Merge pull request #228 from nix-community/update-deps

Update dependencies

Author: deemp

.github/workflows-legacy/check-dist.yml

@@ -16,4 +16,4 @@ jobs:
     name: Check dist/
     uses: actions/reusable-workflows/.github/workflows/check-dist.yml@main
     with:
-      node-version: "20.x"
+      node-version: "24.x"

.github/workflows-legacy/licensed.yml

@@ -10,6 +10,31 @@ on:
   workflow_dispatch:
 
 jobs:
-  call-licensed:
-    name: Licensed
-    uses: actions/reusable-workflows/.github/workflows/licensed.yml@main
+  validate-cached-dependency-records:
+    runs-on: ubuntu-latest
+    name: Check licenses
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Install dependencies
+        run: npm ci --ignore-scripts
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: '3.1.7'
+
+      - name: Install licensed tool
+        run: |
+          cd "$RUNNER_TEMP"
+          curl -Lfs -o licensed.tar.gz https://github.com/licensee/licensed/archive/refs/tags/v5.0.4.tar.gz
+          tar -xzf licensed.tar.gz
+          cd licensed-5.0.4
+          bundle install
+
+      - name: Check cached dependency records
+        run: |
+          cd ${{ github.workspace }}
+          BUNDLE_GEMFILE=$RUNNER_TEMP/licensed-5.0.4/Gemfile bundle exec $RUNNER_TEMP/licensed-5.0.4/exe/licensed status

.github/workflows-legacy/publish-immutable-actions.yml

@@ -2,7 +2,7 @@ name: 'Publish Immutable Action Version'
 
 on:
   release:
-    types: [published]
+    types: [released]
 
 jobs:
   publish:

.github/workflows-legacy/workflow.yml

@@ -24,7 +24,7 @@ jobs:
     - name: Setup Node.js 20.x
       uses: actions/setup-node@v4
       with:
-        node-version: 20.x
+        node-version: 24.x
         cache: npm
     - run: npm ci
     - name: Prettier Format Check

.github/workflows/buildjet-ci.yaml

@@ -3,10 +3,18 @@ on:
   workflow_dispatch:
 
 env:
-  pin_nixpkgs: nix registry pin nixpkgs github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d
+  pin_nixpkgs: nix registry pin nixpkgs github:NixOS/nixpkgs/def3da69945bbe338c373fddad5a1bb49cf199ce
   # required for gh
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+  nix_conf: |
+    substituters = https://cache.nixos.org/ https://nix-community.cachix.org https://cache.iog.io
+    trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=
+    keep-env-derivations = true
+    keep-outputs = true
+  nix_conf_ca_derivations: |
+    extra-experimental-features = ca-derivations
+
 jobs:
   # Build the action
   # Commit and push the built code
@@ -22,8 +30,12 @@ jobs:
           submodules: true
 
       - uses: nixbuild/nix-quick-install-action@v34
+        with:
+          # We don't enable ca-derivations here
+          # because we have later jobs where ca-derivations is enabled.
+          nix_conf: ${{ env.nix_conf }}
 
-      - name: Restore and save Nix store
+      - name: Restore and save Nix store and npm cache
         uses: ./.
         with:
           primary-key: build-${{ runner.os }}-${{ hashFiles('**/package-lock.json', 'package.json', 'flake.nix', 'flake.lock') }}
@@ -37,6 +49,8 @@ jobs:
           purge-created: 0
           # except the version with the `primary-key`, if it exists
           purge-primary-key: never
+          # and collect garbage in the Nix store until it reaches this size in bytes
+          gc-max-store-size: 0
           # use BuildJet backend
           backend: buildjet
 
@@ -65,10 +79,13 @@ jobs:
         run: |
           git add dist
           git commit -m "chore: build the action" || echo "Nothing to commit"
-          git add .
+          git add {.,save,restore}/{*.yml,*.md}
           git commit -m "chore: update docs" || echo "Nothing to commit"
           git push
 
+      - name: Save flake attributes from garbage collection
+        run: nix profile install .#saveFromGC
+
   # Make `individual` caches
   # Restore `individual` or `common` caches
   # Usually, there should be no `individual` caches to restore as they're purged by `merge-similar-caches`
@@ -81,7 +98,7 @@ jobs:
       matrix:
         os:
           - macos-14
-          - macos-14
+          - macos-15
           - ubuntu-22.04
           - ubuntu-24.04
         id:
@@ -101,7 +118,18 @@ jobs:
           }}
 
       - uses: nixbuild/nix-quick-install-action@v34
-
+        with:
+          # Make caches with ca-derivations enabled on some machines
+          # to test merging stores where the feature is enabled for one store and disabled for another.
+          # Don't enable it on some machines at all
+          # to test merging stores with that feature disabled.
+          nix_conf: |
+            ${{ env.nix_conf }}
+            ${{ (
+                  (matrix.id == 1 && matrix.os == 'ubuntu-22.04') || 
+                  (matrix.id == 2 && matrix.os == 'ubuntu-24.04')
+                ) && env.nix_conf_ca_derivations || ''
+            }}
       - name: Restore Nix store - ${{ matrix.id }}
         id: restore
         uses: ./restore
@@ -136,6 +164,8 @@ jobs:
           purge-created: 0
           # except the version with the `primary-key`, if it exists
           purge-primary-key: never
+          # and collect garbage in the Nix store until it reaches this size in bytes
+          gc-max-store-size: 8G
           # use BuildJet backend
           backend: buildjet
 
@@ -151,7 +181,7 @@ jobs:
       matrix:
         os:
           - macos-14
-          - macos-14
+          - macos-15
           - ubuntu-22.04
           - ubuntu-24.04
     runs-on: ${{ matrix.os }}
@@ -168,6 +198,12 @@ jobs:
             }}
 
       - uses: nixbuild/nix-quick-install-action@v34
+        with:
+          # We enable ca-derivations only on macos-15
+          # to test more different cases.
+          nix_conf: |
+            ${{ env.nix_conf }}
+            ${{ matrix.os == 'macos-15' && env.nix_conf_ca_derivations || '' }}
 
       - name: Restore and save Nix store
         uses: ./.
@@ -227,7 +263,7 @@ jobs:
       matrix:
         os:
           - macos-14
-          - macos-14
+          - macos-15
           - ubuntu-22.04
           - ubuntu-24.04
     runs-on: ${{ matrix.os }}
@@ -244,6 +280,12 @@ jobs:
             }}
 
       - uses: nixbuild/nix-quick-install-action@v34
+        with:
+          # We enable ca-derivations only on macos-15
+          # to test more different cases.
+          nix_conf: |
+            ${{ env.nix_conf }}
+            ${{ matrix.os == 'macos-15' && env.nix_conf_ca_derivations || '' }}
 
       - name: Restore Nix store
         uses: ./restore
@@ -295,7 +337,7 @@ jobs:
           - false
         os:
           - macos-14
-          - macos-14
+          - macos-15
           - ubuntu-22.04
           - ubuntu-24.04
     runs-on: ${{ matrix.os }}
@@ -311,7 +353,22 @@ jobs:
               || format('git pull --rebase origin {0}', github.ref_name) 
           }}
 
+      # adapted from https://github.com/nodejs/node/pull/54658
+      - name: Cleanup
+        run: |
+          echo "::group::Free space before cleanup"
+          df -h
+          echo "::endgroup::"
+          echo "::group::Cleaned Files"
+          sudo rm -rfv ${{ runner.os == 'Linux' && '/usr/local/lib/android' || '/Users/runner/Library/Android/sdk' }}
+          echo "::endgroup::"
+          echo "::group::Free space after cleanup"
+          df -h
+          echo "::endgroup::"
+
       - uses: nixbuild/nix-quick-install-action@v34
+        with:
+          nix_conf: ${{ env.nix_conf }}
 
       - name: Restore and save Nix store
         if: matrix.do-cache
@@ -330,7 +387,7 @@ jobs:
           # except the version with the `primary-key`, if it exists
           purge-primary-key: never
           # and collect garbage in the Nix store until it reaches this size in bytes
-          gc-max-store-size: 8000000000
+          gc-max-store-size: 0
           # use BuildJet backend
           backend: buildjet
 
@@ -347,47 +404,48 @@ jobs:
       - name: List registry
         run: nix registry list
 
-      - name: Install nixpkgs
+      - name: Save nixpkgs from garbage collection
+        # About nixpkgs#path
+        # https://github.com/NixOS/nixpkgs/issues/270292
         run: nix profile install $(nix flake archive nixpkgs --json | jq -r '.path')
 
       - name: Show profile
         run: nix profile list
 
       - name: Install nixpkgs#hello
-        run: |
-          nix profile install nixpkgs#hello
+        run: nix profile install nixpkgs#hello
 
       - name: Install nixpkgs#cachix
-        run: |
-          nix profile install nixpkgs#cachix
+        run: nix profile install nixpkgs#cachix
 
       - name: Install nixpkgs#nixpkgs-fmt
-        run: |
-          nix profile install nixpkgs#nixpkgs-fmt
+        run: nix profile install nixpkgs#nixpkgs-fmt
 
       - name: Install nixpkgs#alejandra
-        run: |
-          nix profile install nixpkgs#alejandra
+        run: nix profile install nixpkgs#alejandra
 
       - name: Install nixpkgs#nixd
-        run: |
-          nix profile install nixpkgs#nixd
+        run: nix profile install nixpkgs#nixd
 
       - name: Install nixpkgs#ghc
-        run: |
-          nix profile install nixpkgs#ghc
+        run: nix profile install nixpkgs#ghc
 
       - name: Install nixpkgs#haskell-language-server
-        run: |
-          nix profile install nixpkgs#haskell-language-server
+        run: nix profile install nixpkgs#haskell-language-server
 
       - name: Install nixpkgs#purescript
-        run: |
-          nix profile install nixpkgs#purescript
+        run: nix profile install nixpkgs#purescript
 
       - name: Install nixpkgs#nodejs
-        run: |
-          nix profile install nixpkgs#nodejs
+        run: nix profile install nixpkgs#nodejs
 
       - name: Show profile
         run: nix profile list
+
+  test-collision-produce:
+    needs: build
+    uses: ./.github/workflows/test-hash-collision.yml
+
+  test-collision-consume:
+    needs: test-collision-produce
+    uses: ./.github/workflows/test-hash-collision.yml