nixos/nix
1
1
Fork 0
mirror of https://github.com/NixOS/nix.git synced 2025-12-16 14:01:05 +01:00
Code Activity

Merge pull request #14332 from NixOS/cleanup-ci

Browse source 
ci: Assorted collection of cleanups
This commit is contained in:
Eelco Dolstra 2025-10-23 16:50:11 +00:00 committed by GitHub
commit 0a74b4905c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 20 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

13
.github/actions/install-nix-action/action.yaml vendored
View file

@ -16,13 +16,17 @@ inputs:
install_url: install_url:
description: "URL of the Nix installer" description: "URL of the Nix installer"
required: false required: false
default: "https://releases.nixos.org/nix/nix-2.30.2/install" default: "https://releases.nixos.org/nix/nix-2.32.1/install"
tarball_url: tarball_url:
description: "URL of the Nix tarball to use with the experimental installer" description: "URL of the Nix tarball to use with the experimental installer"
required: false required: false
github_token: github_token:
description: "Github token" description: "Github token"
required: true required: true
use_cache:
description: "Whether to setup magic-nix-cache"
default: true
required: false
runs: runs:
using: "composite" using: "composite"
steps: steps:
@ -118,3 +122,10 @@ runs:
source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }} source-url: ${{ inputs.experimental-installer-version != 'latest' && 'https://artifacts.nixos.org/experimental-installer/tag/${{ inputs.experimental-installer-version }}/${{ env.EXPERIMENTAL_INSTALLER_ARTIFACT }}' || '' }}
nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }} nix-package-url: ${{ inputs.dogfood == 'true' && steps.download-nix-installer.outputs.tarball-path || (inputs.tarball_url || '') }}
extra-conf: ${{ inputs.extra_nix_config }} extra-conf: ${{ inputs.extra_nix_config }}
- uses: DeterminateSystems/magic-nix-cache-action@565684385bcd71bad329742eefe8d12f2e765b39 # v13
if: ${{ inputs.use_cache == 'true' }}
with:
diagnostic-endpoint: ''
use-flakehub: false
use-gha-cache: true
source-revision: c2f46a0afa5f95fd4c184a533afd280c68cf63ff # v0.1.6

18
.github/workflows/ci.yml vendored
View file

@ -29,6 +29,7 @@ jobs:
extra_nix_config: extra_nix_config:
experimental-features = nix-command flakes experimental-features = nix-command flakes
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
use_cache: false
- run: nix flake show --all-systems --json - run: nix flake show --all-systems --json
pre-commit-checks: pre-commit-checks:
@ -41,7 +42,6 @@ jobs:
dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }} dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
extra_nix_config: experimental-features = nix-command flakes extra_nix_config: experimental-features = nix-command flakes
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: ./ci/gha/tests/pre-commit-checks - run: ./ci/gha/tests/pre-commit-checks
basic-checks: basic-checks:
@ -92,7 +92,6 @@ jobs:
dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }} dogfood: ${{ github.event_name == 'workflow_dispatch' && inputs.dogfood || github.event_name != 'workflow_dispatch' }}
# The sandbox would otherwise be disabled by default on Darwin # The sandbox would otherwise be disabled by default on Darwin
extra_nix_config: "sandbox = true" extra_nix_config: "sandbox = true"
- uses: DeterminateSystems/magic-nix-cache-action@main
# Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user: # Since ubuntu 22.30, unprivileged usernamespaces are no longer allowed to map to the root user:
# https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
- run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
@ -171,7 +170,7 @@ jobs:
echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT" echo "installer-url=file://$GITHUB_WORKSPACE/out" >> "$GITHUB_OUTPUT"
TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)" TARBALL_PATH="$(find "$GITHUB_WORKSPACE/out" -name 'nix*.tar.xz' -print | head -n 1)"
echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT" echo "tarball-path=file://$TARBALL_PATH" >> "$GITHUB_OUTPUT"
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@c134e4c9e34bac6cab09cf239815f9339aaaf84e # v31.5.1
if: ${{ !matrix.experimental-installer }} if: ${{ !matrix.experimental-installer }}
with: with:
install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }} install_url: ${{ format('{0}/install', steps.installer-tarball-url.outputs.installer-url) }}
@ -227,12 +226,13 @@ jobs:
- uses: actions/checkout@v5 - uses: actions/checkout@v5
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: cachix/install-nix-action@v31 - uses: ./.github/actions/install-nix-action
with: with:
install_url: https://releases.nixos.org/nix/nix-2.20.3/install dogfood: false
- uses: DeterminateSystems/magic-nix-cache-action@main extra_nix_config: |
- run: echo NIX_VERSION="$(nix --experimental-features 'nix-command flakes' eval .\#nix.version | tr -d \")" >> $GITHUB_ENV experimental-features = flakes nix-command
- run: nix --experimental-features 'nix-command flakes' build .#dockerImage -L - run: echo NIX_VERSION="$(nix eval .\#nix.version | tr -d \")" >> $GITHUB_ENV
- run: nix build .#dockerImage -L
- run: docker load -i ./result/image.tar.gz - run: docker load -i ./result/image.tar.gz
- run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:$NIX_VERSION
- run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master - run: docker tag nix:$NIX_VERSION ${{ secrets.DOCKERHUB_USERNAME }}/nix:master
@ -289,7 +289,6 @@ jobs:
extra_nix_config: extra_nix_config:
experimental-features = nix-command flakes experimental-features = nix-command flakes
github_token: ${{ secrets.GITHUB_TOKEN }} github_token: ${{ secrets.GITHUB_TOKEN }}
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh - run: nix build -L --out-link ./new-nix && PATH=$(pwd)/new-nix/bin:$PATH MAX_FLAKES=25 flake-regressions/eval-all.sh
profile_build: profile_build:
@ -310,7 +309,6 @@ jobs:
extra_nix_config: | extra_nix_config: |
experimental-features = flakes nix-command ca-derivations impure-derivations experimental-features = flakes nix-command ca-derivations impure-derivations
max-jobs = 1 max-jobs = 1
- uses: DeterminateSystems/magic-nix-cache-action@main
- run: | - run: |
nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md nix build -L --file ./ci/gha/profile-build buildTimeReport --out-link build-time-report.md
cat build-time-report.md >> $GITHUB_STEP_SUMMARY cat build-time-report.md >> $GITHUB_STEP_SUMMARY