|
| 1 | +#!/usr/bin/env bash |
| 2 | +set -euo pipefail |
| 3 | + |
| 4 | +if nix_path="$(type -p nix)" ; then |
| 5 | + echo "Aborting: Nix is already installed at ${nix_path}" |
| 6 | + exit |
| 7 | +fi |
| 8 | + |
| 9 | +if [[ ($OSTYPE =~ linux) && ($INPUT_ENABLE_KVM == 'true') ]]; then |
| 10 | + enable_kvm() { |
| 11 | + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-install-nix-action-kvm.rules |
| 12 | + sudo udevadm control --reload-rules && sudo udevadm trigger --name-match=kvm |
| 13 | + } |
| 14 | + |
| 15 | + echo '::group::Enabling KVM support' |
| 16 | + enable_kvm && echo 'Enabled KVM' || echo 'KVM is not available' |
| 17 | + echo '::endgroup::' |
| 18 | +fi |
| 19 | + |
| 20 | +# GitHub command to put the following log messages into a group which is collapsed by default |
| 21 | +echo "::group::Installing Nix" |
| 22 | + |
| 23 | +# Create a temporary workdir |
| 24 | +workdir=$(mktemp -d) |
| 25 | +trap 'rm -rf "$workdir"' EXIT |
| 26 | + |
| 27 | +# Configure Nix |
| 28 | +add_config() { |
| 29 | + echo "$1" >> "$workdir/nix.conf" |
| 30 | +} |
| 31 | +add_config "show-trace = true" |
| 32 | +# Set jobs to number of cores |
| 33 | +add_config "max-jobs = auto" |
| 34 | +if [[ $OSTYPE =~ darwin ]]; then |
| 35 | + add_config "ssl-cert-file = /etc/ssl/cert.pem" |
| 36 | +fi |
| 37 | +# Allow binary caches for user |
| 38 | +add_config "trusted-users = root ${USER:-}" |
| 39 | +# Add a GitHub access token. |
| 40 | +# Token-less access is subject to lower rate limits. |
| 41 | +if [[ -n "${INPUT_GITHUB_ACCESS_TOKEN:-}" ]]; then |
| 42 | + echo "::debug::Using the provided github_access_token for github.com" |
| 43 | + add_config "access-tokens = github.com=$INPUT_GITHUB_ACCESS_TOKEN" |
| 44 | +# Use the default GitHub token if available. |
| 45 | +# Skip this step if running an Enterprise instance. The default token there does not work for github.com. |
| 46 | +elif [[ -n "${GITHUB_TOKEN:-}" && $GITHUB_SERVER_URL == "https://github.com" ]]; then |
| 47 | + echo "::debug::Using the default GITHUB_TOKEN for github.com" |
| 48 | + add_config "access-tokens = github.com=$GITHUB_TOKEN" |
| 49 | +else |
| 50 | + echo "::debug::Continuing without a GitHub access token" |
| 51 | +fi |
| 52 | +# Append extra nix configuration if provided |
| 53 | +if [[ -n "${INPUT_EXTRA_NIX_CONFIG:-}" ]]; then |
| 54 | + add_config "$INPUT_EXTRA_NIX_CONFIG" |
| 55 | +fi |
| 56 | +if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "experimental-features" ]]; then |
| 57 | + add_config "experimental-features = nix-command flakes" |
| 58 | +fi |
| 59 | +# Always allow substituting from the cache, even if the derivation has `allowSubstitutes = false`. |
| 60 | +# This is a CI optimisation to avoid having to download the inputs for already-cached derivations to rebuild trivial text files. |
| 61 | +if [[ ! $INPUT_EXTRA_NIX_CONFIG =~ "always-allow-substitutes" ]]; then |
| 62 | + add_config "always-allow-substitutes = true" |
| 63 | +fi |
| 64 | + |
| 65 | +# Nix installer flags |
| 66 | +installer_options=( |
| 67 | + --no-channel-add |
| 68 | + --darwin-use-unencrypted-nix-store-volume |
| 69 | + --nix-extra-conf-file "$workdir/nix.conf" |
| 70 | +) |
| 71 | + |
| 72 | +# only use the nix-daemon settings if on darwin (which get ignored) or systemd is supported |
| 73 | +if [[ (! $INPUT_INSTALL_OPTIONS =~ "--no-daemon") && ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then |
| 74 | + installer_options+=( |
| 75 | + --daemon |
| 76 | + --daemon-user-count "$(python3 -c 'import multiprocessing as mp; print(mp.cpu_count() * 2)')" |
| 77 | + ) |
| 78 | +else |
| 79 | + # "fix" the following error when running nix* |
| 80 | + # error: the group 'nixbld' specified in 'build-users-group' does not exist |
| 81 | + add_config "build-users-group =" |
| 82 | + sudo mkdir -p /etc/nix |
| 83 | + sudo chmod 0755 /etc/nix |
| 84 | + sudo cp "$workdir/nix.conf" /etc/nix/nix.conf |
| 85 | +fi |
| 86 | + |
| 87 | +if [[ -n "${INPUT_INSTALL_OPTIONS:-}" ]]; then |
| 88 | + IFS=' ' read -r -a extra_installer_options <<< "$INPUT_INSTALL_OPTIONS" |
| 89 | + installer_options=("${extra_installer_options[@]}" "${installer_options[@]}") |
| 90 | +fi |
| 91 | + |
| 92 | +echo "installer options: ${installer_options[*]}" |
| 93 | + |
| 94 | +# There is --retry-on-errors, but only newer curl versions support that |
| 95 | +curl_retries=5 |
| 96 | +while ! curl -sS -o "$workdir/install" -v --fail -L "${INPUT_INSTALL_URL:-https://releases.nixos.org/nix/nix-2.25.2/install}" |
| 97 | +do |
| 98 | + sleep 1 |
| 99 | + ((curl_retries--)) |
| 100 | + if [[ $curl_retries -le 0 ]]; then |
| 101 | + echo "curl retries failed" >&2 |
| 102 | + exit 1 |
| 103 | + fi |
| 104 | +done |
| 105 | + |
| 106 | +sh "$workdir/install" "${installer_options[@]}" |
| 107 | + |
| 108 | +# Set paths |
| 109 | +echo "/nix/var/nix/profiles/default/bin" >> "$GITHUB_PATH" |
| 110 | +# new path for nix 2.14 |
| 111 | +echo "$HOME/.nix-profile/bin" >> "$GITHUB_PATH" |
| 112 | + |
| 113 | +if [[ -n "${INPUT_NIX_PATH:-}" ]]; then |
| 114 | + echo "NIX_PATH=${INPUT_NIX_PATH}" >> "$GITHUB_ENV" |
| 115 | +fi |
| 116 | + |
| 117 | +# Set temporary directory (if not already set) to fix https://github.com/cachix/install-nix-action/issues/197 |
| 118 | +if [[ -z "${TMPDIR:-}" ]]; then |
| 119 | + echo "TMPDIR=${RUNNER_TEMP}" >> "$GITHUB_ENV" |
| 120 | +fi |
| 121 | + |
| 122 | +# Close the log message group which was opened above |
| 123 | +echo "::endgroup::" |
0 commit comments