From 61b5533dcaf4fe65494665f9ab3b48cfd74dc138 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 16:59:32 -0400 Subject: [PATCH 1/8] justfile: --commit-lock-file --- justfile | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/justfile b/justfile index 68b7e5c..9f6236c 100644 --- a/justfile +++ b/justfile @@ -1,9 +1,7 @@ update: git branch -D update || true git switch -c update - nix flake update - git add flake.lock - git commit -s -m "flake update" + nix flake update --commit-lock-file git push -f git switch main From 70ed1418632966ebb70bf52c07c04be5d22e3ebd Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:14:08 -0400 Subject: [PATCH 2/8] workflow: try lix --- .../workflows/build-machines-and-homes.yml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 7e25ec2..8459ace 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -43,6 +43,16 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + - name: Sync repository uses: actions/checkout@v4 with: @@ -83,6 +93,16 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + - name: Sync repository uses: actions/checkout@v4 with: From a45f4132e5902f45545762cceaeffcd8c32359a4 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:36:51 -0400 Subject: [PATCH 3/8] workflow: try another cache command cause --all is really all --- .github/workflows/build-machines-and-homes.yml | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 8459ace..2924929 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -52,6 +52,7 @@ jobs: 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ upgrade-nix \ --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version - name: Sync repository uses: actions/checkout@v4 @@ -64,8 +65,10 @@ jobs: - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') build-homes: strategy: fail-fast: false @@ -102,6 +105,7 @@ jobs: 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ upgrade-nix \ --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version - name: Sync repository uses: actions/checkout@v4 @@ -114,5 +118,7 @@ jobs: - name: cache if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + package=".#homeConfigurations."${{ matrix.home }}".activationPackage" + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') From 048800c0bf7ddb2778e92b7e0e4e7d42f3e5fd3a Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:40:46 -0400 Subject: [PATCH 4/8] workflow: same changes to build-packages --- .github/workflows/build-packages.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 5e779ac..44af952 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -36,6 +36,17 @@ jobs: run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem - name: Install Nix uses: cachix/install-nix-action@v30 + + - name: Install Lix + run: | + sudo --preserve-env=PATH $(which nix) run \ + --experimental-features "nix-command flakes" \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" \ + 'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \ + upgrade-nix \ + --extra-substituters https://cache.lix.systems --extra-trusted-public-keys "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=" + nix --version + - name: Sync repository uses: actions/checkout@v4 with: @@ -44,8 +55,9 @@ jobs: - name: cache result if: always() run: | - nix copy --all --to 's3://nixcache?endpoint=s3.cy7.sh' --verbose - nix store sign --store 's3://nixcache?endpoint=s3.cy7.sh' -k /home/runner/cache-priv-key.pem --all + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result - name: upload result From 47e5c5cd7798811d59702ad9cac04e356c0a08b7 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 17:47:46 -0400 Subject: [PATCH 5/8] workflow: add new lines --- .github/workflows/build-machines-and-homes.yml | 13 +++++++++++++ .github/workflows/build-packages.yml | 8 ++++++++ 2 files changed, 21 insertions(+) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 2924929..1272cc1 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -3,6 +3,7 @@ on: workflow_dispatch: push: pull_request: + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -16,6 +17,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-machines: strategy: @@ -27,6 +29,7 @@ jobs: os: - ubuntu-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -39,8 +42,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -58,10 +63,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" nix build -L "$package" + - name: cache if: always() run: | @@ -69,6 +76,7 @@ jobs: nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + build-homes: strategy: fail-fast: false @@ -80,6 +88,7 @@ jobs: - ubuntu-latest # - macos-latest runs-on: ${{ matrix.os }} + steps: - name: Maximize build disk space uses: easimon/maximize-build-space@v10 @@ -92,8 +101,10 @@ jobs: remove-codeql: 'true' remove-docker-images: 'true' build-mount-path: /nix + - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -111,10 +122,12 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - name: build run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" nix build -L "$package" + - name: cache if: always() run: | diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 44af952..637afbf 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -6,6 +6,7 @@ on: description: "package to build" required: false type: string + env: ATTIC_TOKEN: ${{ secrets.ATTIC_TOKEN }} NIX_CONFIG: | @@ -18,6 +19,7 @@ env: TERM: ansi AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets. AWS_SECRET_ACCESS_KEY }} + jobs: build-packages: strategy: @@ -31,9 +33,11 @@ jobs: # - macos-latest # - macos-13 runs-on: ${{ matrix.os }} + steps: - name: setup binary cache key run: echo "${{ secrets.NIX_CACHE_SECRET_KEY }}" >> /home/runner/cache-priv-key.pem + - name: Install Nix uses: cachix/install-nix-action@v30 @@ -51,15 +55,19 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false + - run: nix build -L ${{ matrix.package }} + - name: cache result if: always() run: | nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix path-info --recursive --derivation "${{ matrix.package }}" |sed 's/\.drv$/.drv^*/') + - name: prepare tarball to upload run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result + - name: upload result uses: actions/upload-artifact@v4 with: From 4d7f5a6e89522755cd8ef97c85fe9252db93ae6e Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:01:35 -0400 Subject: [PATCH 6/8] workflow: try yet another way to cache --- .../workflows/build-machines-and-homes.yml | 28 +++++++++++++++---- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 1272cc1..5fd1579 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -73,9 +73,18 @@ jobs: if: always() run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --recursive --derivation "$package") + + for derivation in "${derivations[@]}"; do + cache+=( + ) + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done build-homes: strategy: @@ -132,6 +141,13 @@ jobs: if: always() run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" - nix copy -j8 \ - --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ - $(nix path-info --recursive --derivation "$package" |sed 's/\.drv$/.drv^*/') + derivations=() + while IFS=$'\n' read derivation; do + derivations+=("$derivation") + done < <(nix path-info --recursive --derivation "$package") + + for derivation in "${derivations[@]}"; do + nix copy -j8 \ + --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ + $(nix-store --query --requisites --include-outputs "$derivation") + done From 96011436f792ac641f95694c9eded8adacb55874 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:20:41 -0400 Subject: [PATCH 7/8] workflow: no recursive and temp no always() --- .github/workflows/build-machines-and-homes.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index 5fd1579..f04d05f 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,17 +70,15 @@ jobs: nix build -L "$package" - name: cache - if: always() + # if: always() run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivations=() while IFS=$'\n' read derivation; do derivations+=("$derivation") - done < <(nix path-info --recursive --derivation "$package") + done < <(nix path-info --derivation "$package") for derivation in "${derivations[@]}"; do - cache+=( - ) nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \ $(nix-store --query --requisites --include-outputs "$derivation") @@ -138,13 +136,13 @@ jobs: nix build -L "$package" - name: cache - if: always() + # if: always() run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivations=() while IFS=$'\n' read derivation; do derivations+=("$derivation") - done < <(nix path-info --recursive --derivation "$package") + done < <(nix path-info --derivation "$package") for derivation in "${derivations[@]}"; do nix copy -j8 \ From dc781b5bc836ddce2b3536f3d47b5624b24afad2 Mon Sep 17 00:00:00 2001 From: cy Date: Fri, 28 Mar 2025 18:28:48 -0400 Subject: [PATCH 8/8] workflow: use !cancelled() instead of always() --- .github/workflows/build-machines-and-homes.yml | 6 ++++-- .github/workflows/build-packages.yml | 3 ++- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-machines-and-homes.yml b/.github/workflows/build-machines-and-homes.yml index f04d05f..2bf0350 100644 --- a/.github/workflows/build-machines-and-homes.yml +++ b/.github/workflows/build-machines-and-homes.yml @@ -70,7 +70,8 @@ jobs: nix build -L "$package" - name: cache - # if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel" derivations=() @@ -136,7 +137,8 @@ jobs: nix build -L "$package" - name: cache - # if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | package=".#homeConfigurations."${{ matrix.home }}".activationPackage" derivations=() diff --git a/.github/workflows/build-packages.yml b/.github/workflows/build-packages.yml index 637afbf..1118650 100644 --- a/.github/workflows/build-packages.yml +++ b/.github/workflows/build-packages.yml @@ -59,7 +59,8 @@ jobs: - run: nix build -L ${{ matrix.package }} - name: cache result - if: always() + # https://stackoverflow.com/a/58859404 + if: '!cancelled()' run: | nix copy -j8 \ --to 's3://nixcache?endpoint=s3.cy7.sh&secret-key=/home/runner/cache-priv-key.pem' \