Allow customizing the nix.conf through action inputs (#6)

* Make the created nix.conf customizable * Provide NIX_PATH to recursive derivation * Update to latest install-nix-action * Upgrade nix as part of by-root * Revert "Upgrade nix as part of by-root" This reverts commit ec01676.
kadena-io · Nov 8, 2023 · 279b76b · 279b76b
1 parent 88ed81f
commit 279b76b
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 13 deletions.
diff --git a/.github/workflows/test.nix b/.github/workflows/test.nix
@@ -0,0 +1,16 @@
+let pkgs = import <nixpkgs> {};
+in {
+  alwaysNewDerivation = pkgs.writeText "build-example" (builtins.toString builtins.currentTime);
+  constantDerivation = pkgs.runCommand "fetch-example" {} "echo Example > $out";
+  recursiveNixDerivation = pkgs.runCommand "recursive-nix-example"
+    {
+      buildInputs = [ pkgs.nix ];
+      requiredSystemFeatures = [ "recursive-nix" ];
+      NIX_PATH = "nixpkgs=${pkgs.path}";
+    }
+    ''
+      mkdir $out
+      echo ${builtins.toString builtins.currentTime} > $out/time.txt
+      ln -s $(nix-build ${./test.nix} -A constantDerivation) $out/recursive-output
+    '';
+}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -26,16 +26,21 @@ jobs:
       with:
         cache_url: s3://nodemon-nix-cache?region=us-east-1
         signing_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
+        additional_experimental_features: recursive-nix
 
     - uses: ./copy-root-aws-credentials
 
     - name: Attempt to build a new derivation with Nix
       run: |
-        nix-build -E '(import <nixpkgs> {}).writeText "build-example" (builtins.toString builtins.currentTime)'
+        nix-build .github/workflows/test.nix -A alwaysNewDerivation
 
     - name: Attempt to fetch an existing cache entry
       run: |
-        nix-build -E '(import <nixpkgs> {}).runCommand "fetch-example" {} "echo Example > $out"'
+        nix-build .github/workflows/test.nix -A constantDerivation
+
+    - name: Test the recursive-nix additional_experimental_features flag
+      run: |
+        nix-build .github/workflows/test.nix -A recursiveNixDerivation
 
   test-build-and-cache-by-runner:
     runs-on: ${{ matrix.os }}
@@ -58,13 +63,18 @@ jobs:
       with:
         cache_url: s3://nodemon-nix-cache?region=us-east-1
         signing_private_key: ${{ secrets.NIX_CACHE_PRIVATE_KEY }}
+        additional_experimental_features: recursive-nix
 
     - uses: ./copy-root-aws-credentials
 
     - name: Attempt to build a new derivation with Nix
       run: |
-        nix-build -E '(import <nixpkgs> {}).writeText "build-example" (builtins.toString builtins.currentTime)'
+        nix-build .github/workflows/test.nix -A alwaysNewDerivation
 
     - name: Attempt to fetch an existing cache entry
       run: |
-        nix-build -E '(import <nixpkgs> {}).runCommand "fetch-example" {} "echo Example > $out"'
+        nix-build .github/workflows/test.nix -A constantDerivation
+
+    - name: Test the recursive-nix additional_experimental_features flag
+      run: |
+        nix-build .github/workflows/test.nix -A recursiveNixDerivation
diff --git a/by-root/action.yml b/by-root/action.yml
@@ -13,11 +13,28 @@ inputs:
   signing_private_key:
     description: The private (secret) key used for signing Nix store paths
     required: true
+  additional_experimental_features:
+    description: 'Additional experimental features to enable in nix.conf'
+    required: false
+    default: ''
+  additional_substituters:
+    description: 'Additional substituters to add in nix.conf'
+    required: false
+    default: ''
+  additional_trusted_public_keys:
+    description: 'Additional trusted public keys to add in nix.conf'
+    required: false
+    default: ''
+  extra_nix_conf_entries:
+    description: 'Other key=value entries to add to nix.conf'
+    required: false
+    default: ''
+
 runs:
   using: composite
   steps:
     - name: Install Nix
-      uses: cachix/install-nix-action@v22
+      uses: cachix/install-nix-action@v23
       with:
         nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/23.05.tar.gz
 
@@ -31,7 +48,7 @@ runs:
         nix-build --version
       shell: bash
 
-    - name: Populate the nix.conf with cache fields
+    - name: Populate the nix.conf with cache fields and optional settings
       shell: bash
       run: |
         TMP_DIR=$(mktemp -d)
@@ -55,11 +72,12 @@ runs:
         max-jobs = auto
         $CERTFILEOPT
         trusted-users = root ${USER:-}
-        substituters = ${{ inputs.cache_url }} https://cache.nixos.org/
-        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+        substituters = ${{ inputs.cache_url }} https://cache.nixos.org/ ${{ inputs.additional_substituters }}
+        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ inputs.additional_trusted_public_keys }}
         secret-key-files = $TMP_DIR/key.private
         post-build-hook = $TMP_DIR/post-build-hook.sh
-        experimental-features = nix-command fetch-closure flakes
+        experimental-features = nix-command flakes ${{ inputs.additional_experimental_features }}
+        ${{ inputs.extra_nix_conf_entries }}
         EOF
 
     - name: Restart the Nix daemon on MacOS

diff --git a/by-runner/action.yml b/by-runner/action.yml
@@ -13,11 +13,28 @@ inputs:
   signing_private_key:
     description: The private (secret) key used for signing Nix store paths
     required: true
+  additional_experimental_features:
+    description: 'Additional experimental features to enable in nix.conf'
+    required: false
+    default: ''
+  additional_substituters:
+    description: 'Additional substituters to add in nix.conf'
+    required: false
+    default: ''
+  additional_trusted_public_keys:
+    description: 'Additional trusted public keys to add in nix.conf'
+    required: false
+    default: ''
+  extra_nix_conf_entries:
+    description: 'Other key=value entries to add to nix.conf'
+    required: false
+    default: ''
+
 runs:
   using: composite
   steps:
     - name: Install Nix
-      uses: cachix/install-nix-action@v22
+      uses: cachix/install-nix-action@v23
       with:
         nix_path: nixpkgs=https://github.com/NixOS/nixpkgs/archive/23.05.tar.gz
 
@@ -70,11 +87,12 @@ runs:
         max-jobs = auto
         $CERTFILEOPT
         trusted-users = root ${USER:-}
-        substituters = ${{ inputs.cache_url }} https://cache.nixos.org/
-        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+        substituters = ${{ inputs.cache_url }} https://cache.nixos.org/ ${{ inputs.additional_substituters }}
+        trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ inputs.additional_trusted_public_keys }}
         secret-key-files = $TMP_DIR/key.private
         post-build-hook = $TMP_DIR/post-build-hook.sh
-        experimental-features = nix-command fetch-closure flakes
+        experimental-features = nix-command flakes ${{ inputs.additional_experimental_features }}
+        ${{ inputs.extra_nix_conf_entries }}
         EOF
 
     - name: Restart the Nix daemon on MacOS