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
RUST_BACKTRACE: full | |
- name: Ensure `nix` is removed | |
run: | | |
if systemctl is-active nix-daemon.socket; then | |
echo "nix-daemon.socket was still running" | |
exit 1 | |
fi | |
if systemctl is-active nix-daemon.service; then | |
echo "nix-daemon.service was still running" | |
exit 1 | |
fi | |
if [ -e /nix ]; then | |
echo "/nix exists" | |
exit 1 | |
fi | |
- name: Repeated install | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
local-root: install-root/ | |
logger: pretty | |
log-directives: nix_installer=debug | |
backtrace: full | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: echo $PATH | |
run: echo $PATH | |
- name: Test `nix` with `$GITHUB_PATH` | |
if: success() || failure() | |
run: | | |
nix run nixpkgs#hello | |
nix profile install nixpkgs#hello | |
hello | |
nix store gc | |
nix run nixpkgs#hello | |
- name: Test bash | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: bash --login {0} | |
- name: Test sh | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: sh -l {0} | |
- name: Test zsh | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: zsh --login --interactive {0} | |
- name: Test fish | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: fish --login {0} | |
- name: Repeated uninstall | |
run: sudo -E /nix/nix-installer uninstall | |
env: | |
NIX_INSTALLER_NO_CONFIRM: true | |
NIX_INSTALLER_LOGGER: pretty | |
NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
RUST_BACKTRACE: full | |
- name: Ensure `nix` is removed | |
run: | | |
if systemctl is-active nix-daemon.socket; then | |
echo "nix-daemon.socket was still running" | |
exit 1 | |
fi | |
if systemctl is-active nix-daemon.service; then | |
echo "nix-daemon.service was still running" | |
exit 1 | |
fi | |
if [ -e /nix ]; then | |
echo "/nix exists" | |
exit 1 | |
fi | |
run-x86_64-linux-no-init: | |
name: Run x86_64 Linux (No init) | |
runs-on: ubuntu-22.04 | |
needs: [lints] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Restore Github cache of Buildkite artifacts | |
id: cache-buildkite-artifacts | |
uses: actions/cache/restore@v3 | |
with: | |
path: artifacts | |
key: buildkite-artifacts-${{ github.sha }} | |
- run: sudo apt install fish zsh | |
- name: Move & set executable | |
run: | | |
mkdir install-root | |
cp nix-installer.sh install-root/nix-installer.sh | |
mv ./artifacts/nix-installer-x86_64-linux-*/* install-root/nix-installer-x86_64-linux | |
chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh | |
- name: Initial install | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
init: none | |
planner: linux | |
local-root: install-root/ | |
logger: pretty | |
log-directives: nix_installer=debug | |
backtrace: full | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Ensure daemon was not configured with init | |
run: | | |
if systemctl is-active nix-daemon.socket; then | |
echo "nix-daemon.socket was running" | |
exit 1 | |
fi | |
if systemctl is-active nix-daemon.service; then | |
echo "nix-daemon.service was running" | |
exit 1 | |
fi | |
- name: Initial uninstall (without a `nix run` first) | |
run: sudo -E /nix/nix-installer uninstall | |
env: | |
NIX_INSTALLER_NO_CONFIRM: true | |
NIX_INSTALLER_LOGGER: pretty | |
NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
RUST_BACKTRACE: full | |
- name: Ensure `nix` is removed | |
run: | | |
if [ -e /nix ]; then | |
echo "/nix exists" | |
exit 1 | |
fi | |
- name: Repeated install | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
init: none | |
planner: linux | |
local-root: install-root/ | |
logger: pretty | |
log-directives: nix_installer=debug | |
backtrace: full | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- name: echo $PATH | |
run: echo $PATH | |
- name: Test `nix` with `$GITHUB_PATH` | |
if: success() || failure() | |
run: | | |
sudo -i nix run nixpkgs#hello | |
sudo -i nix profile install nixpkgs#hello | |
hello | |
sudo -i nix store gc | |
sudo -i nix run nixpkgs#hello | |
- name: Test bash | |
run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: bash --login {0} | |
- name: Test sh | |
run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: sh -l {0} | |
- name: Test zsh | |
run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: zsh --login --interactive {0} | |
- name: Test fish | |
run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: fish --login {0} | |
- name: Repeated uninstall | |
run: sudo -E /nix/nix-installer uninstall | |
env: | |
NIX_INSTALLER_NO_CONFIRM: true | |
NIX_INSTALLER_LOGGER: pretty | |
NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
RUST_BACKTRACE: full | |
- name: Ensure `nix` is removed | |
run: | | |
if systemctl is-active nix-daemon.socket; then | |
echo "nix-daemon.socket was running" | |
exit 1 | |
fi | |
if systemctl is-active nix-daemon.service; then | |
echo "nix-daemon.service was running" | |
exit 1 | |
fi | |
if [ -e /nix ]; then | |
echo "/nix exists" | |
exit 1 | |
fi | |
run-x86_64-darwin: | |
name: Run x86_64 Darwin | |
runs-on: macos-12 | |
needs: [lints] | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Restore Github cache of Buildkite artifacts | |
id: cache-buildkite-artifacts | |
uses: actions/cache/restore@v3 | |
with: | |
path: artifacts | |
key: buildkite-artifacts-${{ github.sha }} | |
- run: brew install fish coreutils | |
- name: Move & set executable | |
run: | | |
mkdir install-root | |
cp nix-installer.sh install-root/nix-installer.sh | |
mv ./artifacts/nix-installer-x86_64-darwin-*/* install-root/nix-installer-x86_64-darwin | |
chmod +x install-root/nix-installer-x86_64-darwin install-root/nix-installer.sh | |
- name: Initial install | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
local-root: install-root/ | |
logger: pretty | |
log-directives: nix_installer=debug | |
backtrace: full | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
extra-conf: | | |
trusted-users = root runner | |
- name: Initial uninstall (without a `nix run` first) | |
run: sudo -E /nix/nix-installer uninstall | |
env: | |
NIX_INSTALLER_NO_CONFIRM: true | |
NIX_INSTALLER_LOGGER: pretty | |
NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
RUST_BACKTRACE: full | |
- name: Repeated install | |
uses: DeterminateSystems/nix-installer-action@main | |
with: | |
local-root: install-root/ | |
logger: pretty | |
log-directives: nix_installer=debug | |
backtrace: full | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
extra-conf: trusted-users = root runner | |
- name: echo $PATH | |
run: echo $PATH | |
- name: Test `nix` with `$GITHUB_PATH` | |
if: success() || failure() | |
run: | | |
nix run nixpkgs#hello | |
nix profile install nixpkgs#hello | |
hello | |
nix store gc | |
nix run nixpkgs#hello | |
- name: Test bash | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: bash --login {0} | |
- name: Test sh | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: sh -l {0} | |
- name: Test zsh | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: zsh --login --interactive {0} | |
- name: Test fish | |
run: nix-instantiate -E 'builtins.currentTime' --eval | |
if: success() || failure() | |
shell: fish --login {0} | |
- name: Repeated uninstall | |
run: sudo -E /nix/nix-installer uninstall | |
env: | |
NIX_INSTALLER_NO_CONFIRM: true | |
NIX_INSTALLER_LOGGER: pretty | |
NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
RUST_BACKTRACE: full |