diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml deleted file mode 100644 index 52330e3a4..000000000 --- a/.github/workflows/ci.yml +++ /dev/null @@ -1,653 +0,0 @@ -name: CI - -on: - workflow_dispatch: - pull_request: - push: - branches: [main] - -permissions: - id-token: "write" - contents: "read" - -jobs: - build-x86_64-linux: - uses: ./.github/workflows/build-x86_64-linux.yml - - build-x86_64-darwin: - uses: ./.github/workflows/build-x86_64-darwin.yml - - build-aarch64-linux: - uses: ./.github/workflows/build-aarch64-linux.yml - - build-aarch64-darwin: - uses: ./.github/workflows/build-aarch64-darwin.yml - - lints: - name: Lints - runs-on: UbuntuLatest32Cores128G - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Check Nixpkgs input - uses: DeterminateSystems/flake-checker-action@main - with: - fail-mode: true - check-outdated: false # PRs shouldn't fail because main's nixpkgs is out of date - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@main - with: - determinate: true - - uses: DeterminateSystems/flakehub-cache-action@main - with: - use-gha-cache: false - - name: Check rustfmt - run: nix develop --command check-rustfmt - - name: Check Clippy - run: nix develop --command check-clippy - - name: Check Spelling - run: nix develop --command check-spelling - - name: Check nixpkgs-fmt formatting - run: nix develop --command check-nixpkgs-fmt - - name: Check EditorConfig conformance - run: nix develop --command check-editorconfig - - name: Shell check for nix-installer.sh - run: nix develop --command shellcheck ./nix-installer.sh - - run-x86_64-linux: - name: Run x86_64 Linux${{ matrix.determinate && ' (--determinate)' || ''}} - runs-on: UbuntuLatest32Cores128G - needs: [lints, build-x86_64-linux] - strategy: - matrix: - determinate: [true, false] - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Restore Github cache artifacts - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: x86_64-linux-artifacts-${{ github.sha }} - - name: Move & set executable - run: | - mkdir install-root - cp nix-installer.sh install-root/nix-installer.sh - mv ./nix-installer install-root/nix-installer-x86_64-linux - chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh - - run: sudo apt install fish zsh - - name: Initial install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: "Validate dnixd is ${{ matrix.determinate && 'installed' || 'uninstalled' }}" - run: | - if test -x /usr/local/bin/determinate-nixd; then - echo "determinate-nixd is present" - ${{ matrix.determinate }} - else - echo "determinate-nixd is not present" - ${{ !matrix.determinate }} - fi - - name: Initial uninstall (without a `nix run` first) - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Ensure `nix` is removed - run: | - if systemctl is-active nix-daemon.socket; then - echo "nix-daemon.socket was still running" - exit 1 - fi - if systemctl is-active nix-daemon.service; then - echo "nix-daemon.service was still running" - exit 1 - fi - if [ -e /nix ]; then - echo "/nix exists" - exit 1 - fi - - name: Repeated install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: echo $PATH - run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - nix run nixpkgs#hello - nix profile install nixpkgs#hello - hello - nix store gc - nix run nixpkgs#hello - - name: Test bash - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: bash --login {0} - - name: Test sh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: sh -l {0} - - name: Test zsh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: zsh --login --interactive {0} - - name: Test fish - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: fish --login {0} - - name: Repeated uninstall - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Ensure `nix` is removed - run: | - if systemctl is-active nix-daemon.socket; then - echo "nix-daemon.socket was still running" - exit 1 - fi - if systemctl is-active nix-daemon.service; then - echo "nix-daemon.service was still running" - exit 1 - fi - if [ -e /nix ]; then - echo "/nix exists" - exit 1 - fi - - run-x86_64-linux-no-init: - name: Run x86_64 Linux (No init${{ matrix.determinate && ', --determinate' || ''}}) - runs-on: UbuntuLatest32Cores128G - needs: [lints, build-x86_64-linux] - strategy: - matrix: - determinate: [true, false] - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Restore Github cache artifacts - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: x86_64-linux-artifacts-${{ github.sha }} - - name: Move & set executable - run: | - mkdir install-root - cp nix-installer.sh install-root/nix-installer.sh - mv ./nix-installer install-root/nix-installer-x86_64-linux - chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh - - run: sudo apt install fish zsh - - name: Initial install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - init: none - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - planner: linux - - name: "Validate dnixd is ${{ matrix.determinate && 'installed' || 'uninstalled' }}" - run: | - if test -x /usr/local/bin/determinate-nixd; then - echo "determinate-nixd is present" - ${{ matrix.determinate }} - else - echo "determinate-nixd is not present" - ${{ !matrix.determinate }} - fi - - name: Ensure daemon was not configured with init - run: | - if systemctl is-active nix-daemon.socket; then - echo "nix-daemon.socket was running" - exit 1 - fi - if systemctl is-active nix-daemon.service; then - echo "nix-daemon.service was running" - exit 1 - fi - - name: Initial uninstall (without a `nix run` first) - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Ensure `nix` is removed - run: | - if [ -e /nix ]; then - echo "/nix exists" - exit 1 - fi - - name: Repeated install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - init: none - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - planner: linux - - name: echo $PATH - run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - sudo -i nix run nixpkgs#hello - sudo -i nix profile install nixpkgs#hello - hello - sudo -i nix store gc - sudo -i nix run nixpkgs#hello - - name: Test bash - run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: bash --login {0} - - name: Test sh - run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: sh -l {0} - - name: Test zsh - run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: zsh --login --interactive {0} - - name: Test fish - run: sudo -i nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: fish --login {0} - - name: Repeated uninstall - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Ensure `nix` is removed - run: | - if systemctl is-active nix-daemon.socket; then - echo "nix-daemon.socket was running" - exit 1 - fi - if systemctl is-active nix-daemon.service; then - echo "nix-daemon.service was running" - exit 1 - fi - if [ -e /nix ]; then - echo "/nix exists" - exit 1 - fi - - run-x86_64-darwin: - name: Run x86_64 Darwin${{ matrix.determinate && ' (--determinate)' || ''}} - runs-on: macos-13 - needs: [lints, build-x86_64-darwin] - strategy: - matrix: - determinate: [true, false] - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Restore Github cache artifacts - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: x86_64-darwin-artifacts-${{ github.sha }} - - name: Move & set executable - run: | - mkdir install-root - cp nix-installer.sh install-root/nix-installer.sh - mv ./nix-installer install-root/nix-installer-x86_64-darwin - chmod +x install-root/nix-installer-x86_64-darwin install-root/nix-installer.sh - - run: brew install fish coreutils - - name: Initial install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: "Validate dnixd is ${{ matrix.determinate && 'installed' || 'uninstalled' }}" - run: | - if test -x /usr/local/bin/determinate-nixd; then - echo "determinate-nixd is present" - ${{ matrix.determinate }} - else - echo "determinate-nixd is not present" - ${{ !matrix.determinate }} - fi - - name: Initial uninstall (without a `nix run` first) - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Repeated install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: echo $PATH - run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - nix run nixpkgs#hello - nix profile install nixpkgs#hello - hello - nix store gc - nix run nixpkgs#hello - - name: Test bash - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: bash --login {0} - - name: Test sh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: sh -l {0} - - name: Test zsh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: zsh --login --interactive {0} - - name: Test fish - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: fish --login {0} - - name: Repeated uninstall - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - run-aarch64-linux: - name: Run aarch64 Linux${{ matrix.determinate && ' (--determinate)' || ''}} - runs-on: namespace-profile-default-arm64 - needs: [lints, build-aarch64-linux] - strategy: - matrix: - determinate: [true, false] - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Restore Github cache artifacts - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: aarch64-linux-artifacts-${{ github.sha }} - - name: Move & set executable - run: | - mkdir install-root - cp nix-installer.sh install-root/nix-installer.sh - mv ./nix-installer install-root/nix-installer-aarch64-linux - chmod +x install-root/nix-installer-aarch64-linux install-root/nix-installer.sh - - run: sudo apt install -y fish zsh - - name: Initial install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: "Validate dnixd is ${{ matrix.determinate && 'installed' || 'uninstalled' }}" - run: | - if test -x /usr/local/bin/determinate-nixd; then - echo "determinate-nixd is present" - ${{ matrix.determinate }} - else - echo "determinate-nixd is not present" - ${{ !matrix.determinate }} - fi - - name: Initial uninstall (without a `nix run` first) - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Ensure `nix` is removed - run: | - if systemctl is-active nix-daemon.socket; then - echo "nix-daemon.socket was still running" - exit 1 - fi - if systemctl is-active nix-daemon.service; then - echo "nix-daemon.service was still running" - exit 1 - fi - if [ -e /nix ]; then - echo "/nix exists" - exit 1 - fi - - name: Repeated install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: echo $PATH - run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - nix run nixpkgs#hello - nix profile install nixpkgs#hello - hello - nix store gc - nix run nixpkgs#hello - - name: Test bash - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: bash --login {0} - - name: Test sh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: sh -l {0} - - name: Test zsh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: zsh --login --interactive {0} - - name: Test fish - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: fish --login {0} - - name: Repeated uninstall - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Ensure `nix` is removed - run: | - if systemctl is-active nix-daemon.socket; then - echo "nix-daemon.socket was still running" - exit 1 - fi - if systemctl is-active nix-daemon.service; then - echo "nix-daemon.service was still running" - exit 1 - fi - if [ -e /nix ]; then - echo "/nix exists" - exit 1 - fi - - run-aarch64-darwin: - name: Run aarch64 Darwin${{ matrix.determinate && ' (--determinate)' || ''}} - runs-on: macos-latest-xlarge - needs: [lints, build-aarch64-darwin] - strategy: - matrix: - determinate: [true, false] - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Restore Github cache artifacts - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: aarch64-darwin-artifacts-${{ github.sha }} - - name: Move & set executable - run: | - mkdir install-root - cp nix-installer.sh install-root/nix-installer.sh - mv ./nix-installer install-root/nix-installer-aarch64-darwin - chmod +x install-root/nix-installer-aarch64-darwin install-root/nix-installer.sh - - run: brew install fish coreutils - - name: Initial install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: "Validate dnixd is ${{ matrix.determinate && 'installed' || 'uninstalled' }}" - run: | - if test -x /usr/local/bin/determinate-nixd; then - echo "determinate-nixd is present" - ${{ matrix.determinate }} - else - echo "determinate-nixd is not present" - ${{ !matrix.determinate }} - fi - - name: Initial uninstall (without a `nix run` first) - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - name: Repeated install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: ${{ matrix.determinate }} - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - name: echo $PATH - run: echo $PATH - - name: Test `nix` with `$GITHUB_PATH` - if: success() || failure() - run: | - nix run nixpkgs#hello - nix profile install nixpkgs#hello - hello - nix store gc - nix run nixpkgs#hello - # NOTE(cole-h): GHA pushed a weird image that breaks this test for whatever reason, so ignore - # the failure for now - - name: Test bash - run: nix-instantiate -E 'builtins.currentTime' --eval || true - if: success() || failure() - shell: bash --login {0} - - name: Test sh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: sh -l {0} - - name: Test zsh - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: zsh --login --interactive {0} - - name: Test fish - run: nix-instantiate -E 'builtins.currentTime' --eval - if: success() || failure() - shell: fish --login {0} - - name: Repeated uninstall - run: sudo -E /nix/nix-installer uninstall - env: - NIX_INSTALLER_NO_CONFIRM: true - NIX_INSTALLER_LOGGER: pretty - NIX_INSTALLER_LOG_DIRECTIVES: nix_installer=debug - RUST_BACKTRACE: full - - run-x86_64-linux-release-check-matrix: - name: Run x86_64 Linux release check matrix - runs-on: UbuntuLatest64Cores256GX86 - needs: [lints, build-x86_64-linux] - if: startsWith(github.ref, 'release-') || startsWith(github.head_ref, 'release-') - strategy: - matrix: - command: - - nix flake check -L - - nix build -L --tarball-ttl 0 --keep-going .#hydraJobs.container-test.all.x86_64-linux.all - - nix build -L --tarball-ttl 0 --keep-going .#hydraJobs.vm-test.all.x86_64-linux.all - permissions: - id-token: "write" - contents: "read" - steps: - - uses: actions/checkout@v4 - - name: Restore Github cache artifacts - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: x86_64-linux-artifacts-${{ github.sha }} - - name: Move & set executable - run: | - mkdir install-root - cp nix-installer.sh install-root/nix-installer.sh - mv ./nix-installer install-root/nix-installer-x86_64-linux - chmod +x install-root/nix-installer-x86_64-linux install-root/nix-installer.sh - - name: Initial install - uses: DeterminateSystems/nix-installer-action@main - with: - backtrace: full - determinate: true - local-root: install-root/ - log-directives: nix_installer=debug - logger: pretty - - uses: DeterminateSystems/flakehub-cache-action@main - with: - use-gha-cache: false - - run: ${{ matrix.command }} - - run-x86_64-linux-release-checks: - name: Run x86_64 Linux release checks - runs-on: ubuntu-latest - needs: [run-x86_64-linux-release-check-matrix] - if: (startsWith(github.ref, 'release-') || startsWith(github.head_ref, 'release-')) && always() - steps: - - run: "true" - - run: | - echo "A dependent in the build matrix failed." - exit 1 - if: | - contains(needs.*.result, 'failure') || - contains(needs.*.result, 'cancelled') diff --git a/.github/workflows/release-prs.yml b/.github/workflows/release-prs.yml index b70e755d3..ae29dc224 100644 --- a/.github/workflows/release-prs.yml +++ b/.github/workflows/release-prs.yml @@ -29,45 +29,6 @@ jobs: uses: ./.github/workflows/build-x86_64-linux.yml with: cache-key: release-x86_64-linux-artifacts-${{ github.sha }} - build-aarch64-linux: - # Only intra-repo PRs are allowed to have PR artifacts uploaded - # We only want to trigger once the upload once in the case the upload label is added, not when any label is added - if: | - always() && !failure() && !cancelled() - && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' - && ( - (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') - || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) - ) - uses: ./.github/workflows/build-aarch64-linux.yml - with: - cache-key: release-aarch64-linux-artifacts-${{ github.sha }} - build-x86_64-darwin: - # Only intra-repo PRs are allowed to have PR artifacts uploaded - # We only want to trigger once the upload once in the case the upload label is added, not when any label is added - if: | - always() && !failure() && !cancelled() - && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' - && ( - (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') - || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) - ) - uses: ./.github/workflows/build-x86_64-darwin.yml - with: - cache-key: release-x86_64-darwin-artifacts-${{ github.sha }} - build-aarch64-darwin: - # Only intra-repo PRs are allowed to have PR artifacts uploaded - # We only want to trigger once the upload once in the case the upload label is added, not when any label is added - if: | - always() && !failure() && !cancelled() - && github.event.pull_request.head.repo.full_name == 'DeterminateSystems/nix-installer' - && ( - (github.event.action == 'labeled' && github.event.label.name == 'upload to s3') - || (github.event.action != 'labeled' && contains(github.event.pull_request.labels.*.name, 'upload to s3')) - ) - uses: ./.github/workflows/build-aarch64-darwin.yml - with: - cache-key: release-aarch64-darwin-artifacts-${{ github.sha }} release: # Only intra-repo PRs are allowed to have PR artifacts uploaded @@ -82,9 +43,6 @@ jobs: runs-on: ubuntu-latest needs: - build-x86_64-linux - - build-aarch64-linux - - build-x86_64-darwin - - build-aarch64-darwin steps: - name: Checkout uses: actions/checkout@v4 @@ -99,30 +57,6 @@ jobs: - name: Move artifact to artifacts directory run: mv ./nix-installer ./artifacts/nix-installer-x86_64-linux - - name: Fetch cached aarch64-linux binary - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: release-aarch64-linux-artifacts-${{ github.sha }} - - name: Move artifact to artifacts directory - run: mv ./nix-installer ./artifacts/nix-installer-aarch64-linux - - - name: Fetch cached x86_64-darwin binary - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: release-x86_64-darwin-artifacts-${{ github.sha }} - - name: Move artifact to artifacts directory - run: mv ./nix-installer ./artifacts/nix-installer-x86_64-darwin - - - name: Fetch cached aarch64-darwin binary - uses: actions/cache/restore@v4 - with: - path: nix-installer - key: release-aarch64-darwin-artifacts-${{ github.sha }} - - name: Move artifact to artifacts directory - run: mv ./nix-installer ./artifacts/nix-installer-aarch64-darwin - - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v2 with: diff --git a/src/action/common/provision_determinate_nixd.rs b/src/action/common/provision_determinate_nixd.rs index 0ed78726d..cf2127422 100644 --- a/src/action/common/provision_determinate_nixd.rs +++ b/src/action/common/provision_determinate_nixd.rs @@ -23,8 +23,12 @@ pub struct ProvisionDeterminateNixd { impl ProvisionDeterminateNixd { #[tracing::instrument(level = "debug", skip_all)] pub async fn plan() -> Result, ActionError> { - crate::distribution::DETERMINATE_NIXD_BINARY - .ok_or_else(|| Self::error(ActionErrorKind::DeterminateNixUnavailable))?; + let _binary_bytes = crate::distribution::determinate_nixd_binary_or( + std::env::var("DETSYS_DNIXD_BINARY_PATH") + .ok() + .map(PathBuf::from), + ) + .map_err(Self::error)?; let this = Self { binary_location: DETERMINATE_NIXD_BINARY_PATH.into(), @@ -61,8 +65,12 @@ impl Action for ProvisionDeterminateNixd { #[tracing::instrument(level = "debug", skip_all)] async fn execute(&mut self) -> Result<(), ActionError> { - let bytes = crate::distribution::DETERMINATE_NIXD_BINARY - .ok_or_else(|| Self::error(ActionErrorKind::DeterminateNixUnavailable))?; + let binary_bytes = crate::distribution::determinate_nixd_binary_or( + std::env::var("DETSYS_DNIXD_BINARY_PATH") + .ok() + .map(PathBuf::from), + ) + .map_err(Self::error)?; crate::util::remove_file(&self.binary_location, OnMissing::Ignore) .await @@ -76,7 +84,7 @@ impl Action for ProvisionDeterminateNixd { .map_err(Self::error)?; } - tokio::fs::write(&self.binary_location, bytes) + tokio::fs::write(&self.binary_location, binary_bytes) .await .map_err(|e| ActionErrorKind::Write(self.binary_location.clone(), e)) .map_err(Self::error)?; diff --git a/src/distribution.rs b/src/distribution.rs index a1109fefe..7f7d283a2 100644 --- a/src/distribution.rs +++ b/src/distribution.rs @@ -53,12 +53,30 @@ pub const DETERMINATE_NIX_TARBALL: Option<&[u8]> = /// The DETERMINATE_NIXD_BINARY_PATH environment variable should point to a target-appropriate /// static build of the Determinate Nixd binary. The contents are embedded in the resulting /// binary if the determinate-nix feature is turned on. -pub const DETERMINATE_NIXD_BINARY: Option<&[u8]> = +const DETERMINATE_NIXD_BINARY: Option<&[u8]> = Some(include_bytes!(env!("DETERMINATE_NIXD_BINARY_PATH"))); #[cfg(not(feature = "determinate-nix"))] -pub const DETERMINATE_NIXD_BINARY: Option<&[u8]> = None; +const DETERMINATE_NIXD_BINARY: Option<&[u8]> = None; #[cfg(not(feature = "determinate-nix"))] pub const DETERMINATE_NIX_TARBALL: Option<&[u8]> = None; #[cfg(not(feature = "determinate-nix"))] pub const DETERMINATE_NIX_TARBALL_PATH: Option<&str> = None; + +pub const fn maybe_determinate_nixd_binary() -> Option<&'static [u8]> { + DETERMINATE_NIXD_BINARY +} + +pub fn determinate_nixd_binary_or( + binary_path: Option, +) -> Result, crate::action::ActionErrorKind> { + let maybe_binary_bytes = maybe_determinate_nixd_binary(); + if let Some(binary_path) = binary_path { + Ok(std::fs::read(&binary_path) + .map_err(|e| crate::action::ActionErrorKind::Read(binary_path, e))?) + } else if let Some(binary_bytes) = maybe_binary_bytes { + Ok(binary_bytes.to_vec()) + } else { + Err(crate::action::ActionErrorKind::DeterminateNixUnavailable)? + } +}