mirror of
https://github.com/DeterminateSystems/nix-installer-action.git
synced 2025-01-10 22:32:06 +01:00
Merge pull request #5 from zhaofengli/trust-runner-user
Make the runner user trusted by default
This commit is contained in:
commit
e1f2e54ff9
2 changed files with 31 additions and 11 deletions
16
.github/workflows/ci.yml
vendored
16
.github/workflows/ci.yml
vendored
|
@ -56,6 +56,8 @@ jobs:
|
||||||
log-directives: nix_installer=trace
|
log-directives: nix_installer=trace
|
||||||
backtrace: full
|
backtrace: full
|
||||||
reinstall: true
|
reinstall: true
|
||||||
|
extra-conf: |
|
||||||
|
use-sqlite-wal = true
|
||||||
- name: Test `nix` with `$GITHUB_PATH`
|
- name: Test `nix` with `$GITHUB_PATH`
|
||||||
if: success() || failure()
|
if: success() || failure()
|
||||||
run: |
|
run: |
|
||||||
|
@ -64,6 +66,11 @@ jobs:
|
||||||
fortune
|
fortune
|
||||||
nix store gc
|
nix store gc
|
||||||
nix run nixpkgs#fortune
|
nix run nixpkgs#fortune
|
||||||
|
- name: Verify the generated nix.conf
|
||||||
|
run: |
|
||||||
|
cat -n /etc/nix/nix.conf
|
||||||
|
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
|
||||||
|
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
|
||||||
|
|
||||||
run-x86_64-darwin:
|
run-x86_64-darwin:
|
||||||
name: Run x86_64 Darwin
|
name: Run x86_64 Darwin
|
||||||
|
@ -119,6 +126,8 @@ jobs:
|
||||||
log-directives: nix_installer=trace
|
log-directives: nix_installer=trace
|
||||||
backtrace: full
|
backtrace: full
|
||||||
reinstall: true
|
reinstall: true
|
||||||
|
extra-conf: |
|
||||||
|
use-sqlite-wal = true
|
||||||
- name: Test `nix` with `$GITHUB_PATH`
|
- name: Test `nix` with `$GITHUB_PATH`
|
||||||
if: success() || failure()
|
if: success() || failure()
|
||||||
run: |
|
run: |
|
||||||
|
@ -126,4 +135,9 @@ jobs:
|
||||||
nix profile install nixpkgs#fortune
|
nix profile install nixpkgs#fortune
|
||||||
fortune
|
fortune
|
||||||
nix store gc
|
nix store gc
|
||||||
nix run nixpkgs#fortune
|
nix run nixpkgs#fortune
|
||||||
|
- name: Verify the generated nix.conf
|
||||||
|
run: |
|
||||||
|
cat -n /etc/nix/nix.conf
|
||||||
|
grep -E "^trusted-users = .*$USER" /etc/nix/nix.conf
|
||||||
|
grep -E "^use-sqlite-wal = true" /etc/nix/nix.conf
|
||||||
|
|
26
action.yml
26
action.yml
|
@ -13,6 +13,9 @@ inputs:
|
||||||
github-token:
|
github-token:
|
||||||
description: A GitHub Token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)
|
description: A GitHub Token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)
|
||||||
default: ${{ github.token }}
|
default: ${{ github.token }}
|
||||||
|
trust-runner-user:
|
||||||
|
description: Whether to make the runner user trusted by the Nix daemon
|
||||||
|
default: "true"
|
||||||
channels:
|
channels:
|
||||||
description: Channel(s) to add (eg `nixpkgs=https://nixos.org/channels/nixpkgs-unstable`)
|
description: Channel(s) to add (eg `nixpkgs=https://nixos.org/channels/nixpkgs-unstable`)
|
||||||
required: false
|
required: false
|
||||||
|
@ -160,18 +163,21 @@ runs:
|
||||||
echo "Set NIX_INSTALLER_NIX_PACKAGE_URL=$NIX_INSTALLER_NIX_PACKAGE_URL"
|
echo "Set NIX_INSTALLER_NIX_PACKAGE_URL=$NIX_INSTALLER_NIX_PACKAGE_URL"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
NIX_EXTRA_CONF=""
|
||||||
|
NEWLINE='
|
||||||
|
'
|
||||||
if [ -n "${{ inputs.extra-conf }}" ]; then
|
if [ -n "${{ inputs.extra-conf }}" ]; then
|
||||||
if [ -n "${{ inputs.github-token }}" ]; then
|
NIX_EXTRA_CONF="${{ inputs.extra-conf }}"
|
||||||
export NIX_INSTALLER_EXTRA_CONF="${{ inputs.extra-conf }}access-tokens = github.com=${{ inputs.github-token }}"
|
fi
|
||||||
else
|
if [ -n "${{ inputs.github-token }}" ]; then
|
||||||
export NIX_INSTALLER_EXTRA_CONF="${{ inputs.extra-conf }}"
|
NIX_EXTRA_CONF="${NIX_EXTRA_CONF:+$NIX_EXTRA_CONF$NEWLINE}access-tokens = github.com=${{ inputs.github-token }}"
|
||||||
fi
|
fi
|
||||||
|
if [ "${{ inputs.trust-runner-user }}" == "true" ]; then
|
||||||
|
NIX_EXTRA_CONF="${NIX_EXTRA_CONF:+$NIX_EXTRA_CONF$NEWLINE}trusted-users = root $USER"
|
||||||
|
fi
|
||||||
|
if [ -n "$NIX_EXTRA_CONF" ]; then
|
||||||
|
export NIX_INSTALLER_EXTRA_CONF="$NIX_EXTRA_CONF"
|
||||||
echo "Set NIX_INSTALLER_EXTRA_CONF=$NIX_INSTALLER_EXTRA_CONF"
|
echo "Set NIX_INSTALLER_EXTRA_CONF=$NIX_INSTALLER_EXTRA_CONF"
|
||||||
else
|
|
||||||
if [ -n "${{ inputs.github-token }}" ]; then
|
|
||||||
export NIX_INSTALLER_EXTRA_CONF="access-tokens = github.com=${{ inputs.github-token }}"
|
|
||||||
echo "Set NIX_INSTALLER_EXTRA_CONF=$NIX_INSTALLER_EXTRA_CONF"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "${{ inputs.mac-encrypt }}" ]; then
|
if [ -n "${{ inputs.mac-encrypt }}" ]; then
|
||||||
|
|
Loading…
Reference in a new issue