Install Nix via the action

2026-06-03 09:34:11 +02:00 · 2019-09-30 17:58:28 +02:00 · 2019-09-30 17:58:28 +02:00 · 4db446a512
commit 4db446a512
parent a6de7cd0c2
7 changed files with 131 additions and 46 deletions
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -14,9 +14,9 @@ jobs:
    - run: yarn install --frozen-lockfile
    - run: yarn build
    - run: yarn test
-    - name: Install Nix
-      run: curl https://nixos.org/nix/install | sh
-    - name: Build
+    - name: Install & Build
      uses: ./
      with:
        cachixPush: cachix-action
+        file: test.nix
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
--- a/action.yml
+++ b/action.yml
@ -9,6 +9,9 @@ inputs:
  cachixPush:
    description: 'Names of cachix caches to push (and pull/substitute)'
    required: true
+  signingKey:
+    description: 'Signing key secret retrieved after creating binary cache on https://cachix.org'
+    required: true
 branding:
  color: 'blue'
  icon: 'database'
--- a/lib/main.js
+++ b/lib/main.js
@ -18,17 +18,25 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
+const tc = __importStar(require("@actions/tool-cache"));
+const os_1 = require("os");
 const utils_1 = require("./utils");
 function run() {
    return __awaiter(this, void 0, void 0, function* () {
+        try {
            const file = core.getInput('file');
            const attributes = core.getInput('attributes');
            const cachixPush = core.getInput('cachixPush', { required: true });
+            console.log(`Installing Nix ...`);
+            const nixInstall = yield tc.downloadTool('https://nixos.org/nix/install');
+            yield exec.exec(nixInstall);
+            // required for macos
+            core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
            console.log(`Installing Cachix ...`);
-        yield exec.exec('nix-env', ['-iA', 'cachix', '-f', 'https://cachix.org/api/v1/install']);
-        // TODO: cachix watch
+            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/nix-env', ['-iA', 'cachix', '-f', 'https://cachix.org/api/v1/install']);
+            // TODO: cachix use --watch-store
            console.log(`Setting up cache ` + cachixPush + `...`);
-        yield exec.exec('cachix', ['use', cachixPush]);
+            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/cachix', ['use', cachixPush]);
            console.log(`Invoking nix-build...`);
            let paths = '';
            const options = {
@ -39,14 +47,14 @@ function run() {
                }
            };
            const args = ['-f', file || "default.nix"].concat(utils_1.extrasperse('-A', attributes.split(/\s/)));
-        yield exec.exec('nix-build', args, options);
+            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/nix-build', args, options);
            console.log(`Pushing to cache ` + cachixPush + `...`);
-        yield exec.exec('cachix', ['push', cachixPush].concat(paths.split(/\s/).join(' ')));
-    });
-}
-try {
-    run();
+            yield exec.exec(os_1.homedir() + '/.nix-profile/bin/cachix', ['push', cachixPush].concat(paths.split(/\s/).join(' ')));
        }
        catch (error) {
-    core.setFailed(error.message);
+            core.setFailed(`Action failed with error: ${error}`);
+            throw (error);
        }
+    });
+}
+run();
--- a/package.json
+++ b/package.json
@ -21,7 +21,8 @@
  "license": "ASL2",
  "dependencies": {
    "@actions/core": "^1.1.0",
-    "@actions/exec": "^1.0.1"
+    "@actions/exec": "^1.0.1",
+    "@actions/tool-cache": "^1.1.2"
  },
  "devDependencies": {
    "ts-node": "^8.4.1",
--- a/src/main.ts
+++ b/src/main.ts
@ -1,26 +1,47 @@
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
+import * as tc from '@actions/tool-cache';
 import {homedir} from 'os';
+import {existsSync} from 'fs';
 import {extrasperse} from './utils';

 async function run() {
  try {
+    // inputs
    const file = core.getInput('file');
    const attributes = core.getInput('attributes');
    const cachixPush = core.getInput('cachixPush', { required: true });
+    const signingKey = core.getInput('signingKey', { required: true });

-    // required for macos
-    core.exportVariable('NIX_SSL_CERT_FILE', '/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt');
+    // rest of the constants
+    const home = homedir();
+    const PATH = process.env.PATH;  
+    const CERTS_PATH = home + '/.nix-profile/etc/ssl/certs/ca-bundle.crt';

-    console.log(`Installing Cachix ...`);
-    await exec.exec(homedir() + '/.nix-profile/bin/nix-env', ['-iA', 'cachix', '-f', 'https://cachix.org/api/v1/install']);
+    core.startGroup('Installing Nix')
+    // TODO: retry due to all the things that go wrong
+    const nixInstall = await tc.downloadTool('https://nixos.org/nix/install');
+    await exec.exec("sh", [nixInstall]);
+    core.exportVariable('PATH', `${PATH}:${home}/.nix-profile/bin`)
+    core.endGroup()

+    // macOS needs certificates hints
+    if (existsSync(CERTS_PATH)) {
+      core.exportVariable('NIX_SSL_CERT_FILE', CERTS_PATH);
+    }
+
+    core.startGroup('Installing Cachix')
+    await exec.exec('nix-env', ['-iA', 'cachix', '-f', 'https://cachix.org/api/v1/install']);
+    core.endGroup()
+
+    core.startGroup(`Using Cachix ` + cachixPush);
+    await exec.exec('cachix', ['use', cachixPush]);
+    core.endGroup()
+
+    core.exportVariable('CACHIX_SIGNING_KEY', signingKey)
    // TODO: cachix use --watch-store

-    console.log(`Setting up cache ` + cachixPush + `...`);
-    await exec.exec(homedir() + '/.nix-profile/bin/cachix', ['use', cachixPush]);
-
-    console.log(`Invoking nix-build...`);
+    core.startGroup(`Invoking nix-build`);
    let paths = '';
    const options = {
      listeners: {
@ -29,13 +50,15 @@ async function run() {
        },
      }
    };
-    const args = ['-f', file || "default.nix"].concat(extrasperse('-A', attributes.split(/\s/)));
-    await exec.exec(homedir() + '/.nix-profile/bin/nix-build', args, options);
+    const args = extrasperse('-A', attributes.split(/\s/)).concat([file || "default.nix"]);
+    await exec.exec('nix-build', args, options);
+    core.endGroup()

-    console.log(`Pushing to cache ` + cachixPush + `...`);
-    await exec.exec(homedir() + '/.nix-profile/bin/cachix', ['push', cachixPush].concat(paths.split(/\s/).join(' ')));
+    core.startGroup(`Pushing to Cachix ` + cachixPush);
+    await exec.exec('cachix', ['push', cachixPush].concat(paths.split(/\s/).join(' ')));
+    core.endGroup()
  } catch (error) {
-    core.setFailed(`Action faield with error: ${error}`);
+    core.setFailed(`Action failed with error: ${error}`);
    throw(error);
  } 
 }
--- a/test.nix
+++ b/test.nix
@ -0,0 +1,15 @@
+# Realizes <num>> of derivations with size of <size>MB
+{ size ? 1 # MB
+, num ? 10 # count 
+, currentTime ? builtins.currentTime
+}:
+
+with import <nixpkgs> {};
+
+let
+  drv = i: runCommand "${toString currentTime}-${toString i}" {} ''
+    dd if=/dev/zero of=$out bs=${toString size}MB count=1
+  '';
+in writeText "empty-${toString num}-${toString size}MB" ''
+  ${lib.concatMapStringsSep "" drv (lib.range 1 num)}
+''
--- a/yarn.lock
+++ b/yarn.lock
@ -12,6 +12,23 @@
  resolved "https://registry.yarnpkg.com/@actions/exec/-/exec-1.0.1.tgz#1624b541165697e7008d7c87bc1f69f191263c6c"
  integrity sha512-nvFkxwiicvpzNiCBF4wFBDfnBvi7xp/as7LE1hBxBxKG2L29+gkIPBiLKMVORL+Hg3JNf07AKRfl0V5djoypjQ==

+"@actions/io@^1.0.1":
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/@actions/io/-/io-1.0.1.tgz#81a9418fe2bbdef2d2717a8e9f85188b9c565aca"
+  integrity sha512-rhq+tfZukbtaus7xyUtwKfuiCRXd1hWSfmJNEpFgBQJ4woqPEpsBw04awicjwz9tyG2/MVhAEMfVn664Cri5zA==
+
+"@actions/tool-cache@^1.1.2":
+  version "1.1.2"
+  resolved "https://registry.yarnpkg.com/@actions/tool-cache/-/tool-cache-1.1.2.tgz#304d44cecb9547324731e03ca004a3905e6530d2"
+  integrity sha512-IJczPaZr02ECa3Lgws/TJEVco9tjOujiQSZbO3dHuXXjhd5vrUtfOgGwhmz3/f97L910OraPZ8SknofUk6RvOQ==
+  dependencies:
+    "@actions/core" "^1.1.0"
+    "@actions/exec" "^1.0.1"
+    "@actions/io" "^1.0.1"
+    semver "^6.1.0"
+    typed-rest-client "^1.4.0"
+    uuid "^3.3.2"
+
 "@babel/code-frame@^7.0.0", "@babel/code-frame@^7.5.5":
  version "7.5.5"
  resolved "https://registry.yarnpkg.com/@babel/code-frame/-/code-frame-7.5.5.tgz#bc0782f6d69f7b7d49531219699b988f669a8f9d"
@ -2997,7 +3014,7 @@ sax@^1.2.4:
  resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.1.tgz#a954f931aeba508d307bbf069eff0c01c96116f7"
  integrity sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==

-semver@^6.0.0, semver@^6.2.0:
+semver@^6.0.0, semver@^6.1.0, semver@^6.2.0:
  version "6.3.0"
  resolved "https://registry.yarnpkg.com/semver/-/semver-6.3.0.tgz#ee0a64c8af5e8ceea67687b133761e1becbd1d3d"
  integrity sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==
@ -3411,6 +3428,11 @@ tunnel-agent@^0.6.0:
  dependencies:
    safe-buffer "^5.0.1"

+tunnel@0.0.4:
+  version "0.0.4"
+  resolved "https://registry.yarnpkg.com/tunnel/-/tunnel-0.0.4.tgz#2d3785a158c174c9a16dc2c046ec5fc5f1742213"
+  integrity sha1-LTeFoVjBdMmhbcLARuxfxfF0IhM=
+
 tweetnacl@^0.14.3, tweetnacl@~0.14.0:
  version "0.14.5"
  resolved "https://registry.yarnpkg.com/tweetnacl/-/tweetnacl-0.14.5.tgz#5ae68177f192d4456269d108afa93ff8743f4f64"
@ -3423,6 +3445,14 @@ type-check@~0.3.2:
  dependencies:
    prelude-ls "~1.1.2"

+typed-rest-client@^1.4.0:
+  version "1.5.0"
+  resolved "https://registry.yarnpkg.com/typed-rest-client/-/typed-rest-client-1.5.0.tgz#c0dda6e775b942fd46a2d99f2160a94953206fc2"
+  integrity sha512-DVZRlmsfnTjp6ZJaatcdyvvwYwbWvR4YDNFDqb+qdTxpvaVP99YCpBkA8rxsLtAPjBVoDe4fNsnMIdZTiPuKWg==
+  dependencies:
+    tunnel "0.0.4"
+    underscore "1.8.3"
+
 typescript@^3.5.1:
  version "3.6.3"
  resolved "https://registry.yarnpkg.com/typescript/-/typescript-3.6.3.tgz#fea942fabb20f7e1ca7164ff626f1a9f3f70b4da"
@ -3436,6 +3466,11 @@ uglify-js@^3.1.4:
    commander "~2.20.0"
    source-map "~0.6.1"

+underscore@1.8.3:
+  version "1.8.3"
+  resolved "https://registry.yarnpkg.com/underscore/-/underscore-1.8.3.tgz#4f3fb53b106e6097fcf9cb4109f2a5e9bdfa5022"
+  integrity sha1-Tz+1OxBuYJf8+ctBCfKl6b36UCI=
+
 union-value@^1.0.0:
  version "1.0.1"
  resolved "https://registry.yarnpkg.com/union-value/-/union-value-1.0.1.tgz#0b6fe7b835aecda61c6ea4d4f02c14221e109847"