x-ref

Using the newly introduced nixBuildArgs: -E 'with import <nixpkgs> {}; callPackage ./default.nix {}' parameter cachix constructs nix-build -E 'with import <nixpkgs> {}; callPackage ./default.nix {}' default.nix instead of expected nix-build -E 'with import <nixpkgs> {}; callPackage ./default.nix {}'.

Is there a way (i. e. setting file parameter) apart from rewriting my nix expression to overcome this situation ?

https://github.com/Mic92/sops-nix/pull/47/checks?check_run_id=1418847445#step:4:14

First off: thanks for an amazing set of tools for GitHub actions. I'm slowly moving all my builds to just use nix in GitHub in addition to locally.

I've been using the install-nix-action without issue for a while. I'm trying to add caching to my open source project but can't seem to make it work. It's setup correctly, I believe. But the cache isn't picked up.

I imagine it's related to my esoteric, but warranted, use of fetchTarball to pin channels down to the commit.

You can see the PR here: silviogutierrez/reactivated#54

And a successful run here: https://github.com/silviogutierrez/reactivated/pull/54/checks?check_run_id=1171142221

As well as the nix files in question here: https://github.com/silviogutierrez/reactivated/blob/8abffa2d5a080358dceb6083fe106ed7ad5fc814/shell.nix

Note: currently unstable and stable are the same commit, but this isn't always the case. They diverge often. So I can't just use nix_path in the action options. I need fetchTarball specifically.

And finally the GitHub actions conf here (Infrastructure job):

https://github.com/silviogutierrez/reactivated/blob/046be3b12ab9910eea42acc7c4f603402f2bade3/.github/workflows/ci.yaml

Any ideas how to get this to work? I'm using the built in action, so I don't think I need to follow this step: https://docs.cachix.org/faq.html#is-there-a-way-to-cache-nix-shell

Thanks for any help. And again, for the libraries and contributions.

See https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/

I saw that https://cachix.org/api/v1/install is essentially a snapshot of nixpkgs. Seems like if you use this action in combination with the install-nix action you could install cachix with nix-env -iA nixpkgs.cachix and save ~20 seconds of unpacking the aforementioned snapshot since it is already in nixpkgs.

Am I missing something?

Here's a CI run demonstrating the issue.

It looks like cachix can't read symlinks produced by the (successful) build. This only happens on macos and only when building musl artifacts.

https://github.com/cpcloud/protoletariat/runs/4576549612?check_suite_focus=true

I have a Haskell project that uses GH Actions to run CI with 2 different GHC versions. However I only want to push to cachix the most recent GHC version supported.

I used this:

    - uses: cachix/cachix-action@v6
      if: matrix.ghc == 'ghc883' # Push to cachix only the most up to date GHC version
      with:
        name: bolt12-laop
        signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
        # Only needed for private caches
        #authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

But it still runs the post cachix-action thingy on the other version.

Is there a way around this?

https://docs.cachix.org/pushing#flakes

I have the following .github/workflows/ci.yml:

name: "CI"
on:
  push:
    branches:
      - main
  pull_request: {} # validate all PRs

defaults:
  run:
    shell: bash

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/[email protected]
      - uses: cachix/install-nix-action@v16
        with:
          extra_nix_config: |
            access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
            experimental-features = nix-command flakes ca-derivations
      - uses: cachix/cachix-action@v10
        with:
          name: sundaeswap
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
      - run: echo "hello"

When this runs in CI, it fails with:

Run cachix/cachix-action@v10
Cachix: installing
  /usr/bin/bash -c nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
  error: unexpected end-of-file
  Error: Action failed with error: Error: The process '/usr/bin/bash' failed with exit code 1

EDIT: setting installCommand: nix profile install nixpkgs#cachix seems to work.

It uses /nix/var/nix/profiles/per-user/runner/profile/bin/cachix, but the binary is installed at /home/ubuntu/.nix-profile/bin/cachix.

In the neuron project, a PR just got merged that introduced changes to some dependencies: srid/neuron#315

Per the action run, cachix did seem to push the new ones (notably pandoc, but also skylighting) as one would expect.

However, once the PR got merged to master in srid/neuron@76fc3e4 - the new binaries from cache were not used; and they were rebuilding again.

The same issue happens on subsequent commits on master, such as this one srid/neuron@0b15fdf - and as you can see the build took over 30 mins, building pandoc and friends.

It looks like the cachix push step of the action did not really push all the binaries. That or, something has gone wrong in the cachix server?

Hi!

I'm trying to migrate to cachix v6 and am running into the following error:

/bin/sh -c nix path-info --all | grep -v '.drv$' | cat - /tmp/store-path-pre-build | sort | uniq -u  | /nix/var/nix/profiles/per-user/runner/profile/bin/cachix push nix-hie
  cachix: CppStdException "Exception: path '/nix/store/437pzy3m93xdnwknmw89wvhmc9w0vx2h-install' is not valid; type: nix::InvalidPath"
  ##[error]Action failed with error: Error: The process '/bin/sh' failed with exit code 1
  (node:4305) UnhandledPromiseRejectionWarning: Error: The process '/bin/sh' failed with exit code 1
      at ExecState._setResult (/home/runner/work/_actions/cachix/cachix-action/v6/dist/main/index.js:907:25)
      at ExecState.CheckComplete (/home/runner/work/_actions/cachix/cachix-action/v6/dist/main/index.js:890:18)
      at ChildProcess.<anonymous> (/home/runner/work/_actions/cachix/cachix-action/v6/dist/main/index.js:790:27)
      at ChildProcess.emit (events.js:210:5)
      at maybeClose (internal/child_process.js:1021:16)
      at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
  (node:4305) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
  (node:4305) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

The full logs / set up of the repo are at pbogdan/nix-hie#30

I'm not really sure if it's a user error but as I'm not really familiar with GitHub actions I don't know how to debug this further and / or correctly configure the action on my repo. I would really appreciate any help / pointers on how to fix this. Let me know if I can provide any other info.

It would be nice if there's an additional action arguments that supports specifying the cachix push arguments, e.g. compression level.

When the cachix-action does

sh -c nix path-info --all | grep -v '.drv$' > store-path-pre-build

It adds the file store-path-pre-build to the build directory, which affects reproducibility if the file isn't ignored.

Workaround for now: Add store-path-pre-build to filter sources or .gitignore if you are using gitignore.nix.

cc @domenkozar

I am getting an

error: a 'x86_64-linux' with features {kvm, nixos-test} is required to build '/nix/store/1rq4j0hk5g5p3917q13qzpa7rj19r61s-vm-test-run-redis.drv', but I am a 'x86_64-linux' with features {benchmark, big-parallel, nixos-test}

when running cachix-action against https://github.com/573/nix-github-integration-tests.

Would I need to add the line system-features = nixos-test to the configuration and how ?

The easy way of implementing something like that would be to tweak push-paths.sh script to list paths with human-readable size and drop those lines that do not end with K, M, G
Admittedly this kind of implementation does not sound great but I'd love to see such feature implemented.

Having set up cachix on travis before, I had to face the following questions:

• Can someone who creates a PR (i.e. anyone) modify the build instructions to extract the private key to cachix?
• Can someone who creates a PR (i.e. anyone) modify the build instructions to upload something to the cache that is not actually the result of the derivation.
• Can someone who can commit to master modify the build instructions to extract the private key to cachix?
• Can someone who can commit to master modify the build instructions to upload something to the cache that is not actually the result of the derivation.

Maybe the answers are obvious if you know GitHub Actions better than I do, but I would still appreciate a brief discussion of who I am trusting if I using this Github Action. Thanks!

So that all build dependencies are synced to cachix.

I have a usecase for building a library against multiple versions of the OCaml compiler.

Right now this action supports file and attributes but not --arg or --argstr which would be helpful to avoid repeating myself in the GH action. Ideally I'd be able to do something like:

    - uses: cachix/cachix-action@v3
      with:
        name: my-cache-name
        argstr: 
          - ocamlVersion ${{ matrix.ocamlVersion }}
        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'

strategy:
  matrix:
    ocamlVersion: [4_06, 4_07, 4_08, 4_09]

The following error is produced:

Run cachix/cachix-action@v10
  with:
    name: cachix-action
  env:
    NIX_PATH: nixpkgs=channel:nixos-unstable
Cachix: installing
  /usr/bin/bash -c nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
  error: path '/nix/store/q0lqpbbxcn2y4f23nhms7ncj7gvwbid1-cachix-0.6.0' does not exist and cannot be created
  Error: Action failed with error: Error: The process '/usr/bin/bash' failed with exit code 1

I've created a minimal reproducible example repo which fails when it uses the cachix action

You can see in this build that emacs is compiled, so in this build I'd expect it to download from cache.

That doesn't seem to be the case though. Maybe the cachix action doesn't support things built by home-manager? My understanding was it went to look for different things in /nix/store.

I am getting the following error while using cachix/cachix-action@v3:

Run cachix/cachix-action@v3
internal/modules/cjs/loader.js:800
    throw err;
    ^

Error: Cannot find module '@actions/core'
Require stack:
- /home/runner/work/_actions/cachix/cachix-action/v3/lib/main.js
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:797:15)
    at Function.Module._load (internal/modules/cjs/loader.js:690:27)
    at Module.require (internal/modules/cjs/loader.js:852:19)
    at require (internal/modules/cjs/helpers.js:74:18)
    at Object.<anonymous> (/home/runner/work/_actions/cachix/cachix-action/v3/lib/main.js:19:27)
    at Module._compile (internal/modules/cjs/loader.js:959:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:995:10)
    at Module.load (internal/modules/cjs/loader.js:815:32)
    at Function.Module._load (internal/modules/cjs/loader.js:727:14)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1047:10) {
  code: 'MODULE_NOT_FOUND',
  requireStack: [ '/home/runner/work/_actions/cachix/cachix-action/v3/lib/main.js' ]
}
##[error]Node run failed with exit code 1

Test repo: https://github.com/xzfc/cachix-test/blob/12f9fa068234aed52f5888b77aafc6053d3979b6/.github/workflows/test.yml
https://github.com/xzfc/cachix-test/runs/358848998

Whereas cachix/cachix-action@v2 works fine: https://github.com/xzfc/cachix-test/runs/358869757

I followed the instructions and created my cache named vrom911.cachix.org.

And here is the CI config I'm using: https://github.com/vrom911/haskeller-answers/blob/b31f221bbc3a671ac15bb42b0da52872a4070197/.github/workflows/ci.yml

Though, it started to build everything from the start for a minor PR:

• vrom911/haskeller-answers#18

My profile on cachix says that some cache was created as I have non-zero storage size now and I'm not using it in any other places at the moment.

This is particularly strange because we are using similar config for the @kowainik repos and it works smoothly. Could you advise what can be done?

P.S. thanks for putting this project up together 👍

Because the action is calling nix path-info, it might fail in some Nix installations.

/bin/sh -c nix path-info --all | grep -v '.drv$' > /tmp/store-path-pre-build
error: --- Error --- nix
experimental Nix feature 'nix-command' is disabled; use '--experimental-features nix-command' to override
##[error]Action failed with error: Error: The process '/bin/sh' failed with exit code 1
(node:3014) UnhandledPromiseRejectionWarning: Error: The process '/bin/sh' failed with exit code 1
    at ExecState._setResult (/home/runner/work/_actions/cachix/cachix-action/v6/dist/main/index.js:907:25)
    at ExecState.CheckComplete (/home/runner/work/_actions/cachix/cachix-action/v6/dist/main/index.js:890:18)
    at ChildProcess.<anonymous> (/home/runner/work/_actions/cachix/cachix-action/v6/dist/main/index.js:790:27)
    at ChildProcess.emit (events.js:210:5)
    at maybeClose (internal/child_process.js:1021:16)
    at Process.ChildProcess._handle.onexit (internal/child_process.js:283:5)
(node:3014) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 1)
(node:3014) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

This is only an issue when using https://github.com/numtide/nix-flakes-installer

Don't like the name, but the idea is that there could be extra caches to pull from.

First, awesome project, thank you!

I have a question / feature request (not sure which yet).

I'm working on a repo that's not (yet) using a default.nix to build the project, but is using a shell.nix to set up a development environment. This Github action looks like a perfect tool to automatically keep the cache of the environment up to date so users of the repo don't need to build the environment themselves.

Is there a way to run use this action to build a shell.nix rather than a default.nix file?

When builds fail it would be nice to be able to still cache the derivations that successfully built along the way.

I understand that cachix watch would be close to this, but it doesn't work in PRs from forks, which requires rewriting all existing code to use cachix watch and handling the fork runs.

I'd like to be able to use cachix-action when testing a non-Nix project, but it appears to run nix-build unconditionally. Ideally, IMO, the action should install cachix and enable the named cache, but should not assume that the current project is to be built.

https://github.com/purcell/package-lint/blob/nix-actions/.github/workflows/test.yml

It would be great if cachix-action uploads the built derivations even if the final build has failed.

My usecase is that, I am building a derivation with tons of third party dependencies, and if one of them fails on GitHub actions, cachix-action does not upload the transitive dependencies and I have to rebuild them in order to debug the build on my computer.

Probably relevant: #10

So it's easier to diagnose why things are not pushed

Currently the action pushes everything to cachix that hasn't been in the store after cachix itself has been loaded.

This causes "sources" beeing pushed to cachix, which will never be downloaded and GC'd on the next occasion.

Allowing to specify a path in the filesystem, eg. to a result symlink which will then be pushed including its references would cause a decrease in bandwith usage for both sides, CI time and storage cost on cachix as it would probably decrease time necessary to calculate GC'able items.

This would speed up CI builds significantly and save bandwidth.
Currently the cachix-action will pull built packages:
https://github.com/Mic92/nur-packages/runs/589727774
In the example above there were 500 MB pulled without a single package built.

This is how it can be implemented:

1. Get all packages: nix-env -f ./non-broken.nix -qaP \* --out-path --xml --meta > packages.xml
2. Get all build hashes: grep -oP '(?<=/nix/store/)[^-]*' < packages.xml (obviously this should be done by proper xml parsing)
3. Only build those attributes where curl -I https://<binary-cache>/<hash>.narinfo does not return a 404

Error occurred here in nix-community/fenix

Version/branch: v9

Same code didn't create an error with cachix-action v8

  /home/runner/work/_actions/cachix/cachix-action/v9/dist/main/push-paths.sh /home/runner/.nix-profile/bin/cachix nix-community 
  compressing and pushing /nix/store/910n8dndhwm1cl403k6fn9669fsqblm3-source (324.23 KiB)
  compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25 (68.52 MiB)
  compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05 (33.14 MiB)
  compressing and pushing /nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  compressing and pushing /nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25 (68.52 MiB)
  compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05 (33.14 MiB)
  compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock': Permission denied
  error: opening file '/nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock': Permission denied
  error: opening file '/nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock': Permission denied
  compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #1) compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #1) compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #1) compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #2) compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #1) compressing and pushing /nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #2) compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #2) compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #2) compressing and pushing /nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #3) compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #3) compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #3) compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #3) compressing and pushing /nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #4) compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #4) compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #4) compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #4) compressing and pushing /nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/b3mf13pm0jjyrh1lzkzyy4k9n9hyzr4l-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #5) compressing and pushing /nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock': Permission denied
  (retry #5) compressing and pushing /nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock (68.52 MiB)
  error: opening file '/nix/store/wm148qvc5szqyzympjvk4hpwnkarm17q-rust-nightly-default-2021-03-25.lock': Permission denied
  (retry #5) compressing and pushing /nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock (33.14 MiB)
  error: opening file '/nix/store/xx6zfrpd6qs1d8x78pvab3hxhsr6n6qy-rust-nightly-minimal-2021-04-05.lock': Permission denied
  
  CreateProcess {cmdspec = RawCommand "nix-store" ["--dump","/nix/store/4nz1i86avlrnx4fyxlcc67cvlynz5crz-rust-nightly-minimal-2021-04-05.lock"], cwd = Nothing, env = Nothing, std_in = Inherit, std_out = Inherit, std_err = Inherit, close_fds = False, create_group = False, delegate_ctlc = False, detach_console = False, create_new_console = False, new_session = False, child_group = Nothing, child_user = Nothing, use_process_jobs = False}::error::Action failed with error: Error: The process '/home/runner/work/_actions/cachix/cachix-action/v9/dist/main/push-paths.sh' failed with exit code 1

I'm seeing a weird error trying to use cachix-action.

/home/runner/work/_actions/cachix/cachix-action/v10/dist/main/push-paths.sh /home/runner/.nix-profile/bin/cachix ploop 
cachix: CppStdException "Exception: path '/nix/store/ab3yh7s8rms16b66jlbbzvjaif94ls93-python3.9-apache-beam-2.35.0' is not valid; type: nix::InvalidPath"
Error: Action failed with error: Error: The process '/home/runner/work/_actions/cachix/cachix-action/v10/dist/main/push-paths.sh' failed with exit code 1

Here's a link to the failed run: https://github.com/samuela/nixpkgs-upkeep/runs/4976168659?check_suite_focus=true.

Am I doing something wrong?

Until v4 the paths were pushed in parallel with the build, so the cache was populated even if the build would at the end fail. It seems that the current version updates the cache only if the build succeeds. This can be quite inconvenient for long builds.
What do you think about running the Cachix: Pushing paths group even if Invoking nix-build failed?

Every once in a while (around one in five), nix-channel action in cachix/install-nix-action segfaults:

Run cachix/install-nix-action@v2
sudo mkdir -p /etc/nix
sudo echo http2 = false >> /etc/nix/nix.conf
http2 = false >> /etc/nix/nix.conf
sh /home/runner/work/_temp/3f2d18f5-4cf6-47ae-b2b2-abe7fd7393f5
downloading Nix 2.3.1 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.3.1/nix-2.3.1-x86_64-linux.tar.xz' to '/tmp/nix-binary-tarball-unpack.32N94h0KVc'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  8 15.2M    8 1280k    0     0  1478k      0  0:00:10 --:--:--  0:00:10 1476k
 54 15.2M   54 8512k    0     0  4739k      0  0:00:03  0:00:01  0:00:02 4736k
100 15.2M  100 15.2M    0     0  5863k      0  0:00:02  0:00:02 --:--:-- 5863k
Note: a multi-user installation is possible. See https://nixos.org/nix/manual/#sect-multi-user-installation
performing a single-user installation of Nix...
directory /nix does not exist; creating it by running 'mkdir -m 0755 /nix && chown runner /nix' using sudo
copying Nix to /nix/store................................
installing 'nix-2.3.1'
building '/nix/store/cb6ss4jv8baxkq2pi6fnviqp9zyna73l-user-environment.drv'...
created 6 symlinks in user environment
Segmentation fault (core dumped)
Fetching the nixpkgs channel failed. (Are you offline?)
To try again later, run "nix-channel --update nixpkgs".
modifying /home/runner/.profile...

Installation finished!  To ensure that the necessary environment
variables are set, either log in again, or type

I think you intended to fix this issue by running: sudo echo http2 = false >> /etc/nix/nix.conf, but the fact that it printed http2 = false >> /etc/nix/nix.conf on the next line suggests me that there is some escaping issue going on.

Relevant: NixOS/nix#2733

When we use pr, signingKey is empty.
So nix-build is not called.
https://github.com/cachix/cachix-action/blob/v4/src/main.ts#L32-L36

Example: https://github.com/tilpner/nur-packages/commit/a68e4bfaf5926f11694b40011cda2b2638e1af1a/checks?check_suite_id=249766848

Hi, I know that you added support for this in cachix, both via the new mode and the previously existing store watching mode.

How can I mostly easily make use of that here? I'm running out of space on the GHA free builders and if cachix were pushing in the background, it's likely that I would eventually succeed (since I'm using nix-build-uncached, it would be able to keep poking through the builds, in some cases at least)

What is the best way to set-up cachix on a NixOS host running with a services.github-runner?

As per the issue raised on the NixOS matrix channel, this is a log I got from my attempt.

 /nix/store/l0wlqpbsvh1pgvhcdhw7qkka3d31si7k-bash-5.1-p8/bin/bash -c nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
  error: opening lock file '/nix/var/nix/profiles/per-user/github-runner/profile.lock': Read-only file system
  Error: Action failed with error: Error: The process '/nix/store/l0wlqpbsvh1pgvhcdhw7qkka3d31si7k-bash-5.1-p8/bin/bash' failed with exit code 1

My project validity is heavily used in my project smos.
They have separate cachix caches because validity is a widely used library by itself.
In the ci for smos, I'd like to use the cachix cache for validity.

I have a job that looks like this:

---
name: Build
on:
  pull_request:
  push:
jobs:
  builds:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
      with:
        fetch-depth: 0
    - uses: cachix/install-nix-action@v12
      with:
        install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.4pre20201221_9fab14a/install
        extra_nix_config: |
          experimental-features = nix-command flakes
    - uses: cachix/cachix-action@v8
      with:
        name: terlar
        authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
        extraPullNames: nix-community
    - run: cat $HOME/.config/nix/nix.conf
    - run: nix build --print-build-logs .#defaultPackage.x86_64-linux

The output of cachix/cachix-action@v8:

Run cachix/cachix-action@v8
Cachix: installing
/home/runner/.nix-profile/bin/cachix authtoken ***
Written to /home/runner/.config/cachix/cachix.dhall
Cachix: using cache terlar
  /nix/var/nix/profiles/per-user/runner/profile/bin/cachix use terlar
  Configured https://terlar.cachix.org binary cache in /home/runner/.config/nix/nix.conf
Cachix: using extra caches nix-community
  /nix/var/nix/profiles/per-user/runner/profile/bin/cachix use nix-community
  Configured https://terlar.cachix.org binary cache in /home/runner/.config/nix/nix.conf
/bin/sh -c nix path-info --all | grep -v '.drv$' > /tmp/store-path-pre-build

The output of the cat:

Run cat $HOME/.config/nix/nix.conf
substituters = https://cache.nixos.org https://terlar.cachix.org
trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= terlar.cachix.org-1:M8CXTOaJib7CP/jEfpNJAyrgW4qECnOUI02q7cnmh8U=

Seems it always add the cache name also for the extra caches as indicated by the output of cachix/cachix-action@v8. I started looking into this as when I transitioned from adding the cache myself to using the extraPullNames my build times went up a lot. Any idea what is going on?

i had my signing key set incorrectly (see my confusion in #15), and the cachix action succeeded on everything, until it was time to push to cachix. it was going for about 10 minutes, i went to lunch and came back, and it was still going. i think this should error instead.

It would be nice to avoid pushing some things to the cache. We build all of our targets in one pass with Nix on GitHub but we don't want our docker images pushed to cachix and bloating our cache.

Currently linux worker doesn't have much free disk space on root, so it quickly runs out of disk space.

To mitigate running:

- run: sudo rm -rf /opt || true

helps, but also takes 13s. There's probably a faster way and I'm not sure we should include that in the action.

It might have started to happen when I added ca-derivations ca-references to experimental-features. I'm already using nix-command flakes.

I have the same problem on my computer, but I'm only using flakes.

Run cachix/cachix-action@v10
Cachix: installing
  /usr/bin/bash -c nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
  error: unexpected end-of-file
  Error: Action failed with error: Error: The process '/usr/bin/bash' failed with exit code 1

Any ideas?

 Post job cleanup.
Cachix: push
  /home/runner/work/_actions/cachix/cachix-action/v10/dist/main/push-paths.sh /home/runner/.nix-profile/bin/cachix colemickens 
  cachix: CppStdException "Exception: path '/nix/store/zlrdfi88khbzy5s0p22ixgib1bmlyn0k-headscale-3cf599be6493e0e3d58a3671f8f7694f4304e576-go-modules' is not valid; type: nix::InvalidPath"
  Error: Action failed with error: Error: The process '/home/runner/work/_actions/cachix/cachix-action/v10/dist/main/push-paths.sh' failed with exit code 1

Seems to be repeatable, and shouldn't have anything to do with GC occurring.

If it could be related, I might be creating invalid nix store paths when i fake sha256s and then use the error to update them?

Currently the action does a diff before/after the build, which won't work reliably then there are multiple concurrent jobs running on the same machine.

We are getting this error intermittently on the Invoking Nix Build step on macos-latest:

  /nix/var/nix/profiles/default/bin/nix-build ci.nix
  error: could not set permissions on '/nix/var/nix/profiles/per-user' to 755: Operation not permitted
  ##[error]Action failed with error: Error: The process '/nix/var/nix/profiles/default/bin/nix-build' failed with exit code 1

This action is running after cachix/install-nix-action@v6, and I suspect an eventual fix is there, but it manifests in this action.

I haven't recognized a pattern yet, other than this happening ~50% of the time on macos-latest and so far not at all on ubuntu-latest.