Bump Nix version #468
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| pull_request: | |
| merge_group: | |
| permissions: | |
| contents: "read" | |
| jobs: | |
| build: | |
| name: Build (${{ matrix.system }}) | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-24.04 | |
| system: x86_64-linux | |
| - os: ubuntu-24.04-arm | |
| system: aarch64-linux | |
| - os: macos-15-intel | |
| system: x86_64-darwin | |
| - os: macos-15 | |
| system: aarch64-darwin | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install Nix | |
| uses: NixOS/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@v17 | |
| with: | |
| name: nix-installer | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: Build the installer | |
| run: | | |
| if [[ $RUNNER_OS == "Linux" ]]; then | |
| ATTR="nix-installer-static" | |
| elif [[ $RUNNER_OS == "macOS" ]]; then | |
| ATTR="nix-installer" | |
| else | |
| echo "error: '$RUNNER_OS' is an unsupported operating system" | |
| fi | |
| nix build ".#$ATTR" -L | |
| - name: Create installer bundle | |
| run: | | |
| mkdir install-root/ | |
| cp nix-installer.sh install-root/nix-installer.sh | |
| cp result/bin/nix-installer install-root/nix-installer-${{ matrix.system }} | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: nix-installer-${{ matrix.system }} | |
| path: install-root/ | |
| lints: | |
| name: Lints | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install Nix | |
| uses: NixOS/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@v17 | |
| with: | |
| name: nix-installer | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: Run checks (formatting, clippy) | |
| run: nix build .#checks.x86_64-linux.formatting .#checks.x86_64-linux.clippy -L | |
| run: | |
| name: "Run (${{ matrix.system }}${{ matrix.init == 'no' && ', no init' || '' }})" | |
| needs: [build] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-24.04 | |
| system: x86_64-linux | |
| - os: ubuntu-24.04 | |
| system: x86_64-linux | |
| init: "no" | |
| - os: ubuntu-24.04-arm | |
| system: aarch64-linux | |
| - os: macos-15-intel | |
| system: x86_64-darwin | |
| - os: macos-15 | |
| system: aarch64-darwin | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Download artifact | |
| id: download-installer | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: nix-installer-${{ matrix.system }} | |
| path: install-root/ | |
| - name: Set installer components as executable | |
| env: | |
| INSTALL_ROOT: ${{ steps.download-installer.outputs.download-path }} | |
| run: | | |
| find "$INSTALL_ROOT" -type f -exec chmod +x {} + | |
| - name: Install dependencies | |
| run: | | |
| if [[ $RUNNER_OS == "Linux" ]]; then | |
| sudo apt install fish zsh | |
| elif [[ $RUNNER_OS = "macOS" ]]; then | |
| brew install coreutils fish | |
| else | |
| echo "Unsupported runner operating system: $RUNNER_OS" | |
| exit 1 | |
| fi | |
| - name: Initial install | |
| uses: NixOS/nix-installer-action@main | |
| with: | |
| dogfood: true | |
| dogfood-path: ${{ steps.download-installer.outputs.download-path }} | |
| init: ${{ matrix.init }} | |
| verbosity: 2 | |
| extra-conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Ensure daemon was not configured with init | |
| if: ${{ matrix.init == 'no' }} | |
| run: | | |
| if systemctl is-active nix-daemon.socket; then | |
| echo "nix-daemon.socket was running" | |
| exit 1 | |
| fi | |
| if systemctl is-active nix-daemon.service; then | |
| echo "nix-daemon.service was running" | |
| exit 1 | |
| fi | |
| - name: Initial uninstall (without a `nix run` first) | |
| run: sudo -E /nix/nix-installer uninstall | |
| env: | |
| NIX_INSTALLER_NO_CONFIRM: true | |
| NIX_INSTALLER_LOGGER: pretty | |
| NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
| RUST_BACKTRACE: full | |
| - name: Ensure `nix` is removed | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| if systemctl is-active nix-daemon.socket; then | |
| echo "nix-daemon.socket was still running" | |
| exit 1 | |
| fi | |
| if systemctl is-active nix-daemon.service; then | |
| echo "nix-daemon.service was still running" | |
| exit 1 | |
| fi | |
| if [ -e /nix ]; then | |
| echo "/nix exists" | |
| exit 1 | |
| fi | |
| - name: Repeated install | |
| uses: NixOS/nix-installer-action@main | |
| with: | |
| dogfood: true | |
| dogfood-path: ${{ steps.download-installer.outputs.download-path }} | |
| init: ${{ matrix.init }} | |
| add-channel: true | |
| verbosity: 2 | |
| extra-conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: echo $PATH | |
| run: echo "$PATH" | |
| # TODO: Find a better way to invoke these commands with `sudo` in the init cases | |
| - name: Test installation | |
| if: ${{ matrix.init == '' }} | |
| run: | | |
| set -x | |
| echo "$PATH" | |
| nix-shell -p hello --command hello | |
| nix-env -iA nixpkgs.hello | |
| hello | |
| nix-store --gc | |
| nix-shell -p hello --command hello | |
| /nix/nix-installer self-test | |
| - name: Test installation (no init) | |
| if: ${{ matrix.init == 'no' }} | |
| run: | | |
| sudo -i nix-shell -p hello --command hello | |
| sudo -i nix-env -iA nixpkgs.hello | |
| sudo -i hello | |
| sudo -i nix-store --gc | |
| sudo -i nix-shell -p hello --command hello | |
| - name: Repeated uninstall | |
| run: sudo -E /nix/nix-installer uninstall | |
| env: | |
| NIX_INSTALLER_NO_CONFIRM: true | |
| NIX_INSTALLER_LOGGER: pretty | |
| NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug | |
| RUST_BACKTRACE: full | |
| - name: Ensure `nix` is removed | |
| if: ${{ runner.os == 'Linux' }} | |
| run: | | |
| if systemctl is-active nix-daemon.socket; then | |
| echo "nix-daemon.socket was still running" | |
| exit 1 | |
| fi | |
| if systemctl is-active nix-daemon.service; then | |
| echo "nix-daemon.service was still running" | |
| exit 1 | |
| fi | |
| if [ -e /nix ]; then | |
| echo "/nix exists" | |
| exit 1 | |
| fi | |
| vm-tests: | |
| name: VM Tests - ${{ matrix.distro }} | |
| needs: [build, lints] | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: | |
| - ubuntu-v22_04 | |
| - ubuntu-v24_04 | |
| - fedora-v36 | |
| - fedora-v37 | |
| - rocky-v8 | |
| - rocky-v9 | |
| - opensuse-leap-v15_6 | |
| - archlinux-v20260115 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install Nix | |
| uses: NixOS/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@v17 | |
| with: | |
| name: nix-installer | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: Run VM tests for ${{ matrix.distro }} | |
| run: | | |
| # Build VM tests one at a time to avoid OOM. | |
| # Each test spawns a 4 GB QEMU VM; running them in parallel | |
| # exceeds the runner's RAM limit. | |
| tests=$(nix eval --json '.#checks.x86_64-linux' \ | |
| --apply 'x: builtins.filter (n: | |
| let prefix = "vm-test-${{ matrix.distro }}-"; in | |
| builtins.substring 0 (builtins.stringLength prefix) n == prefix | |
| && ! builtins.elem n [ | |
| "vm-test-${{ matrix.distro }}-all" | |
| "vm-test-${{ matrix.distro }}-install" | |
| "vm-test-${{ matrix.distro }}-cure-self" | |
| "vm-test-${{ matrix.distro }}-uninstall" | |
| ] | |
| ) (builtins.attrNames x)') | |
| for test in $(echo "$tests" | jq -r '.[]'); do | |
| echo "::group::Building $test" | |
| nix build ".#checks.x86_64-linux.$test" -L | |
| echo "::endgroup::" | |
| done | |
| container-tests: | |
| name: Container Tests - ${{ matrix.distro }} | |
| needs: [build, lints] | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| distro: | |
| - ubuntu-v22_04 | |
| - ubuntu-v24_04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| - name: Install Nix | |
| uses: NixOS/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
| - name: Setup Cachix | |
| uses: cachix/cachix-action@v17 | |
| with: | |
| name: nix-installer | |
| authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: Run container tests for ${{ matrix.distro }} | |
| run: nix build .#checks.x86_64-linux.container-test-${{ matrix.distro }}-all -L | |