mirror of
https://github.com/DeterminateSystems/nix-installer-action.git
synced 2025-01-25 13:34:08 +01:00
cd46bde16a
* Test nix-installer-action on Namespace.so It is special in that it doesn't have systemd, and it'd be great to support Namespace.so. It is also a good test case for a variety of self-hosted GHA runner use cases. * Make correlation more confident * Borrow docker as a process supervisor on Linux GHA runners without systemd This change introduces a Docker container shim which spawns the Nix daemon after bind mounting all the relevant paths into the container. The image is actually completely empty, other than metadata about what to run. This is a cheap and cheerful way to get decent process supervision in environments that don't bring systemd, but do have docker ... which is most everywhere in the GHA ecosystem. * Ignore generated files * Run on arm64 why not * Load a pre-built image, don't build * Check the userInfo.username instead of an env var * Stop double-printing output to the console * can't rm and restart * what * Clean up the container at the end * Emit the fetch line in the 'installing nix' section * tweak output * delete what
18 KiB
18 KiB
The Determinate Nix Installer Action
Based on the Determinate Nix Installer, responsible for over tens of thousands of Nix installs daily. The fast, friendly, and reliable GitHub Action to install Nix with Flakes.
Supports
- ✅ Accelerated KVM on open source projects and larger runners. See GitHub's announcement for more info.
- ✅ Linux, x86_64, aarch64, and i686
- ✅ macOS, x86_64 and aarch64
- ✅ WSL2, x86_64 and aarch64
- ✅ Containers
- ✅ Valve's SteamOS
- ✅ GitHub Enterprise Server
- ✅ GitHub Hosted, self-hosted, and long running Actions Runners
Usage
on:
pull_request:
push:
branches: [main]
jobs:
lints:
name: Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: DeterminateSystems/nix-installer-action@main
- run: nix build .
With FlakeHub
To fetch private flakes from FlakeHub, update the permissions
block and pass flakehub: true
:
on:
pull_request:
push:
branches: [main]
jobs:
lints:
name: Build
runs-on: ubuntu-latest
permissions:
id-token: "write"
contents: "read"
steps:
- uses: actions/checkout@v3
- uses: DeterminateSystems/nix-installer-action@main
with:
flakehub: true
- run: nix build .
See .github/workflows/ci.yml
for a full example.
Advanced Usage
- If KVM is available, the installer sets up KVM so that Nix can use it ,and exports the
DETERMINATE_NIX_KVM
environment variable set to 1. If KVM is not available,DETERMINATE_NIX_KVM
is set to 0. This can be used in combination with GitHub Actions'if
syntax for turning on and off steps.
Installation Differences
Differing from the upstream Nix installer scripts:
- In
nix.conf
:- the
nix-command
andflakes
features are enabled bash-prompt-prefix
is setauto-optimise-store
is set totrue
(On Linux only)
extra-nix-path
is set tonixpkgs=flake:nixpkgs
max-jobs
is set toauto
- the
- KVM is enabled by default.
- an installation receipt (for uninstalling) is stored at
/nix/receipt.json
as well as a copy of the install binary at/nix/nix-installer
nix-channel --update
is not run,~/.nix-channels
is not provisionedssl-cert-file
is set in/etc/nix/nix.conf
if thessl-cert-file
argument is used.
Configuration
Parameter | Description | Type | Default |
---|---|---|---|
backtrace |
The setting for RUST_BACKTRACE |
string | |
extra-args |
Extra arguments to pass to the planner (prefer using structured with: arguments unless using a custom planner!) |
string | |
extra-conf |
Extra configuration lines for /etc/nix/nix.conf (includes access-tokens with secrets.GITHUB_TOKEN automatically if github-token is set) |
string | |
flakehub |
Log in to FlakeHub to pull private flakes using the GitHub Actions JSON Web Token (JWT), which is bound to the api.flakehub.com audience. |
Boolean | false |
force-docker-shim |
Force the use of Docker as a process supervisor. This setting is automatically enabled when necessary. | Boolean | false |
github-token |
A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | string | ${{ github.token }} |
github-server-url |
The URL for the GitHub server, to use with the github-token token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided github-token is for a different GitHub server than the current server. |
string | ${{ github.server }} |
init |
The init system to configure (requires planner: linux-multi ) |
enum (none or systemd ) |
|
kvm |
Automatically configure the GitHub Actions Runner for NixOS test support, if the host supports it. | Boolean | true |
local-root |
A local nix-installer binary root. Overrides the nix-installer-url setting (a nix-installer.sh should exist, binaries should be named nix-installer-$ARCH , eg. nix-installer-x86_64-linux ). |
Boolean | false |
log-directives |
A list of tracing directives, comma separated with - s replaced with _ (eg. nix_installer=trace ) |
string | |
logger |
The logger to use during installation | enum (pretty , json , full , compact ) |
|
mac-case-sensitive |
Use a case-sensitive volume (planner: macos only) |
Boolean | false |
mac-encrypt |
Force encryption on the volume (planner: macos only) |
Boolean | false |
mac-root-disk |
The root disk of the target (planner: macos only) |
string | |
mac-volume-label |
The label for the created APFS volume (planner: macos only) |
string | |
modify-profile |
Modify the user profile to automatically load Nix | Boolean | false |
nix-build-group-id |
The Nix build group GID | integer | |
nix-build-group-name |
The Nix build group name | string | |
nix-build-user-base |
The Nix build user base UID (ascending) | integer | |
nix-build-user-count |
The number of build users to create | integer | 32 |
nix-build-user-prefix |
The Nix build user prefix (user numbers will be postfixed) | string | |
nix-installer-branch |
The branch of nix-installer to use (conflicts with the nix-installer-tag , nix-installer-revision , and nix-installer-branch ) |
string | |
nix-installer-pr |
The pull request of nix-installer to use (conflicts with nix-installer-tag , nix-installer-revision , and nix-installer-branch ) |
integer | |
nix-installer-revision |
The revision of nix-installer to use (conflicts with nix-installer-tag , nix-installer-branch , and nix-installer-pr ) |
string | |
nix-installer-tag |
The tag of nix-installer to use (conflicts with nix-installer-revision , nix-installer-branch , nix-installer-pr ) |
string | |
nix-installer-url |
A URL pointing to a nix-installer.sh script |
URL | https://install.determinate.systems/nix |
nix-package-url |
The Nix package URL | URL | |
planner |
The installation planner to use | enum (linux or macos ) |
|
reinstall |
Force a reinstall if an existing installation is detected (consider backing up /nix/store ) |
Boolean | false |
start-daemon |
If the daemon should be started, requires planner: linux-multi |
Boolean | false |
trust-runner-user |
Whether to make the runner user trusted by the Nix daemon | Boolean | true |
diagnostic-endpoint |
Diagnostic endpoint url where the installer sends install diagnostic reports to, to disable set this to an empty string | string | https://install.determinate.systems/nix/diagnostic |
proxy |
The proxy to use (if any), valid proxy bases are https://$URL , http://$URL and socks5://$URL |
string | |
ssl-cert-file |
An SSL cert to use (if any), used for fetching Nix and sets NIX_SSL_CERT_FILE for Nix |
string |