chore: introduce a darwin builder just for the nix build (#1180)

* chore: introduce a darwin builder just for the nix build

* fix: feed int he right dir

* fix: sed syntax for macos

* fix: perms

* fix: macos shebang

* chore: install nix

* fix: get nix on PATH

* fix: dealing with docker vs non-docker

* fix: limit cpu usage

---------

Co-authored-by: Sam Rose <[email protected]>

Author: samrose

.github/workflows/nix-build.yml

@@ -22,6 +22,8 @@ jobs:
             arch: amd64
           - runner: arm-runner
             arch: arm64
+          - runner: macos-latest
+            arch: arm64
     runs-on: ${{ matrix.runner }}
 
     steps:
@@ -45,17 +47,36 @@ jobs:
         env:
           NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
       - name: Log in to Docker Hub
+        if: matrix.runner != 'macos-latest'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Build psql bundle with nix
+        if: matrix.runner != 'macos-latest'
         run: docker build -t base_nix -f docker/nix/Dockerfile .
       - name: Run build psql bundle
+        if: matrix.runner != 'macos-latest'
         run:  |
           docker run -e AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
                     -e AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
                     -e AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} \
                     base_nix bash -c "./workspace/docker/nix/build_nix.sh"
+      - name: Build psql bundle on macos
+        if: matrix.runner == 'macos-latest'
+        run: |
+          curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm \
+          --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \
+          --extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+          . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
+          cp ./docker/nix/build_nix.sh ./build_nix.sh
+          sed -i '' '1s|^#!/bin/env bash|#!/usr/bin/env bash|' ./build_nix.sh
+          chmod +x ./build_nix.sh
+          ./build_nix.sh
+        env:
+          AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }}
+          AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }}
+
     name: build psql bundle on ${{ matrix.arch }}
 

docker/nix/build_nix.sh

@@ -2,7 +2,9 @@
 set -eou pipefail
 
 nix --version
-cd /workspace
+if [ -d "/workspace" ]; then
+    cd /workspace
+fi
 nix build .#psql_15/bin -o psql_15
 nix flake check -L 
 nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15

nix/ext/wrappers/default.nix

@@ -30,7 +30,8 @@ buildPgrxExtension_0_11_3 rec {
     darwin.apple_sdk.frameworks.SystemConfiguration 
   ];
   OPENSSL_NO_VENDOR = 1;
-  
+  #need to set this to 2 to avoid cpu starvation
+  CARGO_BUILD_JOBS = "2";
   CARGO="${cargo}/bin/cargo";
   cargoLock = {
     lockFile = "${src}/Cargo.lock";