Simplify how paths are pushed

Previously we were setting up Nix build hook to make sure all paths are synced to cachix. This had a few flaws: - nix-daemon had to be restarted, resulting into a few seconds extra setup per each build - spurious error on macos due to nix-daemon socket not ready in time - significant overhead since syncing to cachix was synchronous for each derivation built Now we just look for new store paths and push those after nix-build.
2026-06-03 17:44:07 +02:00 · 2020-02-24 14:14:49 +01:00 · 2020-02-24 14:14:49 +01:00 · 7bea2cc0c1
commit 7bea2cc0c1
parent 89036a5745
3 changed files with 45 additions and 90 deletions
--- a/lib/main.js
+++ b/lib/main.js
@ -18,25 +18,16 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
-const os_1 = require("os");
 const strings_1 = require("./strings");
-function home() {
-    if (os_1.type() == "Darwin") {
-        return "/Users/runner";
-    }
-    else {
-        return "/home/runner";
-    }
-}
 function run() {
    return __awaiter(this, void 0, void 0, function* () {
        try {
            // inputs
+            const name = core.getInput('name', { required: true });
            const file = core.getInput('file');
            const skipNixBuild = core.getInput('skipNixBuild');
            const attributes = core.getInput('attributes');
            const nixBuildArgs = core.getInput('nixBuildArgs');
-            const name = core.getInput('name', { required: true });
            const signingKey = core.getInput('signingKey');
            const authToken = core.getInput('authToken');
            const cachixExecutable = "/nix/var/nix/profiles/per-user/runner/profile/bin/cachix";
@ -51,43 +42,27 @@ function run() {
            yield exec.exec('cachix', ['use', name]);
            core.endGroup();
            if (signingKey !== "") {
-                core.startGroup('Cachix: Configuring push');
-                // needed to discover auth token
-                yield exec.exec("sudo", ["sh", "-c", `echo export HOME=${home()} > /etc/nix/cachix-push.sh`]);
-                yield exec.exec("sudo", ["sh", "-c", `echo export CACHIX_SIGNING_KEY=${signingKey} >> /etc/nix/cachix-push.sh`]);
-                // needed to for nix-store
-                yield exec.exec("sudo", ["sh", "-c", `echo export PATH=\\$PATH:/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/per-user/runner/profile/bin >> /etc/nix/cachix-push.sh`]);
-                yield exec.exec("sudo", ["sh", "-c", `echo ${cachixExecutable} push ${name} \\$OUT_PATHS >> /etc/nix/cachix-push.sh`]);
-                yield exec.exec("sudo", ["sh", "-c", `chmod +x /etc/nix/cachix-push.sh`]);
-                // enable post-build-hook
-                yield exec.exec("sudo", ["sh", "-c", `echo post-build-hook = /etc/nix/cachix-push.sh >> /etc/nix/nix.conf`]);
                core.exportVariable('CACHIX_SIGNING_KEY', signingKey);
-                // Ignore reloading failures as Nix might be installed in single-user mode (install-nix-action version 5 or lower)
-                const options = { ignoreReturnCode: true };
-                // Reload nix-daemon
-                if (os_1.type() == "Darwin") {
-                    // kickstart awaits nix-daemon to get up again
-                    yield exec.exec("sudo", ["launchctl", "kickstart", "-k", "system/org.nixos.nix-daemon"], options);
+                if (skipNixBuild !== 'true') {
+                    core.startGroup(`Invoking nix-build`);
+                    // Remember existing store paths
+                    yield exec.exec("sh", ["-c", `nix path-info --all | grep -v '\.drv$' > store-path-pre-build`]);
+                    let paths = '';
+                    const options = {
+                        listeners: {
+                            stdout: (data) => {
+                                paths += data.toString();
+                            },
+                        }
+                    };
+                    const args = strings_1.prependEach('-A', strings_1.nonEmptySplit(attributes, /\s+/)).concat([file || "default.nix"]);
+                    const additionalArgs = strings_1.nonEmptySplit(nixBuildArgs, /\s+/);
+                    yield exec.exec('nix-build', additionalArgs.concat(args), options);
+                    core.endGroup();
+                    core.startGroup('Cachix: Pushing paths');
+                    yield exec.exec("sh", ["-c", `nix path-info --all | grep -v '\.drv$' | cat - store-path-pre-build | sort | uniq -u  | ${cachixExecutable} push ${name}`]);
+                    core.endGroup();
                }
-                else {
-                    yield exec.exec("sudo", ["pkill", "-HUP", "nix-daemon"], options);
-                }
-                core.endGroup();
-            }
-            if (skipNixBuild !== 'true') {
-                core.startGroup(`Invoking nix-build`);
-                let paths = '';
-                const options = {
-                    listeners: {
-                        stdout: (data) => {
-                            paths += data.toString();
-                        },
-                    }
-                };
-                const args = strings_1.prependEach('-A', strings_1.nonEmptySplit(attributes, /\s+/)).concat([file || "default.nix"]);
-                const additionalArgs = strings_1.nonEmptySplit(nixBuildArgs, /\s+/);
-                yield exec.exec('nix-build', additionalArgs.concat(args), options);
-                core.endGroup();
            }
        }
        catch (error) {