From 2cbbb63628adf5e18150c59f49676d3d074e5eff Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Mon, 15 Sep 2025 22:58:34 -0400 Subject: [PATCH 1/3] ci: enable use of the experimental installer --- .../actions/install-nix-action/action.yaml | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/.github/actions/install-nix-action/action.yaml b/.github/actions/install-nix-action/action.yaml index c299b3956..b9861131d 100644 --- a/.github/actions/install-nix-action/action.yaml +++ b/.github/actions/install-nix-action/action.yaml @@ -4,12 +4,18 @@ inputs: dogfood: description: "Whether to use Nix installed from the latest artifact from master branch" required: true # Be explicit about the fact that we are using unreleased artifacts + experimental-installer: + description: "Whether to use the experimental installer to install Nix" + default: false extra_nix_config: description: "Gets appended to `/etc/nix/nix.conf` if passed." install_url: description: "URL of the Nix installer" required: false default: "https://releases.nixos.org/nix/nix-2.30.2/install" + tarball_url: + description: "URL of the Nix tarball to use with the experimental installer" + required: false github_token: description: "Github token" required: true @@ -37,14 +43,57 @@ runs: gh run download "$RUN_ID" --repo "$DOGFOOD_REPO" -n "$INSTALLER_ARTIFACT" -D "$INSTALLER_DOWNLOAD_DIR" echo "installer-path=file://$INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT" + TARBALL_PATH="$(find "$INSTALLER_DOWNLOAD_DIR" -name 'nix*.tar.xz' -print | head -n 1)" + echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT" echo "::notice ::Dogfooding Nix installer from master (https://github.com/$DOGFOOD_REPO/actions/runs/$RUN_ID)" env: GH_TOKEN: ${{ inputs.github_token }} DOGFOOD_REPO: "NixOS/nix" + - name: "Download experimental installer" + shell: bash + id: download-experimental-nix-installer + if: ${{ inputs.experimental-installer == 'true' }} + run: | + if [ "$RUNNER_OS" == "Linux" ]; then + INSTALLER_OS="linux" + elif [ "$RUNNER_OS" == "macOS" ]; then + INSTALLER_OS="darwin" + else + echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS" + fi + + if [ "$RUNNER_ARCH" == "X64" ]; then + INSTALLER_ARCH="x86_64" + elif [ "$RUNNER_ARCH" == "ARM64" ]; then + INSTALLER_ARCH="aarch64" + else + echo "::error ::Unsupported RUNNER_ARCH: $RUNNER_ARCH" + fi + + EXPERIMENTAL_INSTALLER_ARTIFACT="nix-installer-$INSTALLER_ARCH-$INSTALLER_OS" + EXPERIMENTAL_INSTALLER_PATH="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT" + # TODO: This uses the latest release. It should probably be pinned, or dogfood the experimental repo's default branch - similar to the above + gh release download -R "$EXPERIMENTAL_INSTALLER_REPO" -D "$EXPERIMENTAL_INSTALLER_PATH" -p "nix-installer.sh" -p "$EXPERIMENTAL_INSTALLER_ARTIFACT" + chmod +x "$EXPERIMENTAL_INSTALLER_PATH/$EXPERIMENTAL_INSTALLER_ARTIFACT" + + echo "installer-path=$EXPERIMENTAL_INSTALLER_PATH" >> "$GITHUB_OUTPUT" + + echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)" + env: + GH_TOKEN: ${{ inputs.github_token }} + EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer" - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1 + if: ${{ inputs.experimental-installer != 'true' }} with: # Ternary operator in GHA: https://www.github.com/actions/runner/issues/409#issuecomment-752775072 install_url: ${{ inputs.dogfood == 'true' && format('{0}/install', steps.download-nix-installer.outputs.installer-path) || inputs.install_url }} install_options: ${{ inputs.dogfood == 'true' && format('--tarball-url-prefix {0}', steps.download-nix-installer.outputs.installer-path) || '' }} extra_nix_config: ${{ inputs.extra_nix_config }} + - uses: DeterminateSystems/nix-installer-action@786fff0690178f1234e4e1fe9b536e94f5433196 # v20 + if: ${{ inputs.experimental-installer == 'true' }} + with: + diagnostic-endpoint: "" + local-root: ${{ steps.download-experimental-nix-installer.outputs.installer-path }} + nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }} + extra-conf: ${{ inputs.extra_nix_config }} From d2293fb458feb3b75d4ed81b32136b335610218b Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Tue, 16 Sep 2025 00:47:02 -0400 Subject: [PATCH 2/3] ci: enable experimental installer tests --- .github/workflows/ci.yml | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index dcf0814d8..145bbe6d9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -135,9 +135,19 @@ jobs: - scenario: on ubuntu runs-on: ubuntu-24.04 os: linux + experimental-installer: false - scenario: on macos runs-on: macos-14 os: darwin + experimental-installer: false + - scenario: on ubuntu (experimental) + runs-on: ubuntu-24.04 + os: linux + experimental-installer: true + - scenario: on macos (experimental) + runs-on: macos-14 + os: darwin + experimental-installer: true name: installer test ${{ matrix.scenario }} runs-on: ${{ matrix.runs-on }} steps: @@ -149,11 +159,22 @@ jobs: path: out - name: Looking up the installer tarball URL id: installer-tarball-url - run: echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT" + run: | + echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT" + TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)" + echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT" - uses: cachix/install-nix-action@v31 + if: ${{ !matrix.experimental-installer }} with: install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }} install_options: ${{ format('--tarball-url-prefix {0}', steps.installer-tarball-url.outputs.installer-url) }} + - uses: ./.github/actions/install-nix-action + if: ${{ matrix.experimental-installer }} + with: + dogfood: false + experimental-installer: true + tarball_url: ${{ steps.installer-tarball-url.outputs.tarball-path }} + github_token: ${{ secrets.GITHUB_TOKEN }} - run: sudo apt install fish zsh if: matrix.os == 'linux' - run: brew install fish From 92d7381826982f7193145e9fa786eb0f0b1420a2 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Fri, 3 Oct 2025 02:01:03 -0400 Subject: [PATCH 3/3] ci: allow for using the latest build of the experimental installer Until these repos are potentially merged, this is good for dogfooding alongside the experimental installer. It also uses the more official `artifacts.nixos.org` endpoint to install stable releases now More immediately though, we need a patch for the experimental installer to really work in CI at all, and that hasn't landed in a tag yet. So, this lets us use it right from `main`! --- .../actions/install-nix-action/action.yaml | 49 +++++++++++++------ 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/.github/actions/install-nix-action/action.yaml b/.github/actions/install-nix-action/action.yaml index b9861131d..46abea179 100644 --- a/.github/actions/install-nix-action/action.yaml +++ b/.github/actions/install-nix-action/action.yaml @@ -7,6 +7,10 @@ inputs: experimental-installer: description: "Whether to use the experimental installer to install Nix" default: false + experimental-installer-version: + description: "Version of the experimental installer to use. If `latest`, the newest artifact from the default branch is used." + # TODO: This should probably be pinned to a release after https://github.com/NixOS/experimental-nix-installer/pull/49 lands in one + default: "latest" extra_nix_config: description: "Gets appended to `/etc/nix/nix.conf` if passed." install_url: @@ -50,36 +54,51 @@ runs: env: GH_TOKEN: ${{ inputs.github_token }} DOGFOOD_REPO: "NixOS/nix" - - name: "Download experimental installer" + - name: "Gather system info for experimental installer" shell: bash - id: download-experimental-nix-installer if: ${{ inputs.experimental-installer == 'true' }} run: | + echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)" + if [ "$RUNNER_OS" == "Linux" ]; then - INSTALLER_OS="linux" + EXPERIMENTAL_INSTALLER_SYSTEM="linux" + echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV" elif [ "$RUNNER_OS" == "macOS" ]; then - INSTALLER_OS="darwin" + EXPERIMENTAL_INSTALLER_SYSTEM="darwin" + echo "EXPERIMENTAL_INSTALLER_SYSTEM=$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV" else echo "::error ::Unsupported RUNNER_OS: $RUNNER_OS" + exit 1 fi if [ "$RUNNER_ARCH" == "X64" ]; then - INSTALLER_ARCH="x86_64" + EXPERIMENTAL_INSTALLER_ARCH=x86_64 + echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV" elif [ "$RUNNER_ARCH" == "ARM64" ]; then - INSTALLER_ARCH="aarch64" + EXPERIMENTAL_INSTALLER_ARCH=aarch64 + echo "EXPERIMENTAL_INSTALLER_ARCH=$EXPERIMENTAL_INSTALLER_ARCH" >> "$GITHUB_ENV" else echo "::error ::Unsupported RUNNER_ARCH: $RUNNER_ARCH" + exit 1 fi - EXPERIMENTAL_INSTALLER_ARTIFACT="nix-installer-$INSTALLER_ARCH-$INSTALLER_OS" - EXPERIMENTAL_INSTALLER_PATH="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT" - # TODO: This uses the latest release. It should probably be pinned, or dogfood the experimental repo's default branch - similar to the above - gh release download -R "$EXPERIMENTAL_INSTALLER_REPO" -D "$EXPERIMENTAL_INSTALLER_PATH" -p "nix-installer.sh" -p "$EXPERIMENTAL_INSTALLER_ARTIFACT" - chmod +x "$EXPERIMENTAL_INSTALLER_PATH/$EXPERIMENTAL_INSTALLER_ARTIFACT" + echo "EXPERIMENTAL_INSTALLER_ARTIFACT=nix-installer-$EXPERIMENTAL_INSTALLER_ARCH-$EXPERIMENTAL_INSTALLER_SYSTEM" >> "$GITHUB_ENV" + env: + EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer" + - name: "Download latest experimental installer" + shell: bash + id: download-latest-experimental-installer + if: ${{ inputs.experimental-installer == 'true' && inputs.experimental-installer-version == 'latest' }} + run: | + RUN_ID=$(gh run list --repo "$EXPERIMENTAL_INSTALLER_REPO" --workflow ci.yml --branch main --status success --json databaseId --jq ".[0].databaseId") - echo "installer-path=$EXPERIMENTAL_INSTALLER_PATH" >> "$GITHUB_OUTPUT" + EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR="$GITHUB_WORKSPACE/$EXPERIMENTAL_INSTALLER_ARTIFACT" + mkdir -p "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" - echo "::notice Using experimental installer from $EXPERIMENTAL_INSTALLER_REPO (https://github.com/$EXPERIMENTAL_INSTALLER_REPO)" + gh run download "$RUN_ID" --repo "$EXPERIMENTAL_INSTALLER_REPO" -n "$EXPERIMENTAL_INSTALLER_ARTIFACT" -D "$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" + # Executable permissions are lost in artifacts + find $EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR -type f -exec chmod +x {} + + echo "installer-path=$EXPERIMENTAL_INSTALLER_DOWNLOAD_DIR" >> "$GITHUB_OUTPUT" env: GH_TOKEN: ${{ inputs.github_token }} EXPERIMENTAL_INSTALLER_REPO: "NixOS/experimental-nix-installer" @@ -94,6 +113,8 @@ runs: if: ${{ inputs.experimental-installer == 'true' }} with: diagnostic-endpoint: "" - local-root: ${{ steps.download-experimental-nix-installer.outputs.installer-path }} + # TODO: It'd be nice to use `artifacts.nixos.org` for both of these, maybe through an `/experimental-installer/latest` endpoint? or `/commit/`? + local-root: ${{ inputs.experimental-installer-version == 'latest' && steps.download-latest-experimental-installer.outputs.installer-path || '' }} + source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }} nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }} extra-conf: ${{ inputs.extra_nix_config }}