lix-project/lix-install-action
1
0
Fork 0
Code Issues 11 Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: lix-project:main
Branches Tags
lix-project:main
lix-project:detsys-ts-results
lix-project:revert-76-general-cleanup
lix-project:colemickens/debug
lix-project:try-env-style-settings
lix-project:test-extra-conf
lix-project:v11
lix-project:v10
lix-project:v9
lix-project:v8
lix-project:v7
lix-project:v6
lix-project:v5
lix-project:v4
lix-project:v3
lix-project:v2
lix-project:v1
..
compare: lix-project:revert-76-general-cleanup
Branches Tags
lix-project:main
lix-project:detsys-ts-results
lix-project:revert-76-general-cleanup
lix-project:colemickens/debug
lix-project:try-env-style-settings
lix-project:test-extra-conf
lix-project:v11
lix-project:v10
lix-project:v9
lix-project:v8
lix-project:v7
lix-project:v6
lix-project:v5
lix-project:v4
lix-project:v3
lix-project:v2
lix-project:v1

1 commit
main ... revert-76-

Author SHA1 Message Date
Luc Perkins 4eebba49e2
Revert "General JS cleanup" 2024-05-02 13:35:55 -03:00
12 changed files with 4255 additions and 3127 deletions
Show stats Expand all files Collapse all files

2
.eslintrc.json
View file

@ -33,7 +33,7 @@
"@typescript-eslint/array-type": "error", "@typescript-eslint/array-type": "error",
"@typescript-eslint/await-thenable": "error", "@typescript-eslint/await-thenable": "error",
"@typescript-eslint/ban-ts-comment": "error", "@typescript-eslint/ban-ts-comment": "error",
"camelcase": "error", "camelcase": "off",
"@typescript-eslint/consistent-type-assertions": "error", "@typescript-eslint/consistent-type-assertions": "error",
"@typescript-eslint/explicit-function-return-type": [ "@typescript-eslint/explicit-function-return-type": [
"error", "error",

55
.github/workflows/ci.yml vendored
View file

@ -7,15 +7,6 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
tests:
runs-on: ubuntu-22.04
needs:
- check-dist-up-to-date
- install-nix-linux
- install-nix-macos
steps:
- run: true
check-dist-up-to-date: check-dist-up-to-date:
name: Check the dist/ folder is up to date name: Check the dist/ folder is up to date
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
@ -23,23 +14,12 @@ jobs:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main - uses: DeterminateSystems/magic-nix-cache-action@main
- name: pnpm install - run: nix develop --command pnpm install
run: nix develop --command pnpm install - run: nix develop --command pnpm run all
- name: prettier format - run: git status --porcelain=v1
run: nix develop --command pnpm run check-fmt - run: test $(git status --porcelain=v1 2>/dev/null | wc -l) -eq 0
- name: ESLint run-test-suite:
run: nix develop --command pnpm run lint name: Run test suite
- name: tsup build
run: nix develop --command pnpm run build
- name: ncc package
run: nix develop --command pnpm run package
- name: Git status
run: git status --porcelain=v1
- name: Ensure no staged changes
run: git diff --exit-code
install-nix-linux:
name: Run test suite for Linux systems
strategy: strategy:
matrix: matrix:
runner: runner:
@ -51,13 +31,14 @@ jobs:
contents: read contents: read
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- name: Install Nix - name: Install Nix
uses: ./ uses: ./
with: with:
logger: pretty logger: pretty
log-directives: nix_installer=trace log-directives: nix_installer=trace
backtrace: full backtrace: full
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: echo $PATH - name: echo $PATH
run: echo $PATH run: echo $PATH
@ -126,27 +107,21 @@ jobs:
duration: 5m duration: 5m
authorized-users: grahamc authorized-users: grahamc
install-nix-macos: run-x86_64-darwin:
name: Run test suite for macOS systems name: Run x86_64 Darwin
strategy: runs-on: macos-12
matrix:
runner:
# x86_64-darwin
- macos-12
# aarch64-darwin
- macos-latest-xlarge
runs-on: ${{ matrix.runner }}
permissions: permissions:
contents: read contents: read
id-token: write id-token: write
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- name: Install Nix - name: Install Nix
uses: ./ uses: ./
with: with:
logger: pretty logger: pretty
log-directives: nix_installer=trace log-directives: nix_installer=trace
backtrace: full backtrace: full
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: echo $PATH - name: echo $PATH
run: echo $PATH run: echo $PATH
- name: Test `nix` with `$GITHUB_PATH` - name: Test `nix` with `$GITHUB_PATH`
@ -183,6 +158,10 @@ jobs:
hello hello
nix store gc nix store gc
nix run nixpkgs#hello nix run nixpkgs#hello
- name: Terminate the magic nix cache pre-reinstall
if: success() || failure()
run: |
pkill magic-nix-cache
- name: Reinstall Nix - name: Reinstall Nix
uses: ./ uses: ./
with: with:

4
README.md
View file

@ -27,7 +27,7 @@ jobs:
name: Build name: Build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
- run: nix build . - run: nix build .
``` ```
@ -50,7 +50,7 @@ jobs:
id-token: "write" id-token: "write"
contents: "read" contents: "read"
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- uses: DeterminateSystems/nix-installer-action@main - uses: DeterminateSystems/nix-installer-action@main
with: with:
flakehub: true flakehub: true

2
dist/index.d.ts generated vendored
View file

@ -1,2 +0,0 @@
export { }

2842
dist/index.js generated vendored
View file

File diff suppressed because it is too large Load diff

1
dist/main.d.ts generated vendored Normal file
View file

@ -0,0 +1 @@
export {};

799
dist/main.js generated vendored Normal file
View file

@ -0,0 +1,799 @@
import * as actions_core from "@actions/core";
import * as github from "@actions/github";
import * as actions_exec from "@actions/exec";
import { access, writeFile, readFile } from "node:fs/promises";
import { join } from "node:path";
import fs from "node:fs";
import { userInfo } from "node:os";
import stringArgv from "string-argv";
import * as path from "path";
import { IdsToolbox } from "detsys-ts";
import { randomUUID } from "node:crypto";
class NixInstallerAction {
constructor() {
this.idslib = new IdsToolbox({
name: "nix-installer",
fetchStyle: "nix-style",
legacySourcePrefix: "nix-installer",
});
this.platform = get_nix_platform();
this.nix_package_url = action_input_string_or_null("nix-package-url");
this.backtrace = action_input_string_or_null("backtrace");
this.extra_args = action_input_string_or_null("extra-args");
this.extra_conf = action_input_multiline_string_or_null("extra-conf");
this.flakehub = action_input_bool("flakehub");
this.kvm = action_input_bool("kvm");
this.force_docker_shim = action_input_bool("force-docker-shim");
this.github_token = action_input_string_or_null("github-token");
this.github_server_url = action_input_string_or_null("github-server-url");
this.init = action_input_string_or_null("init");
this.local_root = action_input_string_or_null("local-root");
this.log_directives = action_input_string_or_null("log-directives");
this.logger = action_input_string_or_null("logger");
this.ssl_cert_file = action_input_string_or_null("ssl-cert-file");
this.proxy = action_input_string_or_null("proxy");
this.mac_case_sensitive = action_input_string_or_null("mac-case-sensitive");
this.mac_encrypt = action_input_string_or_null("mac-encrypt");
this.mac_root_disk = action_input_string_or_null("mac-root-disk");
this.mac_volume_label = action_input_string_or_null("mac-volume-label");
this.modify_profile = action_input_bool("modify-profile");
this.nix_build_group_id = action_input_number_or_null("nix-build-group-id");
this.nix_build_group_name = action_input_string_or_null("nix-build-group-name");
this.nix_build_user_base = action_input_number_or_null("nix_build-user-base");
this.nix_build_user_count = action_input_number_or_null("nix-build-user-count");
this.nix_build_user_prefix = action_input_string_or_null("nix-build-user-prefix");
this.planner = action_input_string_or_null("planner");
this.reinstall = action_input_bool("reinstall");
this.start_daemon = action_input_bool("start-daemon");
this.trust_runner_user = action_input_bool("trust-runner-user");
}
async detectAndForceDockerShim() {
// Detect if we're in a GHA runner which is Linux, doesn't have Systemd, and does have Docker.
// This is a common case in self-hosted runners, providers like [Namespace](https://namespace.so/),
// and especially GitHub Enterprise Server.
if (process.env.RUNNER_OS !== "Linux") {
if (this.force_docker_shim) {
actions_core.warning("Ignoring force-docker-shim which is set to true, as it is only supported on Linux.");
this.force_docker_shim = false;
}
return;
}
const systemdCheck = fs.statSync("/run/systemd/system", {
throwIfNoEntry: false,
});
if (systemdCheck?.isDirectory()) {
if (this.force_docker_shim) {
actions_core.warning("Systemd is detected, but ignoring it since force-docker-shim is enabled.");
}
else {
this.idslib.addFact("has_systemd", true);
return;
}
}
this.idslib.addFact("has_systemd", false);
actions_core.debug("Linux detected without systemd, testing for Docker with `docker info` as an alternative daemon supervisor.");
this.idslib.addFact("has_docker", false); // Set to false here, and only in the success case do we set it to true
let exit_code;
try {
exit_code = await actions_exec.exec("docker", ["info"], {
silent: true,
listeners: {
stdout: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
stderr: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
},
});
}
catch (e) {
actions_core.debug("Docker not detected, not enabling docker shim.");
return;
}
if (exit_code !== 0) {
if (this.force_docker_shim) {
actions_core.warning("docker info check failed, but trying anyway since force-docker-shim is enabled.");
}
else {
return;
}
}
this.idslib.addFact("has_docker", true);
if (!this.force_docker_shim &&
(await this.detectDockerWithMountedDockerSocket())) {
actions_core.debug("Detected a Docker container with a Docker socket mounted, not enabling docker shim.");
return;
}
actions_core.startGroup("Enabling the Docker shim for running Nix on Linux in CI without Systemd.");
if (this.init !== "none") {
actions_core.info(`Changing init from '${this.init}' to 'none'`);
this.init = "none";
}
if (this.planner !== "linux") {
actions_core.info(`Changing planner from '${this.planner}' to 'linux'`);
this.planner = "linux";
}
this.force_docker_shim = true;
actions_core.endGroup();
}
// Detect if we are running under `act` or some other system which is not using docker-in-docker,
// and instead using a mounted docker socket.
// In the case of the socket mount solution, the shim will cause issues since the given mount paths will
// equate to mount paths on the host, not mount paths to the docker container in question.
async detectDockerWithMountedDockerSocket() {
let cgroups_buffer;
try {
// If we are inside a docker container, the last line of `/proc/self/cgroup` should be
// 0::/docker/$SOME_ID
//
// If we are not, the line will likely be `0::/`
cgroups_buffer = await readFile("/proc/self/cgroup", {
encoding: "utf-8",
});
}
catch (e) {
actions_core.debug(`Did not detect \`/proc/self/cgroup\` existence, bailing on docker container ID detection:\n${e}`);
return false;
}
const cgroups = cgroups_buffer.trim().split("\n");
const last_cgroup = cgroups[cgroups.length - 1];
const last_cgroup_parts = last_cgroup.split(":");
const last_cgroup_path = last_cgroup_parts[last_cgroup_parts.length - 1];
if (!last_cgroup_path.includes("/docker/")) {
actions_core.debug("Did not detect a container ID, bailing on docker.sock detection");
return false;
}
// We are in a docker container, now to determine if this container is visible from
// the `docker` command, and if so, if there is a `docker.socket` mounted.
const last_cgroup_path_parts = last_cgroup_path.split("/");
const container_id = last_cgroup_path_parts[last_cgroup_path_parts.length - 1];
// If we cannot `docker inspect` this discovered container ID, we'll fall through to the `catch` below.
let stdout_buffer = "";
let stderr_buffer = "";
let exit_code;
try {
exit_code = await actions_exec.exec("docker", ["inspect", container_id], {
silent: true,
listeners: {
stdout: (data) => {
stdout_buffer += data.toString("utf-8");
},
stderr: (data) => {
stderr_buffer += data.toString("utf-8");
},
},
});
}
catch (e) {
actions_core.debug(`Could not execute \`docker inspect ${container_id}\`, bailing on docker container inspection:\n${e}`);
return false;
}
if (exit_code !== 0) {
actions_core.debug(`Unable to inspect detected docker container with id \`${container_id}\`, bailing on container inspection (exit ${exit_code}):\n${stderr_buffer}`);
return false;
}
const output = JSON.parse(stdout_buffer);
// `docker inspect $ID` prints an array containing objects.
// In our use case, we should only see 1 item in the array.
if (output.length !== 1) {
actions_core.debug(`Got \`docker inspect ${container_id}\` output which was not one item (was ${output.length}), bailing on docker.sock detection.`);
return false;
}
const item = output[0];
// On this array item we want the `Mounts` field, which is an array
// containing `{ Type, Source, Destination, Mode}`.
// We are looking for a `Destination` ending with `docker.sock`.
const mounts = item["Mounts"];
if (typeof mounts !== "object") {
actions_core.debug(`Got non-object in \`Mounts\` field of \`docker inspect ${container_id}\` output, bailing on docker.sock detection.`);
return false;
}
let found_docker_sock_mount = false;
for (const mount of mounts) {
const destination = mount["Destination"];
if (typeof destination === "string") {
if (destination.endsWith("docker.sock")) {
found_docker_sock_mount = true;
break;
}
}
}
return found_docker_sock_mount;
}
async executionEnvironment() {
const execution_env = {};
execution_env.NIX_INSTALLER_NO_CONFIRM = "true";
execution_env.NIX_INSTALLER_DIAGNOSTIC_ATTRIBUTION = JSON.stringify(this.idslib.getCorrelationHashes());
if (this.backtrace !== null) {
execution_env.RUST_BACKTRACE = this.backtrace;
}
if (this.modify_profile !== null) {
if (this.modify_profile) {
execution_env.NIX_INSTALLER_MODIFY_PROFILE = "true";
}
else {
execution_env.NIX_INSTALLER_MODIFY_PROFILE = "false";
}
}
if (this.nix_build_group_id !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_GROUP_ID = `${this.nix_build_group_id}`;
}
if (this.nix_build_group_name !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_GROUP_NAME =
this.nix_build_group_name;
}
if (this.nix_build_user_prefix !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_USER_PREFIX =
this.nix_build_user_prefix;
}
if (this.nix_build_user_count !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_USER_COUNT = `${this.nix_build_user_count}`;
}
if (this.nix_build_user_base !== null) {
execution_env.NIX_INSTALLER_NIX_BUILD_USER_ID_BASE = `${this.nix_build_user_count}`;
}
if (this.nix_package_url !== null) {
execution_env.NIX_INSTALLER_NIX_PACKAGE_URL = `${this.nix_package_url}`;
}
if (this.proxy !== null) {
execution_env.NIX_INSTALLER_PROXY = this.proxy;
}
if (this.ssl_cert_file !== null) {
execution_env.NIX_INSTALLER_SSL_CERT_FILE = this.ssl_cert_file;
}
execution_env.NIX_INSTALLER_DIAGNOSTIC_ENDPOINT =
this.idslib.getDiagnosticsUrl()?.toString() || "";
// TODO: Error if the user uses these on not-MacOS
if (this.mac_encrypt !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error("`mac-encrypt` while `$RUNNER_OS` was not `macOS`");
}
execution_env.NIX_INSTALLER_ENCRYPT = this.mac_encrypt;
}
if (this.mac_case_sensitive !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error("`mac-case-sensitive` while `$RUNNER_OS` was not `macOS`");
}
execution_env.NIX_INSTALLER_CASE_SENSITIVE = this.mac_case_sensitive;
}
if (this.mac_volume_label !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error("`mac-volume-label` while `$RUNNER_OS` was not `macOS`");
}
execution_env.NIX_INSTALLER_VOLUME_LABEL = this.mac_volume_label;
}
if (this.mac_root_disk !== null) {
if (process.env.RUNNER_OS !== "macOS") {
throw new Error("`mac-root-disk` while `$RUNNER_OS` was not `macOS`");
}
execution_env.NIX_INSTALLER_ROOT_DISK = this.mac_root_disk;
}
if (this.logger !== null) {
execution_env.NIX_INSTALLER_LOGGER = this.logger;
}
if (this.log_directives !== null) {
execution_env.NIX_INSTALLER_LOG_DIRECTIVES = this.log_directives;
}
// TODO: Error if the user uses these on MacOS
if (this.init !== null) {
if (process.env.RUNNER_OS === "macOS") {
throw new Error("`init` is not a valid option when `$RUNNER_OS` is `macOS`");
}
execution_env.NIX_INSTALLER_INIT = this.init;
}
if (this.start_daemon !== null) {
if (this.start_daemon) {
execution_env.NIX_INSTALLER_START_DAEMON = "true";
}
else {
execution_env.NIX_INSTALLER_START_DAEMON = "false";
}
}
let extra_conf = "";
if (this.github_server_url !== null && this.github_token !== null) {
const server_url = this.github_server_url.replace("https://", "");
extra_conf += `access-tokens = ${server_url}=${this.github_token}`;
extra_conf += "\n";
}
if (this.trust_runner_user !== null) {
const user = userInfo().username;
if (user) {
extra_conf += `trusted-users = root ${user}`;
}
else {
extra_conf += `trusted-users = root`;
}
extra_conf += "\n";
}
if (this.flakehub) {
try {
const flakehub_netrc_file = await this.flakehub_login();
extra_conf += `netrc-file = ${flakehub_netrc_file}`;
extra_conf += "\n";
}
catch (e) {
actions_core.warning(`Failed to setup FlakeHub: ${e}`);
}
}
if (this.extra_conf !== null && this.extra_conf.length !== 0) {
extra_conf += this.extra_conf.join("\n");
extra_conf += "\n";
}
execution_env.NIX_INSTALLER_EXTRA_CONF = extra_conf;
if (process.env.ACT && !process.env.NOT_ACT) {
this.idslib.addFact("in_act", true);
actions_core.info("Detected `$ACT` environment, assuming this is a https://github.com/nektos/act created container, set `NOT_ACT=true` to override this. This will change the setting of the `init` to be compatible with `act`");
execution_env.NIX_INSTALLER_INIT = "none";
}
if (process.env.NSC_VM_ID && !process.env.NOT_NAMESPACE) {
this.idslib.addFact("in_namespace_so", true);
actions_core.info("Detected Namespace runner, assuming this is a https://namespace.so created container, set `NOT_NAMESPACE=true` to override this. This will change the setting of the `init` to be compatible with Namespace");
execution_env.NIX_INSTALLER_INIT = "none";
}
return execution_env;
}
async execute_install(binary_path) {
const execution_env = await this.executionEnvironment();
actions_core.debug(`Execution environment: ${JSON.stringify(execution_env, null, 4)}`);
const args = ["install"];
if (this.planner) {
this.idslib.addFact("nix_installer_planner", this.planner);
args.push(this.planner);
}
else {
this.idslib.addFact("nix_installer_planner", get_default_planner());
args.push(get_default_planner());
}
if (this.extra_args) {
const extra_args = stringArgv(this.extra_args);
args.concat(extra_args);
}
this.idslib.recordEvent("install_nix_start");
const exit_code = await actions_exec.exec(binary_path, args, {
env: {
...execution_env,
...process.env, // To get $PATH, etc
},
});
if (exit_code !== 0) {
this.idslib.recordEvent("install_nix_failure", {
exit_code,
});
throw new Error(`Non-zero exit code of \`${exit_code}\` detected`);
}
this.idslib.recordEvent("install_nix_success");
return exit_code;
}
async install() {
const existing_install = await this.detect_existing();
if (existing_install) {
if (this.reinstall) {
// We need to uninstall, then reinstall
actions_core.info("Nix was already installed, `reinstall` is set, uninstalling for a reinstall");
await this.execute_uninstall();
}
else {
// We're already installed, and not reinstalling, just set GITHUB_PATH and finish early
await this.set_github_path();
actions_core.info("Nix was already installed, using existing install");
return;
}
}
if (this.kvm) {
actions_core.startGroup("Configuring KVM");
if (await this.setup_kvm()) {
actions_core.endGroup();
actions_core.info("\u001b[32m Accelerated KVM is enabled \u001b[33m⚡");
actions_core.exportVariable("DETERMINATE_NIX_KVM", "1");
}
else {
actions_core.endGroup();
actions_core.info("KVM is not available.");
actions_core.exportVariable("DETERMINATE_NIX_KVM", "0");
}
}
// Normal just doing of the install
actions_core.startGroup("Installing Nix");
const binary_path = await this.fetch_binary();
await this.execute_install(binary_path);
actions_core.endGroup();
if (this.force_docker_shim) {
await this.spawnDockerShim();
}
await this.set_github_path();
}
async spawnDockerShim() {
actions_core.startGroup("Configuring the Docker shim as the Nix Daemon's process supervisor");
const images = {
X64: path.join(__dirname, "/../docker-shim/amd64.tar.gz"),
ARM64: path.join(__dirname, "/../docker-shim/arm64.tar.gz"),
};
let arch;
if (process.env.RUNNER_ARCH === "X64") {
arch = "X64";
}
else if (process.env.RUNNER_ARCH === "ARM64") {
arch = "ARM64";
}
else {
throw Error("Architecture not supported in Docker shim mode.");
}
actions_core.debug("Loading image: determinate-nix-shim:latest...");
{
const exit_code = await actions_exec.exec("docker", ["image", "load", "--input", images[arch]], {
silent: true,
listeners: {
stdout: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
stderr: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
},
});
if (exit_code !== 0) {
throw new Error(`Failed to build the shim image, exit code: \`${exit_code}\``);
}
}
{
actions_core.debug("Starting the Nix daemon through Docker...");
this.idslib.recordEvent("start_docker_shim");
const exit_code = await actions_exec.exec("docker", [
"--log-level=debug",
"run",
"--detach",
"--privileged",
"--network=host",
"--userns=host",
"--pid=host",
"--mount",
"type=bind,src=/bin,dst=/bin,readonly",
"--mount",
"type=bind,src=/lib,dst=/lib,readonly",
"--mount",
"type=bind,src=/home,dst=/home,readonly",
"--mount",
"type=bind,src=/tmp,dst=/tmp",
"--mount",
"type=bind,src=/nix,dst=/nix",
"--mount",
"type=bind,src=/etc,dst=/etc,readonly",
"--restart",
"always",
"--init",
"--name",
`determinate-nix-shim-${this.idslib.getUniqueId()}-${randomUUID()}`,
"determinate-nix-shim:latest",
], {
silent: true,
listeners: {
stdline: (data) => {
actions_core.saveState("docker_shim_container_id", data.trimEnd());
},
stdout: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
stderr: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
},
});
if (exit_code !== 0) {
throw new Error(`Failed to start the Nix daemon through Docker, exit code: \`${exit_code}\``);
}
}
actions_core.endGroup();
return;
}
async cleanupDockerShim() {
const container_id = actions_core.getState("docker_shim_container_id");
if (container_id !== "") {
actions_core.startGroup("Cleaning up the Nix daemon's Docker shim");
let cleaned = false;
try {
await actions_exec.exec("docker", ["rm", "--force", container_id]);
cleaned = true;
}
catch {
actions_core.warning("failed to cleanup nix daemon container");
}
if (!cleaned) {
actions_core.info("trying to pkill the container's shim process");
try {
await actions_exec.exec("pkill", [container_id]);
cleaned = true;
}
catch {
actions_core.warning("failed to forcibly kill the container's shim process");
}
}
if (cleaned) {
this.idslib.recordEvent("clean_up_docker_shim");
}
else {
actions_core.warning("Giving up on cleaning up the nix daemon container");
}
actions_core.endGroup();
}
}
async set_github_path() {
// Interim versions of the `nix-installer` crate may have already manipulated `$GITHUB_PATH`, as root even! Accessing that will be an error.
try {
const nix_var_nix_profile_path = "/nix/var/nix/profiles/default/bin";
const home_nix_profile_path = `${process.env.HOME}/.nix-profile/bin`;
actions_core.addPath(nix_var_nix_profile_path);
actions_core.addPath(home_nix_profile_path);
actions_core.info(`Added \`${nix_var_nix_profile_path}\` and \`${home_nix_profile_path}\` to \`$GITHUB_PATH\``);
}
catch (error) {
actions_core.info("Skipping setting $GITHUB_PATH in action, the `nix-installer` crate seems to have done this already. From `nix-installer` version 0.11.0 and up, this step is done in the action. Prior to 0.11.0, this was only done in the `nix-installer` binary.");
}
}
async flakehub_login() {
this.idslib.recordEvent("login_to_flakehub");
const netrc_path = `${process.env["RUNNER_TEMP"]}/determinate-nix-installer-netrc`;
const jwt = await actions_core.getIDToken("api.flakehub.com");
await writeFile(netrc_path, [
`machine api.flakehub.com login flakehub password ${jwt}`,
`machine flakehub.com login flakehub password ${jwt}`,
].join("\n"));
actions_core.info("Logging in to FlakeHub.");
// the join followed by a match on ^... looks silly, but extra_config
// could contain multi-line values
if (this.extra_conf?.join("\n").match(/^netrc-file/m)) {
actions_core.warning("Logging in to FlakeHub conflicts with the Nix option `netrc-file`.");
}
return netrc_path;
}
async execute_uninstall() {
this.idslib.recordEvent("uninstall");
const exit_code = await actions_exec.exec(`/nix/nix-installer`, ["uninstall"], {
env: {
NIX_INSTALLER_NO_CONFIRM: "true",
...process.env, // To get $PATH, etc
},
});
if (exit_code !== 0) {
throw new Error(`Non-zero exit code of \`${exit_code}\` detected`);
}
return exit_code;
}
async detect_existing() {
const receipt_path = "/nix/receipt.json";
try {
await access(receipt_path);
// There is a /nix/receipt.json
return true;
}
catch {
// No /nix/receipt.json
return false;
}
}
async setup_kvm() {
this.idslib.recordEvent("setup_kvm");
const current_user = userInfo();
const is_root = current_user.uid === 0;
const maybe_sudo = is_root ? "" : "sudo";
const kvm_rules = "/etc/udev/rules.d/99-determinate-nix-installer-kvm.rules";
try {
const write_file_exit_code = await actions_exec.exec("sh", [
"-c",
`echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | ${maybe_sudo} tee ${kvm_rules} > /dev/null`,
], {
silent: true,
listeners: {
stdout: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
stderr: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
},
});
if (write_file_exit_code !== 0) {
throw new Error(`Non-zero exit code of \`${write_file_exit_code}\` detected while writing '${kvm_rules}'`);
}
const debug_root_run_throw = async (action, command, args) => {
if (!is_root) {
args = [command, ...args];
command = "sudo";
}
const reload_exit_code = await actions_exec.exec(command, args, {
silent: true,
listeners: {
stdout: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
stderr: (data) => {
const trimmed = data.toString("utf-8").trimEnd();
if (trimmed.length >= 0) {
actions_core.debug(trimmed);
}
},
},
});
if (reload_exit_code !== 0) {
throw new Error(`Non-zero exit code of \`${reload_exit_code}\` detected while ${action}.`);
}
};
await debug_root_run_throw("reloading udev rules", "udevadm", [
"control",
"--reload-rules",
]);
await debug_root_run_throw("triggering udev against kvm", "udevadm", [
"trigger",
"--name-match=kvm",
]);
return true;
}
catch (error) {
if (is_root) {
await actions_exec.exec("rm", ["-f", kvm_rules]);
}
else {
await actions_exec.exec("sudo", ["rm", "-f", kvm_rules]);
}
return false;
}
}
async fetch_binary() {
if (!this.local_root) {
return await this.idslib.fetchExecutable();
}
else {
const local_path = join(this.local_root, `nix-installer-${this.platform}`);
actions_core.info(`Using binary ${local_path}`);
return local_path;
}
}
async report_overall() {
try {
this.idslib.recordEvent("conclude_workflow", {
conclusion: await this.get_workflow_conclusion(),
});
}
catch (error) {
actions_core.debug(`Error submitting post-run diagnostics report: ${error}`);
}
}
async get_workflow_conclusion() {
if (this.github_token == null) {
return undefined;
}
try {
const octokit = github.getOctokit(this.github_token);
const jobs = await octokit.paginate(octokit.rest.actions.listJobsForWorkflowRun, {
owner: github.context.repo.owner,
repo: github.context.repo.repo,
run_id: github.context.runId,
});
actions_core.debug(`awaited jobs: ${jobs}`);
const job = jobs
.filter((candidate) => candidate.name === github.context.job)
.at(0);
if (job === undefined) {
return "no-jobs";
}
const outcomes = (job.steps || []).map((j) => j.conclusion || "unknown");
// Possible values: success, failure, cancelled, or skipped
// from: https://docs.github.com/en/actions/learn-github-actions/contexts
if (outcomes.includes("failure")) {
// Any failures fails the job
return "failure";
}
if (outcomes.includes("cancelled")) {
// Any cancellations cancels the job
return "cancelled";
}
// Assume success if no jobs failed or were canceled
return "success";
}
catch (error) {
actions_core.debug(`Error determining final disposition: ${error}`);
return "unavailable";
}
}
}
function get_nix_platform() {
const env_os = process.env.RUNNER_OS;
const env_arch = process.env.RUNNER_ARCH;
if (env_os === "macOS" && env_arch === "X64") {
return "x86_64-darwin";
}
else if (env_os === "macOS" && env_arch === "ARM64") {
return "aarch64-darwin";
}
else if (env_os === "Linux" && env_arch === "X64") {
return "x86_64-linux";
}
else if (env_os === "Linux" && env_arch === "ARM64") {
return "aarch64-linux";
}
else {
throw new Error(`Unsupported \`RUNNER_OS\` (currently \`${env_os}\`) and \`RUNNER_ARCH\` (currently \`${env_arch}\`) combination`);
}
}
function get_default_planner() {
const env_os = process.env.RUNNER_OS;
if (env_os === "macOS") {
return "macos";
}
else if (env_os === "Linux") {
return "linux";
}
else {
throw new Error(`Unsupported \`RUNNER_OS\` (currently \`${env_os}\`)`);
}
}
function action_input_string_or_null(name) {
const value = actions_core.getInput(name);
if (value === "") {
return null;
}
else {
return value;
}
}
function action_input_multiline_string_or_null(name) {
const value = actions_core.getMultilineInput(name);
if (value.length === 0) {
return null;
}
else {
return value;
}
}
function action_input_number_or_null(name) {
const value = actions_core.getInput(name);
if (value === "") {
return null;
}
else {
return Number(value);
}
}
function action_input_bool(name) {
return actions_core.getBooleanInput(name);
}
function main() {
const installer = new NixInstallerAction();
installer.idslib.onMain(async () => {
await installer.detectAndForceDockerShim();
await installer.install();
});
installer.idslib.onPost(async () => {
await installer.cleanupDockerShim();
await installer.report_overall();
});
installer.idslib.execute();
}
main();

15
package.json
View file

@ -1,14 +1,13 @@
{ {
"name": "nix-installer-action", "name": "nix-installer-action",
"version": "1.0.0", "version": "1.0.0",
"description": "You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github Action:", "description": "You can use [`nix-installer`](https://github.com/DeterminateSystems/nix-installer) as a Github action:",
"main": "./dist/index.js", "main": "./dist/main.js",
"types": "./dist/index.d.ts", "types": "./dist/main.d.ts",
"type": "module", "type": "module",
"scripts": { "scripts": {
"build": "tsup", "build": "tsc",
"format": "prettier --write .", "format": "prettier --write .",
"check-fmt": "prettier --check .",
"lint": "eslint src/**/*.ts", "lint": "eslint src/**/*.ts",
"package": "ncc build", "package": "ncc build",
"all": "pnpm run format && pnpm run lint && pnpm run build && pnpm run package" "all": "pnpm run format && pnpm run lint && pnpm run build && pnpm run package"
@ -28,14 +27,16 @@
"@actions/core": "^1.10.1", "@actions/core": "^1.10.1",
"@actions/exec": "^1.1.1", "@actions/exec": "^1.1.1",
"@actions/github": "^5.1.1", "@actions/github": "^5.1.1",
"@actions/tool-cache": "^2.0.1",
"detsys-ts": "github:DeterminateSystems/detsys-ts", "detsys-ts": "github:DeterminateSystems/detsys-ts",
"fetch-retry": "^5.0.6",
"string-argv": "^0.3.2" "string-argv": "^0.3.2"
}, },
"devDependencies": { "devDependencies": {
"@trivago/prettier-plugin-sort-imports": "^4.3.0", "@trivago/prettier-plugin-sort-imports": "^4.3.0",
"@types/node": "^20.12.11", "@types/node": "^20.12.7",
"@types/uuid": "^9.0.8", "@types/uuid": "^9.0.8",
"@typescript-eslint/eslint-plugin": "^7.8.0", "@typescript-eslint/eslint-plugin": "^7.6.0",
"@vercel/ncc": "^0.38.1", "@vercel/ncc": "^0.38.1",
"eslint": "^8.57.0", "eslint": "^8.57.0",
"eslint-import-resolver-typescript": "^3.6.1", "eslint-import-resolver-typescript": "^3.6.1",

473
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff

1005
src/index.ts
View file

File diff suppressed because it is too large Load diff

1045
src/main.ts Normal file
View file

File diff suppressed because it is too large Load diff

15
tsup.config.ts
View file

@ -1,15 +0,0 @@
import { defineConfig } from "tsup";
import { name } from "./package.json";
export default defineConfig({
name,
entry: ["src/index.ts"],
format: ["esm"],
target: "node20",
bundle: true,
splitting: false,
clean: true,
dts: {
resolve: true,
},
});