Giter Club home page Giter Club logo

install-nix-action's Introduction

install-nix-action

GitHub Actions badge

Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.

By default it has no nixpkgs configured, you have to set nix_path by picking a channel or pin nixpkgs yourself (see also pinning tutorial).

Features

  • Quick installation (~4s on Linux, ~20s on macOS)
  • Multi-User installation (with sandboxing enabled only on Linux)
  • Self-hosted GitHub runner support
  • Allows specifying Nix installation URL via install_url (the oldest supported Nix version is 2.3.5)
  • Allows specifying extra Nix configuration options via extra_nix_config
  • Allows specifying $NIX_PATH and channels via nix_path
  • Share /nix/store between builds using cachix-action for simple binary cache setup to speed up your builds and share binaries with your team
  • Enables KVM on supported machines: run VMs and NixOS tests with full hardware-acceleration

Usage

Create .github/workflows/test.yml in your repo with the following contents:

name: "Test"
on:
  pull_request:
  push:
jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v3
    - uses: cachix/install-nix-action@v27
      with:
        nix_path: nixpkgs=channel:nixos-unstable
    - run: nix-build

Usage with Flakes

name: "Test"
on:
  pull_request:
  push:
jobs:
  tests:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - uses: cachix/install-nix-action@v27
      with:
        github_access_token: ${{ secrets.GITHUB_TOKEN }}
    - run: nix build
    - run: nix flake check

To install Nix from any commit, go to the corresponding installer_test action and click on "Run cachix/install-nix-action@XX" step and expand the first line.

Inputs (specify using with:)

  • extra_nix_config: append to /etc/nix/nix.conf

  • github_access_token: configure Nix to pull from GitHub using the given GitHub token. This helps work around rate limit issues. Has no effect when access-tokens is also specified in extra_nix_config.

  • install_url: specify URL to install Nix from (useful for testing non-stable releases or pinning Nix, for example https://releases.nixos.org/nix/nix-2.3.7/install)

  • install_options: additional installer flags passed to the installer script.

  • nix_path: set NIX_PATH environment variable, for example nixpkgs=channel:nixos-unstable

  • enable_kvm: whether to enable KVM for hardware-accelerated virtualization on Linux. Enabled by default if available.

Differences from the default Nix installer

Some settings have been optimised for use in CI environments:

  • nix.conf settings. Override these defaults with extra_nix_config:

    • The experimental flakes and nix-command features are enabled. Disable by overriding experimental-features in extra_nix_config.

    • max-jobs is set to auto.

    • show-trace is set to true.

    • $USER is added to trusted-users.

    • $GITHUB_TOKEN is added to access_tokens if no other github_access_token is provided.

    • always-allow-substitutes is set to true.

    • ssl-cert-file is set to /etc/ssl/cert.pem on macOS.

  • KVM is enabled on Linux if available. Disable by setting enable_kvm: false.

  • $TMPDIR is set to $RUNNER_TEMP if empty.

FAQ

How do I print nixpkgs version I have configured?

- name: Print nixpkgs version
  run: nix-instantiate --eval -E '(import <nixpkgs> {}).lib.version'

How do I run NixOS tests?

With the following inputs:

- uses: cachix/install-nix-action@vXX
  with:
    extra_nix_config: "system-features = nixos-test benchmark big-parallel kvm"

Note that there's no hardware acceleration on GitHub Actions..

How do I install packages via nix-env from the specified nix_path?

nix-env -i mypackage -f '<nixpkgs>'

How do I add a binary cache?

If the binary cache you want to add is hosted on Cachix and you are using cachix-action, you should use their extraPullNames input like this:

- uses: cachix/cachix-action@vXX
   with:
     name: mycache
     authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
     extraPullNames: nix-community

Otherwise, you can add any binary cache to nix.conf using install-nix-action's own extra_nix_config input:

- uses: cachix/install-nix-action@v27
  with:
    extra_nix_config: |
      trusted-public-keys = hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
      substituters = https://hydra.iohk.io https://cache.nixos.org/

How do I pass environment variables to commands run with nix develop or nix shell?

Nix runs commands in a restricted environment by default, called pure mode. In pure mode, environment variables are not passed through to improve the reproducibility of the shell.

You can use the --keep / -k flag to keep certain environment variables:

- name: Run a command with nix develop
  run: nix develop --ignore-environment --keep MY_ENV_VAR --command echo $MY_ENV_VAR
  env:
    MY_ENV_VAR: "hello world"

Or you can disable pure mode entirely with the --impure flag:

nix develop --impure

install-nix-action's People

Contributors

artturin avatar bbarker avatar carlosdagos avatar cprussin avatar damiencassou avatar davhau avatar dependabot[bot] avatar domenkozar avatar gerschtli avatar ggreif avatar grahamc avatar internetunexplorer avatar jalaziz avatar joergdw avatar kashw2 avatar l0b0 avatar lovesegfault avatar mic92 avatar mmlb avatar ncfavier avatar roberth avatar sandydoo avatar sigprof avatar supersandro2000 avatar thekk avatar wamserma avatar zimbatm avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

roberth gerschtli rheeseyb andir cprussin zimbatm bbarker orbital-transfer-survey mic92 markjacksonfishing kha ijohanne scarf-sh thekk damiencassou mbpnix2105 dsyer adetokunbo vkleen mbprtpmnr simeoncarstens miuirussia quick-lint iammrinal0 davhau kquick kubukoz aske lovesegfault ncfavier artturin nrdxp withflint zuzuleinen peterbecich jeffwilde sigprof baltoli zendesk amarshall bloopai anothergroupchat liuhh666233 blaggacao asml-actions egym internetunexplorer mrcjkb dz0ny eqtylab-actions jrmurr l0b0 pgrange jeroenknoops dpc drruisseau joergdw cameronfyfe input-output-hk oolio-group codewitchbella kranzes re-gmbh techcloud0-actions grahamc jalaziz daiseeai naostage cequals sambacha duplicateduuid kashw2 asml-actions-validation takocrypt

install-nix-action's Issues

error: operation 'addTempRoot' is not supported by store

I've been using cachix/install-nix-action for a while to build and then upload to my own cache.

I've recently upgraded to the latest version of cachix/install-nix-action, and am seeing a 'addTempRoot' is not supported by store

See https://github.com/CorbanR/nixpkgs/runs/1475731991?check_suite_focus=true#step:11:54

      # v12
    - uses: cachix/install-nix-action@07da2520ee
      with:
        install_url: https://releases.nixos.org/nix/nix-2.3.8/install
        nix_path: nixpkgs=channel:nixpkgs-unstable

Where the failure is happening

    - name: Sign the packages
      if: (github.event_name == 'push' || github.event.inputs.deploy == 'true') && github.ref == 'refs/heads/master'
      run: |
        export NIX_SECRET_KEY_FILE="$PWD/nix-cache-priv-key.pem"
        echo "$NIX_SECRET_KEY" > "$NIX_SECRET_KEY_FILE"
        nix sign-paths -k "$NIX_SECRET_KEY_FILE"
        nix copy --to "file:///$PWD/_output/cache?compression=xz"
        nix path-info --store "file:///$PWD/_output/cache" --json | json_pp
        rm -rf "$NIX_SECRET_KEY_FILE"
      env:
        NIX_SECRET_KEY: ${{ secrets.NIX_SECRET_KEY }}

Any ideas? Im not actually sure if it's due to upgrading this action, or if it's an issue with the nix version that im using.

nix daemon doesn't have access to nix binaries itself

I invoke some nix commands in a script that post-build-hook in extra_nix_config is pointing to.

The post-build-hook is executed via the nix-daemon, as the installer uses a multi-user installation.

On NixOS, the nix-daemon system units are configured to have config.nix.package in $PATH, so this works.

It seems this isn't the case with this action - nix-build, nix etc. are not in $PATH.

Testing with Nix 2.2.

Hi!

The documentation seems to indicate that it should be possible to run this action with an older Nix version by using the install_url input. I've tried testing with Nix 2.2 by setting install_url: https://releases.nixos.org/nix/nix-2.2/install but I've obtained the following error:

/dev/fd/63: SHA-256 hash mismatch in 'https://nixos.org/releases/nix/nix-2.2/nix-2.2-x86_64-darwin.tar.bz2';
expected sha256-1zRgN1HUvaA+FJjOLSVlLv5+f9bdHBbBVKTBYTpSj68=,
got d734603751d4bda03e1498ce2d25652efe7e7fd6dd1c16c154a4c1613a528faf

Is testing with Nix 2.2 supported and if yes how? Otherwise, do you have any suggestion on how to test build a derivation with Nix 2.2? (I am trying to understand why a PR fails in nixpkgs's CI while the same derivation builds fine in GitHub Actions and I suspect that it might be due to the version of Nix since I don't see any other explanation for the inconsistency.)

extra_nix_config doesn't work on single-user install

If your action uses extra_nix_config, like so:

      - uses: cachix/install-nix-action@v14
        with:
          install_url: https://nixos-nix-install-tests.cachix.org/serve/ipa0c64h689jb4ys6hxsky2r8xpld0hv/install
          install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
          extra_nix_config: experimental-features = nix-command flakes

It will only work in a daemon install. For the single-user mode, such as when using ACT, the config ends up empty.

To reproduce, create this demo.yml:

name: Demo
on: [ pull_request ]
jobs:
  demo:
    runs-on: ubuntu-latest
    steps:
      - uses: cachix/install-nix-action@v14
        with:
          install_url: https://nixos-nix-install-tests.cachix.org/serve/ipa0c64h689jb4ys6hxsky2r8xpld0hv/install
          install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
          extra_nix_config: experimental-features = nix-command flakes
      - run: cat /etc/nix/nix.conf
      - uses: cachix/cachix-action@v10
        with:
          name: nix-config
          signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
      - run: cat /etc/nix/nix.conf
      - run: nix build nixpkgs#hello

and run nix-shell -p act --run "act -W demo.yml -j demo"

Flakes example no longer works

It still uses cachix/install-nix-action@v11 but also upgrading to v12 does not help:

https://github.com/Mic92/nix-update/pull/30/checks?check_run_id=1478992110

  nix build
  shell: /bin/bash -e {0}
error: --- SysError --- nix
getting attributes of path '/nix/store/550xkq18mh8a6xgpnard55rjqxa9zmlc-source': No such file or directory
(use '--show-trace' to show detailed location information)
Error: Process completed with exit code 1.

Sorry I have not investigated deeply what is going on here...
Does it work for someone else?

Set nixpkgs channel

Hey,

I really like this action, but I found myself repeatedly adding a run action to simply set a nixpkgs channel. How about adding a parameter to specify which nixpkgs channel should be used and install it, like:

- uses: cachix/install-nix-action@v6
  with:
    nixpkgs: https://nixos.org/channels/nixos-19.09

or maybe even shorter through prefixing the channel name with https://nixos.org/channels/:

- uses: cachix/install-nix-action@v6
  with:
    nixpkgs: nixos-19.09

which does nothing more than running:

nix-channel --add ${{ parameter.nixpkgs }} nixpkgs
nix-channel --update

HTTP 404

Adding this action to my repo, I get the following output:

Download action repository 'actions/checkout@v1'
Download action repository 'actions/install-nix-action@v6'
##[warning]Failed to download action 'https://api.github.com/repos/actions/install-nix-action/tarball/v6'. Error Response status code does not indicate success: 404 (Not Found).
##[warning]Back off 28.469 seconds before retry.
##[warning]Failed to download action 'https://api.github.com/repos/actions/install-nix-action/tarball/v6'. Error Response status code does not indicate success: 404 (Not Found).
##[warning]Back off 23.535 seconds before retry.
##[error]Response status code does not indicate success: 404 (Not Found).

Use build cache?

I have a very large derivation that takes 45 minutes or so to build. When commits hit setting off a rebuild it would be nice if a build cache could be leveraged to speed up build times. Is something like this possible?

Nix flakes support

It would be great if it was possible to pin what version of nix is being installed, and then be able to install the nix flakes edition through this mechanism.

I think that the nix publishing needs to be extended to also publish install scripts for the flakes branch first.

Document how and if to run NixOS tests

I am getting an

error: a 'x86_64-linux' with features {kvm, nixos-test} is required to build '/nix/store/1rq4j0hk5g5p3917q13qzpa7rj19r61s-vm-test-run-redis.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, nixos-test}

when running cachix-action after install-nix-action against https://github.com/573/nix-github-integration-tests.

Would I need to add the line system-features = nixos-test to the configuration and how ?

I have tried and failed to add the following line to my actions yml already:

sudo sh -c echo system-features = nixos-test >> /etc/nix/nix.conf

Original question

Possible alternative for Nix w/ flakes

As an alternative to:

    - uses: cachix/install-nix-action@v13
      with:
        install_url: https://nixos-nix-install-tests.cachix.org/serve/lb41az54kzk6j12p81br4bczary7m145/install
        install_options: '--tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve'
        extra_nix_config: |
          experimental-features = nix-command flakes

which pins the Nix version being used, you could make use of numtide/nix-unstable-installer and do:

      - uses: cachix/install-nix-action@v13
        with:
          install_url: https://github.com/numtide/nix-unstable-installer/releases/latest/download/install
          extra_nix_config: |
            experimental-features = nix-command flakes

to just always grab the latest successful build from Hydra.

Local paths in hoogle point to /opt/nix

When hoogle documentation (I'm invoking from haskell.nix) is built with this action, the resulting hoogle database contains paths to /opt/nix instead of /nix. This is the obvious direct culprit 😢

I've only validated this on the MacOS platform, so I'm not certain if it's also true for Linux (but the symlinking appears to be performed on both platforms).

I'll look into whether this is caused inside hoogle, or the hoogle.nix integration, but either way, it's more than concerning that the symlink causes a modified build.

Enable sandboxing/multi-user mode

The current installation step for the action just installs Nix in single-user mode, not multi-user mode, which is a requirement for sandboxing. Sandboxing has been enabled by default for multi-user, on both Darwin and Linux for a while provided you pass --daemon to the installer.

It would be nice if this could be enabled, or otherwise noted why that might be technically infeasible, because otherwise host impurities in the (Ubuntu?) distro can leak into the build steps. On top of that, it can probably introduce other strange failures, since we don't test it -- many packages in Nixpkgs at least fail without sandboxing enabled because they get confused by host system features (they will see something in /etc/os-release or /dev and make a decision we otherwise wouldn't encounter, and the build steps change. The kernel packages are the most obvious example of a package that don't build without sandboxing but there are certainly many many others).

It does seem like GitHub actions supports passwordless sudo for virtual Ubuntu runners (docs), so this should be easy.

Actually, the most annoying part might be the fact that I don't think the script has a "Say yes to every prompt" option since daemon mode installation is interactive, but I think we can easily fix it a la yes | sh /path/to/install

Act does no support sudo

Hello, I am using Act to test GitHub actions locally. It is a very nice tool
https://github.com/nektos/act

This action does not work there because the installation process requires sudo and act runs inside a container.

To reproduce this issue you can install act, and use it to run locally a workflow that uses this action.

[feature] Extra Nix config

I often end up configuring the sandbox and enabling some of the feature flags. It would be nice if the installer would allow passing extra configuration like that.

`with` Support for appending to `/etc/nix/machines`

It would be cool if there was some support (maybe even a structured attrset like in nixos?) to add a builder to /etc/nix/machines. That way it becomes trivial to set up a build server instead of stealing minutes from the Github builders.

For example in my nixos config I have:

nix.buildMachines = [
      # access to the nix-community aarch64 build box
      {
        hostName = "aarch64.nixos.community";
        maxJobs = 64;
        sshKey = "/root/aarch64-build-box/ssh-key";
        sshUser = "Profpatsch";
        system = "aarch64-linux";
        supportedFeatures = [ "big-parallel" ];
      }

which creates the following line in /etc/nix/machines:

[email protected] aarch64-linux /root/aarch64-build-box/ssh-key 64 1 big-parallel

And now nix will use the nixos community aarch builder for my "aarch64-linux" derivations.

We of course also need a way to specify the private ssh key for logging into the builder. And maybe a security warning, that running nix on a builder might be a remote execution vector (nix sandboxes it, but exploits are not unheard of, so you might only want to enable it in private repos and/or on PRs by trusted contributors).

--daemon-user-count 4?

Is there a reason for --daemon-user-count 4 being including in the install flags? If not, could you either remove it or change it to the installer's default of 32? I have an update script that updates 100+ packages at once in parallel (with 32 threads) and it's erroring out because there's not enough builders.

How to specify commit for nixpkgs?

Instead of specifying a channel, how might one go about specifying a commit (e.g. the commented line)?

    nix_path: nixpkgs=channel:nixos-20.09
    # nix_path: nixpkgs=channel:0b8799ecaaf0dc6b4c11583a3c96ca5b40fcfdfb # in 20.09, Oct 9 2020

Deprecated functions used in install-nix.sh

When using cachix/install-nix-action@master, I get the following warnings in the log at the very end of the installation:

Warning: The `add-path` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
Warning: The `add-path` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/
Warning: The `set-env` command is deprecated and will be disabled soon. Please upgrade to using Environment Files. For more information see: https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

From the linked page, it seems that we should use the exportVariable and addPath functions instead of set-env and add-path in lib/install-nix.sh.

Export or publish nixpkgs revision

I apologize if this is documented, but I couldn't find it.

We're trying to use GitHub actions with a cron schedule to provide a rolling release of nixos-rocm. We want a daily rebuild to pick up nixos-unstable advances, so we don't pin nixpkgs in our build. But then I'd like to report what revision of nixpkgs was used in the most recent build since I think we will bump into the free tier storage limits fairly quickly, meaning that we won't have many historical versions in the cache.

Is there an existing way of having a badge or something that lists the specific revision the action picked up with its channel setting?

Cannot run "nix eval" in derivation

The following fails to build in a GitHub action:

let
  sources = import ./nix/sources.nix;
  pkgs = import sources.nixpkgs {};
in
  pkgs.runCommand "nix-eval"
  { nativeBuildInputs = [ pkgs.nix ]; }
  ''
    nix eval '(1+2)' > $out
  ''

with the following error:

building '/nix/store/4vmvfs47pwvm2gkrmyiqk3vlrl71fhfh-nix-eval.drv'...
warning: you don't have Internet access; disabling some network-dependent features
error: creating directory '/nix/var': Permission denied
builder for '/nix/store/4vmvfs47pwvm2gkrmyiqk3vlrl71fhfh-nix-eval.drv' failed with exit code 1
error: build of '/nix/store/4vmvfs47pwvm2gkrmyiqk3vlrl71fhfh-nix-eval.drv' failed

The "you don't have Internet access" bit suggests that you enable sandbox by default, although I doubt that's the main issue. Running this locally, with sandbox, works fine. Looking at the logs I suspect this is a multi-user install; I have a single-user install locally. (unrelated: why the multi-user install?)

Running this locally with strace I see the following:

access("/nix/var/nix", R_OK|W_OK)       = -1 ENOENT (No such file or directory)
lstat("/nix/var/nix/daemon-socket/socket", 0x7fffffffd260) = -1 ENOENT (No such file or directory)
getpid()                                = 5
lstat("/nix/store", {st_mode=S_IFDIR|S_ISVTX|0775, st_size=4096, ...}) = 0
getuid()                                = 1000
lstat("/nix/store/.links", 0x7fffffffcc90) = -1 ENOENT (No such file or directory)
lstat("/nix/store", {st_mode=S_IFDIR|S_ISVTX|0775, st_size=4096, ...}) = 0
mkdir("/nix/store/.links", 0777)        = 0
lstat("/nix/store/.links", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/nix/var/nix/profiles", 0x7fffffffcc90) = -1 ENOENT (No such file or directory)
lstat("/nix/var/nix", 0x7fffffffc8e0)   = -1 ENOENT (No such file or directory)
lstat("/nix/var", 0x7fffffffc530)       = -1 ENOENT (No such file or directory)
lstat("/nix", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
mkdir("/nix/var", 0777)                 = 0
lstat("/nix/var", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0

and in the action:

access("/nix/var/nix", R_OK|W_OK)       = -1 ENOENT (No such file or directory)
lstat("/nix/var/nix/daemon-socket/socket", 0x7fffffffd260) = -1 ENOENT (No such file or directory)
getpid()                                = 5
lstat("/nix/store", {st_mode=S_IFDIR|S_ISVTX|0775, st_size=4096, ...}) = 0
getuid()                                = 1000
lstat("/nix/store/.links", 0x7fffffffcc90) = -1 ENOENT (No such file or directory)
lstat("/nix/store", {st_mode=S_IFDIR|S_ISVTX|0775, st_size=4096, ...}) = 0
mkdir("/nix/store/.links", 0777)        = 0
lstat("/nix/store/.links", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat("/nix/var/nix/profiles", 0x7fffffffcc90) = -1 ENOENT (No such file or directory)
lstat("/nix/var/nix", 0x7fffffffc8e0)   = -1 ENOENT (No such file or directory)
lstat("/nix/var", 0x7fffffffc530)       = -1 ENOENT (No such file or directory)
lstat("/nix", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
mkdir("/nix/var", 0777)                 = -1 EACCES (Permission denied)

I don't know the internals of Nix, but it could be that /nix is reachable in the sandbox, /nix/var is hidden by the unshare(1) but /nix still belongs to the main user and not to the build user. This may simply be multi-user vs. single-user related, though I can't test this on my machine.

For repro and Actions logs: https://github.com/nmattia/nix-eval-actions

Feature suggestion: Configure additional (non-cachix) caches

In some of my projects (using haskell.nix), I could make good use of the iohk cache. They have setup instructions at https://input-output-hk.github.io/haskell.nix/tutorials/getting-started/#setting-up-the-binary-cache but it’s the usual problem:

  • It requires changing an existing line in the nix config (so simply appending via the existing support is not enough)
  • It requires knowing the location of the nix config, which is something that install-nix-action arguably should hide.

So it would be nice to be able to say

    - uses: cachix/install-nix-action@v13
      with:
        extra-caches:
        - url: https://hydra.iohk.io
          key: hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ

and not worry about anything else.

Flakes

Default to enable flakes and allow opt out.

Retries?

I've noticed the install-nix-action failing occasionally with logs like:

Run cachix/install-nix-action@v10
  with:
    nix_path: nixpkgs=channel:nixos-20.03
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (7) Failed to connect to nixos.org port 443: Connection refused

See for example https://github.com/cprussin/nixjs/runs/818847845.

Would it be a good idea to add something like --retry 5 around the curl command here https://github.com/cachix/install-nix-action/blob/master/lib/install-nix.sh#L16?

Breaks on (at least some) self-hosted runners

We recently started using https://github.com/philips-labs/terraform-aws-github-runner. It creates ephemeral self-hosted runners in EC2. Most of the time, the instances are freshly-created, but they will stick around for a bit after finishing a workflow in case another workflow quickly becomes available, in which case you might get the same instance again.

When this happens, and both the previous workflow and the next workflow use this action, we get the following failure:

...
2021-10-01T00:45:54.7702575Z �[34m---- let's talk about sudo -----------------------------------------------------
2021-10-01T00:45:54.7714295Z �[0mThis script is going to call sudo a lot. Normally, it would show you
2021-10-01T00:45:54.7716361Z exactly what commands it is running and why. However, the script is
2021-10-01T00:45:54.7718730Z run in a headless fashion, like this:
2021-10-01T00:45:54.7719651Z 
2021-10-01T00:45:54.7720930Z   $ curl -L https://nixos.org/nix/install | sh
2021-10-01T00:45:54.7721756Z 
2021-10-01T00:45:54.7723160Z or maybe in a CI pipeline. Because of that, we're going to skip the
2021-10-01T00:45:54.7724515Z verbose output in the interest of brevity.
2021-10-01T00:45:54.7725249Z 
2021-10-01T00:45:54.7725953Z If you would like to
2021-10-01T00:45:54.7726840Z see the output, try like this:
2021-10-01T00:45:54.7727745Z 
2021-10-01T00:45:54.7729161Z   $ curl -L -o install-nix https://nixos.org/nix/install
2021-10-01T00:45:54.7730595Z   $ sh ./install-nix
2021-10-01T00:45:54.7731151Z 
2021-10-01T00:45:54.7747047Z 
2021-10-01T00:45:54.7748571Z �[34m---- oh no! --------------------------------------------------------------------
2021-10-01T00:45:54.7787295Z �[0m�[31mWhen this script runs, it backs up the current /etc/bashrc to
2021-10-01T00:45:54.7788936Z /etc/bashrc.backup-before-nix. This backup file already exists, though.
2021-10-01T00:45:54.7789763Z 
2021-10-01T00:45:54.7790547Z Please follow these instructions to clean up the old backup file:
2021-10-01T00:45:54.7791475Z 
2021-10-01T00:45:54.7792633Z 1. Copy /etc/bashrc and /etc/bashrc.backup-before-nix to another place, just
2021-10-01T00:45:54.7793594Z in case.
2021-10-01T00:45:54.7794042Z 
2021-10-01T00:45:54.7795175Z 2. Take care to make sure that /etc/bashrc.backup-before-nix doesn't look like
2021-10-01T00:45:54.7796625Z it has anything nix-related in it. If it does, something is probably
2021-10-01T00:45:54.7797738Z quite wrong. Please open an issue or get in touch immediately.
2021-10-01T00:45:54.7801951Z �[0m
2021-10-01T00:45:54.7817828Z �[31mWe'd love to help if you need it.
2021-10-01T00:45:54.7818492Z 
2021-10-01T00:45:54.7819575Z You can open an issue at https://github.com/nixos/nix/issues
2021-10-01T00:45:54.7820828Z 
2021-10-01T00:45:54.7821661Z Or feel free to contact the team:
2021-10-01T00:45:54.7822900Z  - Matrix: #nix:nixos.org
2021-10-01T00:45:54.7824170Z  - IRC: in #nixos on irc.libera.chat
2021-10-01T00:45:54.7825429Z  - twitter: @nixos_org
2021-10-01T00:45:54.7826903Z  - forum: https://discourse.nixos.org
2021-10-01T00:45:54.8703411Z child_process.js:642
2021-10-01T00:45:54.8708857Z     throw err;
2021-10-01T00:45:54.8709521Z     ^
2021-10-01T00:45:54.8709947Z 
2021-10-01T00:45:54.8716836Z Error: Command failed: /home/ec2-user/actions-runner/_work/_actions/cachix/install-nix-action/v14/lib/install-nix.sh
2021-10-01T00:45:54.8718487Z     at checkExecSyncError (child_process.js:621:11)
2021-10-01T00:45:54.8719881Z     at Object.execFileSync (child_process.js:639:15)
2021-10-01T00:45:54.8721521Z     at Object.<anonymous> (/home/ec2-user/actions-runner/_work/_actions/cachix/install-nix-action/v14/lib/main.js:4:17)
2021-10-01T00:45:54.8722812Z     at Module._compile (internal/modules/cjs/loader.js:959:30)
2021-10-01T00:45:54.8723869Z     at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
2021-10-01T00:45:54.8724925Z     at Module.load (internal/modules/cjs/loader.js:815:32)
2021-10-01T00:45:54.8725913Z     at Function.Module._load (internal/modules/cjs/loader.js:727:14)
2021-10-01T00:45:54.8727036Z     at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
2021-10-01T00:45:54.8728020Z     at internal/main/run_main_module.js:17:11 {
2021-10-01T00:45:54.8728629Z   status: 1,
2021-10-01T00:45:54.8729126Z   signal: null,
2021-10-01T00:45:54.8729704Z   output: [ null, null, null ],
2021-10-01T00:45:54.8730237Z   pid: 16656,
2021-10-01T00:45:54.8730725Z   stdout: null,
2021-10-01T00:45:54.8731242Z   stderr: null
2021-10-01T00:45:54.8731693Z }

I would have thought that this action checks for an existing /nix/store, and it appears that it used to, but that's been removed: 82ce26d

Flakes example from README doesn't work on macos-latest

I tried the Flakes example from the README on macos-latest:

name: "Test"
on:
  pull_request:
  push:
jobs:
  tests:
    runs-on: macos-latest
    steps:
    - uses: actions/checkout@v2
      with:
          # Nix Flakes doesn't work on shallow clones
          fetch-depth: 0
    - uses: cachix/install-nix-action@v11
      with:
        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-3.0pre20200820_4d77513/install
        extra_nix_config: |
          experimental-features = nix-command flakes
    - run: nix-build

The installation failed with this error:


Run cachix/install-nix-action@v11
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   633  100   633    0     0   2370      0 --:--:-- --:--:-- --:--:--  2361

100  2593  100  2593    0     0   4343      0 --:--:-- --:--:-- --:--:--  4343
downloading Nix 3.0pre20200820_4d77513 binary tarball for x86_64-darwin from 'https://github.com/numtide/nix-flakes-installer/releases/download/nix-3.0pre20200820_4d77513/nix-3.0pre20200820_4d77513-x86_64-darwin.tar.xz' to '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/nix-binary-tarball-unpack.XXXXXXXXXX.y9Dm5psj'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100   673  100   673    0     0   2520      0 --:--:-- --:--:-- --:--:--  2520

  0 26.2M    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
 50 26.2M   50 13.3M    0     0  8695k      0  0:00:03  0:00:01  0:00:02 14.3M
100 26.2M  100 26.2M    0     0  12.9M      0  0:00:02  0:00:02 --:--:-- 18.8M
Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation
Creating volume and mountpoint /nix.
/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/nix-binary-tarball-unpack.XXXXXXXXXX.y9Dm5psj/unpack/nix-3.0pre20200820_4d77513-x86_64-darwin/install: line 108: /var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/nix-binary-tarball-unpack.XXXXXXXXXX.y9Dm5psj/unpack/nix-3.0pre20200820_4d77513-x86_64-darwin/create-darwin-volume.sh: No such file or directory
child_process.js:642
    throw err;
    ^

Enable sandbox on macOS 

sandbox-exec: execvp() of '/nix/store/4l15aq4m0hzkhn23qhgg7sbj750cb4wr-bash-4.4-p23/bin/bash' failed: Operation not permitted
sandbox-exec: execvp() of '/nix/store/4l15aq4m0hzkhn23qhgg7sbj750cb4wr-bash-4.4-p23/bin/bash' failed: Operation not permitted
sandbox-exec: execvp() of '/nix/store/4l15aq4m0hzkhn23qhgg7sbj750cb4wr-bash-4.4-p23/bin/bash' failed: Operation not permitted

See https://github.com/cachix/install-nix-action/runs/311796484
Upstream NixOS/nix#2925 (comment)

WIP at 2684b5c

Action breaks on macos-11

Github Actions has recently switched the default macos-latest runners to use macos-11 rather than the previous macos-10.15. This appears to have broken the installer action (based on my repo https://github.com/kclejeune/system/runs/3935328648).

Relevant logs are pasted below, let me know if I can provide any additional information!

2021-10-19T05:55:12.6670340Z Found online and idle hosted runner in the current repository's organization account that matches the required labels: 'macos-latest'
2021-10-19T05:55:12.8026506Z Waiting for a Hosted runner in the 'organization' to pick this job...
2021-10-19T05:55:12.9812753Z Job is waiting for a hosted runner to come online.
2021-10-19T05:55:22.2235054Z Job is about to start running on the hosted runner: GitHub Actions 2 (hosted)
2021-10-19T05:55:25.2772430Z Current runner version: '2.283.2'
2021-10-19T05:55:25.2822640Z ##[group]Operating System
2021-10-19T05:55:25.2823740Z macOS
2021-10-19T05:55:25.2824180Z 11.6
2021-10-19T05:55:25.2824640Z 20G165
2021-10-19T05:55:25.2825090Z ##[endgroup]
2021-10-19T05:55:25.2825780Z ##[group]Virtual Environment
2021-10-19T05:55:25.2826460Z Environment: macos-11
2021-10-19T05:55:25.2826970Z Version: 20211011.3
2021-10-19T05:55:25.2827960Z Included Software: https://github.com/actions/virtual-environments/blob/macOS-11/20211011.3/images/macos/macos-11-Readme.md
2021-10-19T05:55:25.2829310Z Image Release: https://github.com/actions/virtual-environments/releases/tag/macOS-11%2F20211011.3
2021-10-19T05:55:25.2831170Z ##[endgroup]
2021-10-19T05:55:25.2832030Z ##[group]Virtual Environment Provisioner
2021-10-19T05:55:25.2832710Z 1.0.0.0-master-20211007-1
2021-10-19T05:55:25.2833210Z ##[endgroup]
2021-10-19T05:55:25.2835470Z ##[group]GITHUB_TOKEN Permissions
2021-10-19T05:55:25.2836950Z Actions: write
2021-10-19T05:55:25.2837660Z Checks: write
2021-10-19T05:55:25.2838250Z Contents: write
2021-10-19T05:55:25.2838910Z Deployments: write
2021-10-19T05:55:25.2839490Z Discussions: write
2021-10-19T05:55:25.2839980Z Issues: write
2021-10-19T05:55:25.2840510Z Metadata: read
2021-10-19T05:55:25.2841000Z Packages: write
2021-10-19T05:55:25.2841840Z Pages: write
2021-10-19T05:55:25.2842610Z PullRequests: write
2021-10-19T05:55:25.2843220Z RepositoryProjects: write
2021-10-19T05:55:25.2844190Z SecurityEvents: write
2021-10-19T05:55:25.2844780Z Statuses: write
2021-10-19T05:55:25.2845530Z ##[endgroup]
2021-10-19T05:55:25.2849460Z Prepare workflow directory
2021-10-19T05:55:25.3681130Z Prepare all required actions
2021-10-19T05:55:25.3693050Z Getting action download info
2021-10-19T05:55:25.6386000Z Download action repository 'actions/[email protected]' (SHA:5a4ac9002d0be2fb38bd78e4b4dbde5606d7042f)
2021-10-19T05:55:27.6324100Z Download action repository 'cachix/install-nix-action@v14' (SHA:11e5400eccd6f89582f7da71e36b86e2b0924252)
2021-10-19T05:55:28.0515860Z Download action repository 'cachix/cachix-action@v10' (SHA:73e75d1a0cd4330597a571e8f9dedb41faa2fc4e)
2021-10-19T05:55:28.8656790Z ##[group]Run actions/[email protected]
# actions/checkout logs omitted
2021-10-19T05:55:31.0554520Z ##[group]Run cachix/install-nix-action@v14
2021-10-19T05:55:31.0555070Z with:
2021-10-19T05:55:31.0555880Z   install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.4pre20210823_af94b54/install
2021-10-19T05:55:31.0557760Z   extra_nix_config: experimental-features = nix-command flakes
access-tokens = github.com=***

2021-10-19T05:55:31.0558940Z env:
2021-10-19T05:55:31.0559360Z   NIX_VERSION: nix-2.4pre20210823_af94b54
2021-10-19T05:55:31.0559800Z ##[endgroup]
2021-10-19T05:55:32.3701510Z installer options: --no-channel-add --darwin-use-unencrypted-nix-store-volume --nix-extra-conf-file /tmp/nix.conf --daemon --daemon-user-count 6
2021-10-19T05:55:32.8878680Z   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
2021-10-19T05:55:32.8881090Z                                  Dload  Upload   Total   Spent    Left  Speed
2021-10-19T05:55:32.8882450Z
2021-10-19T05:55:33.0697960Z   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2021-10-19T05:55:33.0700880Z 100   615  100   615    0     0   3234      0 --:--:-- --:--:-- --:--:--  3397
2021-10-19T05:55:33.1911470Z
2021-10-19T05:55:33.1915800Z 100  4061  100  4061    0     0  13024      0 --:--:-- --:--:-- --:--:-- 13024
2021-10-19T05:55:33.2150650Z downloading Nix 2.4pre20210823_af94b54 binary tarball for x86_64-darwin from 'https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.4pre20210823_af94b54/nix-2.4pre20210823_af94b54-x86_64-darwin.tar.xz' to '/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/nix-binary-tarball-unpack.XXXXXXXXXX.fBgBLpKe'...
2021-10-19T05:55:33.2336900Z   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
2021-10-19T05:55:33.2339740Z                                  Dload  Upload   Total   Spent    Left  Speed
2021-10-19T05:55:33.2343550Z
2021-10-19T05:55:33.4147600Z   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2021-10-19T05:55:33.4149620Z 100   655  100   655    0     0   3517      0 --:--:-- --:--:-- --:--:--  3618
2021-10-19T05:55:33.6229340Z
2021-10-19T05:55:34.5000110Z   0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
2021-10-19T05:55:34.5001870Z 100 33.3M  100 33.3M    0     0  26.2M      0  0:00:01  0:00:01 --:--:-- 38.0M
2021-10-19T05:55:39.0667790Z Warning: the flag --darwin-use-unencrypted-nix-store-volume
2021-10-19T05:55:39.0695010Z          is no longer needed and will be removed in the future.
2021-10-19T05:55:39.0695940Z
2021-10-19T05:55:39.0709690Z �[1;31mSwitching to the Multi-user Installer�[0m
2021-10-19T05:55:39.3094640Z �[32mWelcome to the Multi-User Nix Installation
2021-10-19T05:55:39.3126860Z �[0m
2021-10-19T05:55:39.3127710Z This installation tool will set up your computer with the Nix package
2021-10-19T05:55:39.3128410Z manager. This will happen in a few stages:
2021-10-19T05:55:39.3128790Z
2021-10-19T05:55:39.3129970Z 1. Make sure your computer doesn't already have Nix. If it does, I
2021-10-19T05:55:39.3130720Z    will show you instructions on how to clean up your old install.
2021-10-19T05:55:39.3131330Z
2021-10-19T05:55:39.3131910Z 2. Show you what we are going to install and where. Then we will ask
2021-10-19T05:55:39.3132500Z    if you are ready to continue.
2021-10-19T05:55:39.3132840Z
2021-10-19T05:55:39.3133400Z 3. Create the system users and groups that the Nix daemon uses to run
2021-10-19T05:55:39.3134140Z    builds.
2021-10-19T05:55:39.3134380Z
2021-10-19T05:55:39.3134940Z 4. Perform the basic installation of the Nix files daemon.
2021-10-19T05:55:39.3135370Z
2021-10-19T05:55:39.3135940Z 5. Configure your shell to import special Nix Profile files, so you
2021-10-19T05:55:39.3136490Z    can use Nix.
2021-10-19T05:55:39.3136860Z
2021-10-19T05:55:39.3137450Z 6. Start the Nix daemon.
2021-10-19T05:55:39.3137720Z
2021-10-19T05:55:39.3138820Z �[32m�[4;32mWould you like to see a more detailed list of what we will do?
2021-10-19T05:55:39.3139890Z �[0mNo TTY, assuming you would say yes :)
2021-10-19T05:55:39.3159860Z
2021-10-19T05:55:39.3160550Z We will:
2021-10-19T05:55:39.3160850Z
2021-10-19T05:55:39.3161940Z  - make sure your computer doesn't already have Nix files
2021-10-19T05:55:39.3162630Z    (if it does, I will tell you how to clean them up.)
2021-10-19T05:55:39.3163720Z  - create local users (see the list above for the users we'll make)
2021-10-19T05:55:39.3165430Z  - create a local group (nixbld)
2021-10-19T05:55:39.3166330Z  - install Nix in to /nix
2021-10-19T05:55:39.3167320Z  - create a configuration file in /etc/nix
2021-10-19T05:55:39.3168480Z  - set up the "default profile" by creating some Nix-related files in
2021-10-19T05:55:39.3169060Z    /var/root
2021-10-19T05:55:39.3190620Z  - back up /etc/bashrc to /etc/bashrc.backup-before-nix
2021-10-19T05:55:39.3191940Z  - update /etc/bashrc to include some Nix configuration
2021-10-19T05:55:39.3195270Z  - create a Nix volume and a LaunchDaemon to mount it
2021-10-19T05:55:39.3196770Z  - create a LaunchDaemon (at /Library/LaunchDaemons/org.nixos.nix-daemon.plist) for nix-daemon
2021-10-19T05:55:39.3197460Z
2021-10-19T05:55:39.3198430Z �[32m�[4;32mReady to continue?
2021-10-19T05:55:39.3199410Z �[0mNo TTY, assuming you would say yes :)
2021-10-19T05:55:39.3273440Z
2021-10-19T05:55:39.3274990Z �[34m---- let's talk about sudo -----------------------------------------------------
2021-10-19T05:55:39.3303270Z �[0mThis script is going to call sudo a lot. Normally, it would show you
2021-10-19T05:55:39.3304110Z exactly what commands it is running and why. However, the script is
2021-10-19T05:55:39.3304960Z run in a headless fashion, like this:
2021-10-19T05:55:39.3305320Z
2021-10-19T05:55:39.3306250Z   $ curl -L https://nixos.org/nix/install | sh
2021-10-19T05:55:39.3306820Z
2021-10-19T05:55:39.3307800Z or maybe in a CI pipeline. Because of that, we're going to skip the
2021-10-19T05:55:39.3308640Z verbose output in the interest of brevity.
2021-10-19T05:55:39.3309000Z
2021-10-19T05:55:39.3309410Z If you would like to
2021-10-19T05:55:39.3309920Z see the output, try like this:
2021-10-19T05:55:39.3310260Z
2021-10-19T05:55:39.3311250Z   $ curl -L -o install-nix https://nixos.org/nix/install
2021-10-19T05:55:39.3312380Z   $ sh ./install-nix
2021-10-19T05:55:39.3312700Z
2021-10-19T05:55:39.3312980Z
2021-10-19T05:55:39.3313860Z �[32m~~> Fixing any leftover Nix volume state
2021-10-19T05:55:39.3335210Z �[0mBefore I try to install, I'll check for any existing Nix volume config
2021-10-19T05:55:39.3336370Z and ask for your permission to remove it (so that the installer can
2021-10-19T05:55:39.3337770Z start fresh). I'll also ask for permission to fix any issues I spot.
2021-10-19T05:55:39.3676260Z
2021-10-19T05:55:39.3678130Z �[34m---- Nix config report ---------------------------------------------------------
2021-10-19T05:55:39.3679570Z �[0m�[1m        Temp Dir�[0m:	/var/folders/24/8k48jl6d249_n_qfxwsl6xvm0000gn/T/tmp.kkkxP5kAlm
2021-10-19T05:55:39.3680630Z �[1m        Nix Root�[0m:	/nix
2021-10-19T05:55:39.3681650Z �[1m     Build Users�[0m:	6
2021-10-19T05:55:39.3682470Z �[1m  Build Group ID�[0m:	30000
2021-10-19T05:55:39.3683400Z �[1mBuild Group Name�[0m:	nixbld
2021-10-19T05:55:39.3683770Z
2021-10-19T05:55:39.3684560Z �[4;34mbuild users:
2021-10-19T05:55:39.3685480Z �[0m�[1m    Username�[0m:	UID
2021-10-19T05:55:39.3756890Z �[1m     _nixbld1�[0m:	301
2021-10-19T05:55:39.3777670Z �[1m     _nixbld2�[0m:	302
2021-10-19T05:55:39.3798420Z �[1m     _nixbld3�[0m:	303
2021-10-19T05:55:39.3819410Z �[1m     _nixbld4�[0m:	304
2021-10-19T05:55:39.3840240Z �[1m     _nixbld5�[0m:	305
2021-10-19T05:55:39.3861120Z �[1m     _nixbld6�[0m:	306
2021-10-19T05:55:39.3861450Z
2021-10-19T05:55:39.3862500Z �[32m�[4;32mReady to continue?
2021-10-19T05:55:39.3863490Z �[0mNo TTY, assuming you would say yes :)
2021-10-19T05:55:39.3900660Z
2021-10-19T05:55:39.3902370Z �[34m---- Preparing a Nix volume ----------------------------------------------------
2021-10-19T05:55:39.3930370Z �[0m    Nix traditionally stores its data in the root directory /nix, but
2021-10-19T05:55:39.3932140Z     macOS now (starting in 10.15 Catalina) has a read-only root directory.
2021-10-19T05:55:39.3932980Z     To support Nix, I will create a volume and configure macOS to mount it
2021-10-19T05:55:39.3933730Z     at /nix.
2021-10-19T05:55:39.3962360Z
2021-10-19T05:55:39.3963930Z �[32m~~> Configuring /etc/synthetic.conf to make a mount-point at /nix
2021-10-19T05:55:39.5364790Z �[0m
2021-10-19T05:55:39.5365990Z �[32m~~> Creating a Nix volume
2021-10-19T05:55:40.3728370Z �[0m
2021-10-19T05:55:40.3731000Z �[32m~~> Configuring /etc/fstab to specify volume mount options
2021-10-19T05:55:40.4841320Z �[0m
2021-10-19T05:55:40.4843570Z �[32m~~> Configuring LaunchDaemon to mount 'Nix Store'
2021-10-19T05:55:51.0234130Z
2021-10-19T05:55:51.0236960Z �[32m~~> Setting up the build group nixbld
2021-10-19T05:55:51.0918550Z �[0m�[1m            Created�[0m:	Yes
2021-10-19T05:55:51.0971260Z
2021-10-19T05:55:51.0979180Z �[32m~~> Setting up the build user _nixbld1
2021-10-19T05:55:51.2124510Z �[0m�[1m           Created�[0m:	Yes
2021-10-19T05:55:51.2936600Z �[1m            Hidden�[0m:	Yes
2021-10-19T05:55:51.3766090Z �[1m    Home Directory�[0m:	/var/empty
2021-10-19T05:55:51.3973780Z �[1m              Note�[0m:	Nix build user 1
2021-10-19T05:55:51.4727300Z �[1m   Logins Disabled�[0m:	Yes
2021-10-19T05:55:51.5340430Z �[1m  Member of nixbld�[0m:	Yes
2021-10-19T05:55:51.6194730Z �[1m    PrimaryGroupID�[0m:	30000
2021-10-19T05:55:51.6218420Z
2021-10-19T05:55:51.6220800Z �[32m~~> Setting up the build user _nixbld2
2021-10-19T05:55:51.6976290Z �[0m�[1m           Created�[0m:	Yes
2021-10-19T05:55:51.7753910Z �[1m            Hidden�[0m:	Yes
2021-10-19T05:55:51.8532960Z �[1m    Home Directory�[0m:	/var/empty
2021-10-19T05:55:51.8704840Z �[1m              Note�[0m:	Nix build user 2
2021-10-19T05:55:51.9492310Z �[1m   Logins Disabled�[0m:	Yes
2021-10-19T05:55:52.0062890Z �[1m  Member of nixbld�[0m:	Yes
2021-10-19T05:55:52.0910920Z �[1m    PrimaryGroupID�[0m:	30000
2021-10-19T05:55:52.0934330Z
2021-10-19T05:55:52.0935710Z �[32m~~> Setting up the build user _nixbld3
2021-10-19T05:55:52.1690440Z �[0m�[1m           Created�[0m:	Yes
2021-10-19T05:55:52.2475270Z �[1m            Hidden�[0m:	Yes
2021-10-19T05:55:52.3296230Z �[1m    Home Directory�[0m:	/var/empty
2021-10-19T05:55:52.3476880Z �[1m              Note�[0m:	Nix build user 3
2021-10-19T05:55:52.4270970Z �[1m   Logins Disabled�[0m:	Yes
2021-10-19T05:55:52.4887790Z �[1m  Member of nixbld�[0m:	Yes
2021-10-19T05:55:52.5782800Z �[1m    PrimaryGroupID�[0m:	30000
2021-10-19T05:55:52.5806380Z
2021-10-19T05:55:52.5808040Z �[32m~~> Setting up the build user _nixbld4
2021-10-19T05:55:52.6590160Z �[0m�[1m           Created�[0m:	Yes
2021-10-19T05:55:52.7375380Z �[1m            Hidden�[0m:	Yes
2021-10-19T05:55:52.8155170Z �[1m    Home Directory�[0m:	/var/empty
2021-10-19T05:55:52.8332290Z �[1m              Note�[0m:	Nix build user 4
2021-10-19T05:55:52.9096470Z �[1m   Logins Disabled�[0m:	Yes
2021-10-19T05:55:52.9682350Z �[1m  Member of nixbld�[0m:	Yes
2021-10-19T05:55:53.0522190Z �[1m    PrimaryGroupID�[0m:	30000
2021-10-19T05:55:53.0544710Z
2021-10-19T05:55:53.0546600Z �[32m~~> Setting up the build user _nixbld5
2021-10-19T05:55:53.1296710Z �[0m�[1m           Created�[0m:	Yes
2021-10-19T05:55:53.2063980Z �[1m            Hidden�[0m:	Yes
2021-10-19T05:55:53.2838550Z �[1m    Home Directory�[0m:	/var/empty
2021-10-19T05:55:53.3016180Z �[1m              Note�[0m:	Nix build user 5
2021-10-19T05:55:53.3779370Z �[1m   Logins Disabled�[0m:	Yes
2021-10-19T05:55:53.4351520Z �[1m  Member of nixbld�[0m:	Yes
2021-10-19T05:55:53.5200190Z �[1m    PrimaryGroupID�[0m:	30000
2021-10-19T05:55:53.5222590Z
2021-10-19T05:55:53.5224680Z �[32m~~> Setting up the build user _nixbld6
2021-10-19T05:55:53.6030210Z �[0m�[1m           Created�[0m:	Yes
2021-10-19T05:55:53.6812610Z �[1m            Hidden�[0m:	Yes
2021-10-19T05:55:53.7602370Z �[1m    Home Directory�[0m:	/var/empty
2021-10-19T05:55:53.7780570Z �[1m              Note�[0m:	Nix build user 6
2021-10-19T05:55:53.8547570Z �[1m   Logins Disabled�[0m:	Yes
2021-10-19T05:55:53.9133100Z �[1m  Member of nixbld�[0m:	Yes
2021-10-19T05:55:53.9967180Z �[1m    PrimaryGroupID�[0m:	30000
2021-10-19T05:55:53.9967600Z
2021-10-19T05:55:53.9968850Z �[32m~~> Setting up the basic directory structure
2021-10-19T05:55:54.0781480Z �[0minstall: mkdir /nix/var
2021-10-19T05:55:54.0782200Z install: mkdir /nix/var/log
2021-10-19T05:55:54.0783430Z install: mkdir /nix/var/log/nix
2021-10-19T05:55:54.0783920Z install: mkdir /nix/var/log/nix/drvs
2021-10-19T05:55:54.0784430Z install: mkdir /nix/var/nix
2021-10-19T05:55:54.0784930Z install: mkdir /nix/var/nix/db
2021-10-19T05:55:54.0785400Z install: mkdir /nix/var/nix/gcroots
2021-10-19T05:55:54.0786200Z install: mkdir /nix/var/nix/profiles
2021-10-19T05:55:54.0787110Z install: mkdir /nix/var/nix/temproots
2021-10-19T05:55:54.0787620Z install: mkdir /nix/var/nix/userpool
2021-10-19T05:55:54.0788720Z install: mkdir /nix/var/nix/gcroots/per-user
2021-10-19T05:55:54.0789750Z install: mkdir /nix/var/nix/profiles/per-user
2021-10-19T05:55:54.1096440Z install: mkdir /nix/store
2021-10-19T05:55:54.1397660Z install: mkdir /etc/nix
2021-10-19T05:55:54.1410400Z
2021-10-19T05:55:54.1411850Z �[32m~~> Installing Nix
2021-10-19T05:55:58.5450320Z �[0m      Alright! We have our first nix at /nix/store/sgr7088amn2kdiq7rnm8dw2gwx4rb0pw-nix-2.4pre20210823_af94b54
2021-10-19T05:56:02.6193640Z       Just finished getting the nix database ready.
2021-10-19T05:56:02.6197460Z
2021-10-19T05:56:02.6201130Z �[32m~~> Setting up shell profiles: /etc/bashrc /etc/profile.d/nix.sh /etc/zshenv /etc/bash.bashrc /etc/zsh/zshenv
2021-10-19T05:56:02.7120410Z �[0m
2021-10-19T05:56:02.7130310Z # Nix
2021-10-19T05:56:02.7131820Z if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
2021-10-19T05:56:02.7134780Z   . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
2021-10-19T05:56:02.7157870Z fi
2021-10-19T05:56:02.7169110Z # End Nix
2021-10-19T05:56:02.7184980Z
2021-10-19T05:56:02.8005250Z
2021-10-19T05:56:02.8006550Z # Nix
2021-10-19T05:56:02.8008440Z if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
2021-10-19T05:56:02.8010490Z   . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
2021-10-19T05:56:02.8011090Z fi
2021-10-19T05:56:02.8011420Z # End Nix
2021-10-19T05:56:02.8011640Z
2021-10-19T05:56:02.9344270Z
2021-10-19T05:56:02.9446350Z # Nix
2021-10-19T05:56:02.9548710Z if [ -e '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh' ]; then
2021-10-19T05:56:02.9593520Z   . '/nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh'
2021-10-19T05:56:02.9603300Z fi
2021-10-19T05:56:02.9664970Z # End Nix
2021-10-19T05:56:02.9675430Z
2021-10-19T05:56:02.9806700Z
2021-10-19T05:56:02.9910080Z �[32m~~> Setting up the default profile
2021-10-19T05:56:03.1714740Z �[0minstalling 'nix-2.4pre20210823_af94b54'
2021-10-19T05:56:03.5875090Z building '/nix/store/l04ia1g95p06jllifg3a1947hcvy1zyg-user-environment.drv'...
2021-10-19T05:56:03.8600850Z installing 'nss-cacert-3.66'
2021-10-19T05:56:04.0751860Z building '/nix/store/1f1wmqf69p3k0grnzh517af140vlv1xy-user-environment.drv'...
2021-10-19T05:56:04.2062230Z �[0m
2021-10-19T05:56:04.2063780Z �[32m~~> Setting up the nix-daemon LaunchDaemon
2021-10-19T05:56:14.3516130Z �[0m�[32mAlright! We're done!
2021-10-19T05:56:14.4001610Z �[0mTry it! Open a new terminal, and type:
2021-10-19T05:56:14.4002130Z
2021-10-19T05:56:14.4003410Z   $ nix-shell -p nix-info --run "nix-info -m"
2021-10-19T05:56:14.4004110Z
2021-10-19T05:56:14.4004720Z Thank you for using this installer. If you have any feedback or need
2021-10-19T05:56:14.4005730Z help, don't hesitate:
2021-10-19T05:56:14.4006010Z
2021-10-19T05:56:14.4006670Z You can open an issue at https://github.com/nixos/nix/issues
2021-10-19T05:56:14.4007120Z
2021-10-19T05:56:14.4007490Z Or feel free to contact the team:
2021-10-19T05:56:14.4008330Z  - Matrix: #nix:nixos.org
2021-10-19T05:56:14.4009200Z  - IRC: in #nixos on irc.libera.chat
2021-10-19T05:56:14.4010020Z  - twitter: @nixos_org
2021-10-19T05:56:14.4011440Z  - forum: https://discourse.nixos.org
2021-10-19T05:56:14.4049250Z
2021-10-19T05:56:14.4051210Z �[34m---- Reminders -----------------------------------------------------------------
2021-10-19T05:56:14.4052390Z �[0m�[34m[ 1 ]�[0m
2021-10-19T05:56:14.4053300Z Nix won't work in active shell sessions until you restart them.
2021-10-19T05:56:14.4054060Z
2021-10-19T05:56:14.9975560Z /nix:
2021-10-19T05:56:14.9979870Z Error: unable to perform operation.  (-400)
2021-10-19T05:56:14.9980420Z 	Error: unknown indexing state.
2021-10-19T05:56:15.0031730Z child_process.js:642
2021-10-19T05:56:15.0033620Z     throw err;
2021-10-19T05:56:15.0034040Z     ^
2021-10-19T05:56:15.0034250Z
2021-10-19T05:56:15.0035630Z Error: Command failed: /Users/runner/work/_actions/cachix/install-nix-action/v14/lib/install-nix.sh
2021-10-19T05:56:15.0036470Z     at checkExecSyncError (child_process.js:621:11)
2021-10-19T05:56:15.0037140Z     at Object.execFileSync (child_process.js:639:15)
2021-10-19T05:56:15.0038430Z     at Object.<anonymous> (/Users/runner/work/_actions/cachix/install-nix-action/v14/lib/main.js:4:17)
2021-10-19T05:56:15.0039240Z     at Module._compile (internal/modules/cjs/loader.js:959:30)
2021-10-19T05:56:15.0039980Z     at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
2021-10-19T05:56:15.0040690Z     at Module.load (internal/modules/cjs/loader.js:815:32)
2021-10-19T05:56:15.0041370Z     at Function.Module._load (internal/modules/cjs/loader.js:727:14)
2021-10-19T05:56:15.0042150Z     at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
2021-10-19T05:56:15.0060090Z     at internal/main/run_main_module.js:17:11 {
2021-10-19T05:56:15.0060540Z   status: 1,
2021-10-19T05:56:15.0060870Z   signal: null,
2021-10-19T05:56:15.0061250Z   output: [ null, null, null ],
2021-10-19T05:56:15.0061620Z   pid: 961,
2021-10-19T05:56:15.0061940Z   stdout: null,
2021-10-19T05:56:15.0062290Z   stderr: null
2021-10-19T05:56:15.0062580Z }
2021-10-19T05:56:15.1014150Z Post job cleanup.
2021-10-19T05:56:15.2389720Z [command]/usr/local/bin/git version
2021-10-19T05:56:15.2471520Z git version 2.33.0
2021-10-19T05:56:15.2526940Z [command]/usr/local/bin/git config --local --name-only --get-regexp core\.sshCommand
2021-10-19T05:56:15.2610020Z [command]/usr/local/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core\.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
2021-10-19T05:56:15.3644030Z [command]/usr/local/bin/git config --local --name-only --get-regexp http\.https\:\/\/github\.com\/\.extraheader
2021-10-19T05:56:15.3714650Z http.https://github.com/.extraheader
2021-10-19T05:56:15.3731520Z [command]/usr/local/bin/git config --local --unset-all http.https://github.com/.extraheader
2021-10-19T05:56:15.4240630Z [command]/usr/local/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http\.https\:\/\/github\.com\/\.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
2021-10-19T05:56:15.5722380Z Cleaning up orphan processes

slow installation on macos

NIX_USER_COUNT is set to 32, which is about 30 users too many. Setting up a user on macos is slow (~1s).

How to use nix-env?

Maybe I am blind because it is late at night, but this doesn’t seem to work

    - uses: cachix/install-nix-action@v12
      with:
        nix_path: nixpkgs=channel:nixos-20.09
    - name: "install dependencies"
      run: nix-env --install graphviz

The readme sound as if nix_path is enough to configure a channel, but nix-env keeps saying

error: attribute 'graphviz' in selection path 'graphviz' not found

I could work around it with

    - uses: cachix/install-nix-action@v12
    - name: "install dependencies"
      run: |
        nix-channel --add https://nixos.org/channels/nixos-20.09 nixpkgs
        nix-channel --update
        nix-env --install graphviz

but I have the feeling that this is too manual than what one would expect from a “install nix” action… (or mabye it just is the intended way?)

asciidoctor broken on darwin when installed using nix-actions

Not sure where the problem is, but I’ll start here; maybe it’s actually a problem with nix or nixpkgs or darwin or Github Actions…

Consider the repo https://github.com/nomeata/asciidoctor-nix-darwin-bug. It builds something with asciidoctor, a ruby program.

It fails when run on drawin via Github Actions and the nix install action.

It succeeds on Drawin elsewhere, or on Github actions on Linux.

Maybe it is related to the use of /opt/nix?

See https://github.com/nomeata/asciidoctor-nix-darwin-bug/runs/461231390?check_suite_focus=true for a build log of this:

Traceback (most recent call last):
        12: from /nix/store/6z2m80sza5accbbyxisp0ffwqphs1sxr-asciidoctor-2.0.10/bin/asciidoctor:16:in `<main>'
        11: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:101:in `setup'
        10: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:134:in `definition'
         9: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:66:in `configure'
         8: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:534:in `configure_gem_home_and_path'
         7: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:541:in `configure_gem_path'
         6: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:351:in `use_system_gems?'
         5: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:84:in `configured_bundle_path'
         4: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler.rb:273:in `settings'
         3: from /opt/nix/store/hkz1a3rg9jbnb6agfqz4bwwjjy5jrpdf-ruby-2.6.5/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:72:in `require'
         2: from /opt/nix/store/hkz1a3rg9jbnb6agfqz4bwwjjy5jrpdf-ruby-2.6.5/lib/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:72:in `require'
         1: from /nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:5:in `<top (required)>'
/nix/store/1cx5njhpnj9mk6vviijph69f49dldw2m-bundler-1.17.3/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/settings.rb:6:in `<module:Bundler>': uninitialized constant Bundler::Settings (NameError)
builder for '/nix/store/cyb5hi1908rd7rp28dd4ndwq16ca5a9p-doc.drv' failed with exit code 1
error: build of '/nix/store/cyb5hi1908rd7rp28dd4ndwq16ca5a9p-doc.drv' failed

Curl not following redirect

It seems that in the last few minutes nixos.org just introduced a redirect for their install script. Curl needs the -L param to follow redirects. I'll submit a PR in the next few minutes.

This causes the following failure during the running of the install nix action:

/dev/fd/63: 1: /dev/fd/63: Redirecting: not found
child_process.js:642
    throw err;
    ^

Error: Command failed: /home/runner/work/_actions/cachix/install-nix-action/v7/lib/install-nix.sh
    at checkExecSyncError (child_process.js:621:11)
    at Object.execFileSync (child_process.js:639:15)
    at Object.<anonymous> (/home/runner/work/_actions/cachix/install-nix-action/v7/lib/main.js:28:17)
    at Module._compile (internal/modules/cjs/loader.js:959:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
    at Module.load (internal/modules/cjs/loader.js:815:32)
    at Function.Module._load (internal/modules/cjs/loader.js:727:14)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
    at internal/main/run_main_module.js:17:11 {
  status: 127,
  signal: null,
  output: [ null, null, null ],
  pid: 3762,
  stdout: null,
  stderr: null
}

NIX_PATH not set

In a later github action, I run a test that tries to pull the NIX_PATH environment variable, but it says it is not set.

test-mylib: NIX_PATH: getEnv: does not exist (no environment variable)

Is it the desired behaviour ?

v13 began failing: /dev/fd/63: 1: 404: not found (Flakes)

https://github.com/srid/emanote/runs/2896864995

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
installer options: --tarball-url-prefix https://nixos-nix-install-tests.cachix.org/serve --daemon --daemon-user-count 4 --no-channel-add --darwin-use-unencrypted-nix-store-volume --nix-extra-conf-file /tmp/nix.conf
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    15    0    15    0     0    108      0 --:--:-- --:--:-- --:--:--   108
/dev/fd/63: 1: 404: not found
child_process.js:642
    throw err;
    ^

Error: Command failed: /home/runner/work/_actions/cachix/install-nix-action/v13/lib/install-nix.sh
    at checkExecSyncError (child_process.js:621:11)
    at Object.execFileSync (child_process.js:639:15)
    at Object.<anonymous> (/home/runner/work/_actions/cachix/install-nix-action/v13/lib/main.js:4:17)
    at Module._compile (internal/modules/cjs/loader.js:959:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
    at Module.load (internal/modules/cjs/loader.js:815:32)
    at Function.Module._load (internal/modules/cjs/loader.js:727:14)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10)
    at internal/main/run_main_module.js:17:11 {
  status: 127,
  signal: null,
  output: [ null, null, null ],
  pid: 1623,
  stdout: null,
  stderr: null
}

My repo is following instructions from https://github.com/cachix/install-nix-action#usage-with-flakes

The Path in nix-shell is not correct

Hi there,

Thanks for providing this, I have used this action with shell.nix in several projects.

Recently, I ran into a problem, which only happens on the install-nix-action environment but not on NixOS.

Here is an example repo shows this problem.

The shell.nix exports LIBCLANG_PATH = "${nixpkgs.clang}/lib";

And the CI will run a script to check out the LIBCLANG_PATH is correct or not.

The CI result shows this. (at line 139 of Build Documentation)

Export from shell
/nix/store/4x92wsm6f18mxrrqb5pxl81swlm9mbpf-clang-10.0.1/lib
Find in store
/nix/store/rvrqaq93gwpk95b79zacf0p7za8q33i6-clang-10.0.1-lib/lib/libclang.so.10
/nix/store/rvrqaq93gwpk95b79zacf0p7za8q33i6-clang-10.0.1-lib/lib/libclang.so

However the shell.nix are also used in NixOS, the hash will be correct.
The env-script is a script defined in shell.nix, which just prints the LIBCLANG_PATH and searches the real path for the lib.

If there is something I can help to debug on this, please kindly tell me.

Many thanks.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.