Add IOG cache to substituters #5131
Conversation
No longer need to specify it in the GH workflow, and it now works for macOS as well.
sellout
force-pushed
the
nix-run-from-cache
branch
from
1293916
to
08f006e
Compare
| @@ -25,13 +25,6 @@ jobs: | |||
| steps: | |||
| - uses: actions/checkout@v4 | |||
| - uses: cachix/install-nix-action@v27 | |||
| if: runner.os == 'Linux' | |||
There was a problem hiding this comment.
This is the substituter that's poisoned on Mac (unless we have some way to confirm that it no longer is, but that seems hard/impossible), so don't think we want it for non-Linux.
There was a problem hiding this comment.
Ah, wait – from input-output-hk/haskell.nix#20181 I thought the poisoned cache would result in a build (or possibly runtime) failure, not a malicious injection or something.
The reason this is a draft is that I wanted to test it after #5142 lands, and see if we can restore that cache to the flake, which could lower the pressure on our own cache2.
I also think that maybe the reason you were running into it with IOG is that 9.2.8 isn’t one of their “officially supported“ versions (neither is 9.6.5), so it is probably selected by fewer users, and thus no one notices/cares.
Footnotes
-
which I should link to in the description above, once I actually write it, as well as remove cache.iog.io #4251. ↩
-
Using the IOG cache on Linux here also seems to be a problem – it means our cache will avoid storing anything that is found in IOG’s cache, but then if they’re needed by contributors, they’ll need to be rebuilt locally, because that cache isn’t not made available to users via the flake (and, as it seems you know, we can’t provide substituters in the flake based on the system). ↩
There was a problem hiding this comment.
Yeah, a runtime error in the build tools, wasn't worried about malicious injection; and we don't actually test them here, right?
My worry was that the bad packages would then be mirrored to the cachix cache, and then sadness when we use that one as well.
|
likely incorrect due to misunderstanding cachix, or still dangerous due to input-output-hk/haskell.nix#2018 |
Choose your PR title well: Your pull request title is what's used to create release notes, so please make it descriptive of the change itself, which may be different from the initial motivation to make the change.
Overview
What does this change accomplish and why?
i.e. How does it change the user experience?
i.e. What was the old behavior/API and what is the new behavior/API?
Feel free to include "before and after" examples if appropriate. (You can copy/paste screenshots directly into this editor.)
If relevant, which Github issues does it close? (See closing-issues-using-keywords.)
Implementation notes
How does it accomplish it, in broad strokes? i.e. How does it change the Haskell codebase?
Interesting/controversial decisions
Include anything that you thought twice about, debated, chose arbitrarily, etc.
What could have been done differently, but wasn't? And why?
Test coverage
Have you included tests (which could be a transcript) for this change, or is it somehow covered by existing tests?
Would you recommend improving the test coverage (either as part of this PR or as a separate issue) or do you think it’s adequate?
If you only tested by hand, because that's all that's practical to do for this change, mention that.
Loose ends
Link to related issues that address things you didn't get to. Stuff you encountered on the way and decided not to include in this PR.