Skip to content
Nix CI

fix(action): use a more precise check #2266

Sign in to view logs

fix(action): use a more precise check

fix(action): use a more precise check #2266

Workflow file for this run

.github/workflows/ci.yaml at 47869c4
name: Nix CI
on:
push:
# don't run on tags, run on commits
# https://github.com/orgs/community/discussions/25615
tags-ignore:
- "**"
branches:
- main
pull_request:
schedule:
- cron: 0 0 * * *
workflow_dispatch:
env:
pin_nixpkgs: nix registry pin nixpkgs github:NixOS/nixpkgs/def3da69945bbe338c373fddad5a1bb49cf199ce
# required for gh
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
extra_nix_config: |
substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://cache.iog.io
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=
keep-env-derivations = true
keep-outputs = true
experimental-features = nix-command flakes
accept-flake-config = true
nix_config_ca_derivations: |
extra-experimental-features = ca-derivations
jobs:
# Build the action
# Commit and push the built code
build:
name: Build the action
runs-on: ubuntu-24.04-arm
permissions:
contents: write
actions: write
if: github.event_name != 'pull_request' || github.repository == github.event.pull_request.head.repo.full_name
steps:
- uses: actions/checkout@v6
with:
submodules: true
ref: ${{ github.head_ref }}
- uses: cachix/install-nix-action@v31.9.0
with:
# We don't enable ca-derivations here
# because we have later jobs where ca-derivations is enabled.
extra_nix_config: |
${{ env.extra_nix_config }}
- name: Restore and save Nix store and npm cache
uses: ./.
with:
primary-key: build-${{ runner.os }}-${{ hashFiles('**/package-lock.json', 'package.json', 'flake.nix', 'flake.lock') }}
restore-prefixes-first-match: build-${{ runner.os }}-
paths: |
~/.npm
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: build-${{ runner.os }}-
# created more than 10 seconds ago relative to the start of the `Post Restore` phase
purge-created: PT10S
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# and collect garbage in the Nix store until it reaches this size in bytes
gc-max-store-size: 0
# # Uncomment to debug this job
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
- name: Configure git
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"
- name: Install packages & Build the action
run: nix run .#install
- name: Update docs
run: nix run .#write
- name: Commit & push changes
run: |
git add dist
git commit -m "chore: build the action" || echo "Nothing to commit"
git add {.,save,restore}/*.md
git commit -m "chore: update docs" || echo "Nothing to commit"
git add {.,save,restore}/*.yml
git commit -m "chore: update action configs" || echo "Nothing to commit"
git add src/*.ts src/utils/*.ts
git commit -m "chore: update src" || echo "Nothing to commit"
git push
- name: Save flake attributes from garbage collection
run: nix profile add .#saveFromGC
# Make `individual` caches
# Restore `individual` or `common` caches
# Usually, there should be no `individual` caches to restore as they're purged by `merge-similar-caches`
make-similar-caches:
name: Make similar caches
needs: build
permissions:
actions: write
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
id:
- 1
- 2
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
- uses: cachix/install-nix-action@v31.9.0
with:
# Make caches with ca-derivations enabled on some machines
# to test merging stores where the feature is enabled for one store and disabled for another.
# Don't enable it on some machines at all
# to test merging stores with that feature disabled.
extra_nix_config: |
${{ env.extra_nix_config }}
${{ (
(matrix.id == 1 && matrix.os == 'macos-15') ||
(matrix.id == 2 && matrix.os == 'ubuntu-24.04-arm')
) && env.nix_config_ca_derivations || ''
}}
- name: Restore Nix store - ${{ matrix.id }}
id: restore
uses: ./restore
with:
# save a new cache every time `ci.yaml` changes
primary-key: similar-cache-${{ matrix.os }}-individual-${{ matrix.id }}-${{ hashFiles('.github/workflows/ci.yaml') }}
# otherwise, restore a common cache if and only if it matches the current `ci.yaml`
restore-prefixes-first-match: similar-cache-${{ matrix.os }}-common-${{ hashFiles('.github/workflows/ci.yaml') }}
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
- name: Install nixpkgs#uv
if: matrix.id == 1
run: nix profile add nixpkgs#uv
- name: Install nixpkgs#nodejs
if: matrix.id == 2
run: nix profile add nixpkgs#nodejs
- name: Save Nix store - ${{ matrix.id }}
if: steps.restore.outputs.hit == 'false'
uses: ./save
with:
# save a new cache every time `ci.yaml` changes
primary-key: similar-cache-${{ matrix.os }}-individual-${{ matrix.id }}-${{ hashFiles('.github/workflows/ci.yaml') }}
# do purge caches
purge: true
# purge all versions of the individual cache
purge-prefixes: similar-cache-${{ matrix.os }}-individual-${{ matrix.id }}-
# created more than 0 seconds ago relative to the start of the `Post Restore` phase
purge-created: 0
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# and collect garbage in the Nix store until it reaches this size
gc-max-store-size: 8G
# Merge similar `individual` caches
# Purge `individual` caches and old `common` caches
# Save new `common` caches
merge-similar-caches:
name: Merge similar caches
needs: make-similar-caches
permissions:
actions: write
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
- uses: cachix/install-nix-action@v31.9.0
with:
# We enable ca-derivations only on macos-15
# to test more different cases.
extra_nix_config: |
${{ env.extra_nix_config }}
${{ matrix.os == 'macos-15' && env.nix_config_ca_derivations || '' }}
- name: Restore and save Nix store
uses: ./.
with:
primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('.github/workflows/ci.yaml') }}
# if no hit on the primary key, restore individual caches that match `ci.yaml`
restore-prefixes-all-matches: |
similar-cache-${{ matrix.os }}-individual-1-${{ hashFiles('.github/workflows/ci.yaml') }}
similar-cache-${{ matrix.os }}-individual-2-${{ hashFiles('.github/workflows/ci.yaml') }}
# do purge caches
purge: true
# purge old versions of the `common` cache and any versions of individual caches
purge-prefixes: |
similar-cache-${{ matrix.os }}-common-
similar-cache-${{ matrix.os }}-individual-
# created more than 0 seconds ago relative to the start of the `Post Restore` phase
purge-created: 0
# except the version with the `primary-key`, if it exists
purge-primary-key: never
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
# Stuff in a profile can survive garbage collection.
# Therefore, profiles are ignored when restoring a cache.
# So, the current profile should be the default profile created by the action that installs Nix.
# The default profile should contain only nix.
- name: List profile
run: nix profile list
- name: Check that the profile is empty.
shell: bash
run: |
[[ "$(nix profile list)" == "" ]]
- name: Install nixpkgs#uv
run: nix profile add nixpkgs#uv
- name: Install nixpkgs#nodejs
run: nix profile add nixpkgs#nodejs
- name: Run uv
run: uv --version
- name: Run node
run: node --version
# Check that the `common` cache is restored correctly
merge-similar-caches-check:
name: Check a `common` cache is restored correctly
needs: merge-similar-caches
permissions:
actions: write
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
- uses: cachix/install-nix-action@v31.9.0
with:
# We enable ca-derivations only on macos-15
# to test more different cases.
extra_nix_config: |
${{ env.extra_nix_config }}
${{ matrix.os == 'macos-15' && env.nix_config_ca_derivations || '' }}
- name: Restore Nix store
uses: ./restore
with:
primary-key: similar-cache-${{ matrix.os }}-common-${{ hashFiles('.github/workflows/ci.yaml') }}
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
# Stuff in a profile can survive garbage collection.
# Therefore, profiles are ignored when restoring a cache.
# So, the current profile should be the default profile created by the action that installs Nix.
# The default profile should contain only nix.
- name: List profile
run: nix profile list
- name: Check that the profile is empty.
shell: bash
run: |
[[ "$(nix profile list)" == "" ]]
- name: Install nixpkgs#uv
run: nix profile add nixpkgs#uv
- name: Install nixpkgs#nodejs
run: nix profile add nixpkgs#nodejs
- name: Run uv
run: uv --version
- name: Run node
run: node --version
#
compare-run-times:
name: Job with caching
needs:
- merge-similar-caches
- merge-similar-caches-check
permissions:
actions: write
strategy:
fail-fast: false
matrix:
do-cache:
- true
- false
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
# adapted from https://github.com/nodejs/node/pull/54658
- name: Cleanup
run: |
echo "::group::Free space before cleanup"
df -h
echo "::endgroup::"
echo "::group::Cleaned Files"
sudo rm -rfv ${{ runner.os == 'Linux' && '/usr/local/lib/android' || '/Users/runner/Library/Android/sdk' }}
echo "::endgroup::"
echo "::group::Free space after cleanup"
df -h
echo "::endgroup::"
- uses: cachix/install-nix-action@v31.9.0
with:
extra_nix_config: |
${{ env.extra_nix_config }}
- name: Restore and save Nix store
if: matrix.do-cache
uses: ./.
with:
# save a new cache every time ci file changes
primary-key: cache-${{ matrix.os }}-${{ hashFiles('.github/workflows/ci.yaml') }}
# if no hit, restore current versions of individual caches
restore-prefixes-first-match: cache-${{ matrix.os }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: cache-${{ matrix.os }}-
# created more than 0 seconds ago relative to the start of the `Post Restore` phase
purge-created: 0
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# and collect garbage in the Nix store until it reaches this size in bytes
gc-max-store-size: 0
# Uncomment to debug this job
# - name: Setup tmate session
# uses: mxschmitt/action-tmate@v3
- name: Show profile
run: nix profile list
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
- name: List registry
run: nix registry list
- name: Save nixpkgs from garbage collection
# Can't use nixpkgs#path
# https://github.com/NixOS/nixpkgs/issues/270292
run: nix profile add $(nix flake archive nixpkgs --json | jq -r '.path')
- name: Show profile
run: nix profile list
- name: Install nixpkgs#hello
run: nix profile add nixpkgs#hello
- name: Install nixpkgs#cachix
run: nix profile add nixpkgs#cachix
- name: Install nixpkgs#nixfmt
run: nix profile add nixpkgs#nixfmt
- name: Install nixpkgs#cargo
run: nix profile add nixpkgs#cargo
- name: Install nixpkgs#nixd
run: nix profile add nixpkgs#nixd
- name: Install nixpkgs#ghc
run: nix profile add nixpkgs#ghc
- name: Install nixpkgs#haskell-language-server
run: nix profile add nixpkgs#haskell-language-server
- name: Install nixpkgs#purescript
run: nix profile add nixpkgs#purescript
- name: Install nixpkgs#nodejs
run: nix profile add nixpkgs#nodejs
- name: Show profile
run: nix profile list
test-alt-nix-installers-restore-and-save:
name: Check alternative nix installers - restore and save cache
needs: compare-run-times
permissions:
actions: write
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
nix-installer:
- DeterminateSystems/determinate-nix-action
- nixbuild/nix-quick-install-action
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
- if: matrix.nix-installer == 'DeterminateSystems/determinate-nix-action'
uses: DeterminateSystems/determinate-nix-action@v3.15.2
with:
extra-conf: |
${{ env.extra_nix_config }}
${{ env.nix_config_ca_derivations }}
- if: matrix.nix-installer == 'nixbuild/nix-quick-install-action'
uses: deemp/nix-quick-install-action@v35
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
nix_archives_url: https://github.com/deemp/nix-quick-install-action/releases/download/v35
nix_conf: |
${{ env.extra_nix_config }}
${{ env.nix_config_ca_derivations }}
- name: Restore and save Nix store
uses: ./.
with:
primary-key: alt-cache-${{ matrix.os }}-${{ matrix.nix-installer }}-${{ hashFiles('.github/workflows/ci.yaml') }}
# do purge caches
purge: true
# purge old versions of the `common` cache and any versions of individual caches
purge-prefixes: |
alt-cache-${{ matrix.os }}-${{ matrix.nix-installer }}-
# created more than 0 seconds ago relative to the start of the `Post Restore` phase
purge-created: 0
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# and collect garbage in the Nix store until it reaches this size
gc-max-store-size: 0
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
- name: Save nixpkgs from garbage collection
run: nix profile add $(nix flake archive nixpkgs --json | jq -r '.path')
- name: Install a package
run: nix profile add nixpkgs#ghc
- name: Check installation
run: ghc --version
test-alt-nix-installers-restore-only:
name: Check alternative nix installers - restore only
needs: test-alt-nix-installers-restore-and-save
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
nix-installer:
- DeterminateSystems/determinate-nix-action
- nixbuild/nix-quick-install-action
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
- if: matrix.nix-installer == 'DeterminateSystems/determinate-nix-action'
uses: DeterminateSystems/determinate-nix-action@v3.15.2
with:
extra-conf: |
${{ env.extra_nix_config }}
${{ env.nix_config_ca_derivations }}
- if: matrix.nix-installer == 'nixbuild/nix-quick-install-action'
uses: deemp/nix-quick-install-action@v35
with:
github_access_token: ${{ secrets.GITHUB_TOKEN }}
nix_archives_url: https://github.com/deemp/nix-quick-install-action/releases/download/v35
nix_conf: |
${{ env.extra_nix_config }}
${{ env.nix_config_ca_derivations }}
- name: Restore Nix store
uses: ./restore
with:
primary-key: alt-cache-${{ matrix.os }}-${{ matrix.nix-installer }}-${{ hashFiles('.github/workflows/ci.yaml') }}
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
- name: Install a package
run: nix profile add nixpkgs#ghc
- name: Check installation
run: ghc --version
test-old-nix-gc-works:
name: Check works with old Nix versions
needs: test-alt-nix-installers-restore-only
strategy:
fail-fast: false
matrix:
os:
- macos-14
- macos-15
- ubuntu-24.04
- ubuntu-24.04-arm
runs-on: ${{ matrix.os }}
steps:
- name: Checkout this repo
uses: actions/checkout@v6
with:
ref: ${{ github.head_ref }}
- uses: cachix/install-nix-action@v31.9.0
with:
install_url: https://releases.nixos.org/nix/nix-2.32.5/install
extra_nix_config: |
${{ env.extra_nix_config }}
- name: Pin nixpkgs
run: ${{ env.pin_nixpkgs }}
- name: Get a package
run: nix run nixpkgs#hello
- name: Save
uses: ./save
with:
primary-key: old-nix-${{ matrix.os }}-${{ hashFiles('.github/workflows/ci.yaml') }}
gc-max-store-size: 0
test-collision-produce:
needs: build
uses: ./.github/workflows/test-hash-collision.yml
test-collision-consume:
needs: test-collision-produce
uses: ./.github/workflows/test-hash-collision.yml