chore: update

2025-12-06 08:10:43 +01:00 · 2025-09-27 17:59:32 +08:00 · 2025-09-27 17:59:32 +08:00 · 6c6f264768
commit 6c6f264768
parent 26815c337f
19 changed files with 187 additions and 103 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -15,25 +15,28 @@ permissions:

 jobs:
  build:
+    name: ${{ matrix.label }}
    strategy:
      matrix:
-        label:
-          - caladan
        include:
          - label: caladan
            attr: darwinConfigurations.caladan.config.system.build.toplevel
-            runner: macos-14
+            runner: macos-latest

    runs-on: ${{ matrix.runner }}

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v5
        with:
          persist-credentials: false

      - name: Install Nix
-        uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # ratchet:cachix/install-nix-action@v31
+        run: .github/workflows/install-nix.sh
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

      - name: Build
-        run: nix build -L --show-trace .#${{ matrix.attr }}
+        run: nix build -L --show-trace ".#$NIX_BUILD_ATTR"
+        env:
+          NIX_BUILD_ATTR: ${{ matrix.attr }}
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@ -19,12 +19,14 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v5
        with:
          persist-credentials: false

      - name: Install Nix
-        uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # ratchet:cachix/install-nix-action@v31
+        run: .github/workflows/install-nix.sh
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

      - name: Check
        run: nix build --print-build-logs '.#checks.x86_64-linux.nixfmt'
@ -34,12 +36,14 @@ jobs:

    steps:
      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # ratchet:actions/checkout@v5
        with:
          persist-credentials: false

      - name: Install Nix
-        uses: cachix/install-nix-action@fc6e360bedc9ee72d75e701397f0bb30dce77568 # ratchet:cachix/install-nix-action@v31
+        run: .github/workflows/install-nix.sh
+        env:
+          GITHUB_TOKEN: ${{ github.token }}

      - name: Check
        run: nix build --print-build-logs '.#checks.x86_64-linux.reuse'
--- a/.github/workflows/install-nix.sh
+++ b/.github/workflows/install-nix.sh
@ -0,0 +1,86 @@
+#!/usr/bin/env bash
+# SPDX-FileCopyrightText: 2025 Ryan Cao <hello@ryanccn.dev>
+#
+# SPDX-License-Identifier: Apache-2.0
+
+# Modified from https://github.com/cachix/install-nix-action/blob/9280e7aca88deada44c930f1e2c78e21c3ae3edd/install-nix.sh
+
+set -euo pipefail
+
+if nix_path="$(type -p nix)" ; then
+    echo "Aborting: Nix is already installed at ${nix_path}"
+    exit
+fi
+
+if [[ ($OSTYPE =~ linux) ]]; then
+    enable_kvm() {
+        echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-install-nix-action-kvm.rules
+        sudo udevadm control --reload-rules && sudo udevadm trigger --name-match=kvm
+    }
+
+    echo '::group::Enabling KVM support'
+    enable_kvm && echo 'Enabled KVM' || echo 'KVM is not available'
+    echo '::endgroup::'
+fi
+
+echo "::group::Installing Nix"
+
+workdir=$(mktemp -d)
+trap 'rm -rf "$workdir"' EXIT
+
+extra_conf=(
+    "experimental-features = nix-command flakes"
+    "show-trace = true"
+    "max-jobs = auto"
+    "trusted-users = root ${USER:-}"
+)
+
+if [[ -n "${GITHUB_TOKEN:-}" && "${GITHUB_SERVER_URL:-}" == "https://github.com" ]]; then
+    echo "::debug::Using the default GITHUB_TOKEN for github.com"
+    extra_conf+=("access-tokens = github.com=$GITHUB_TOKEN")
+else
+    echo "::debug::Continuing without a GitHub access token"
+fi
+
+# Nix installer flags
+installer_args=(install)
+
+case "$OSTYPE" in
+    linux*)   installer_args+=(linux) ;;
+    darwin*)  installer_args+=(macos) ;;
+    *)        echo "unknown: $OSTYPE" ;;
+esac
+
+if [[ ! ($OSTYPE =~ darwin || -e /run/systemd/system) ]]; then
+    installer_args+=(--init none)
+fi
+
+installer_args+=(
+    --no-confirm
+    --extra-conf "$(printf $'%s\n' "${extra_conf[@]}")"
+)
+
+echo "installer args: ${installer_args[*]}"
+
+# There is --retry-on-errors, but only newer curl versions support that
+curl_retries=5
+while ! curl -o "$workdir/install" --proto '=https' --fail --tlsv1.2 -sSf -L https://artifacts.nixos.org/experimental-installer
+do
+    sleep 1
+    ((curl_retries--))
+    if [[ $curl_retries -le 0 ]]; then
+        echo "curl retries failed" >&2
+        exit 1
+    fi
+done
+
+sh "$workdir/install" "${installer_args[@]}"
+
+{
+    echo "/nix/var/nix/profiles/default/bin"
+    echo "${XDG_STATE_HOME:-"$HOME/.local/state"}/nix/profile"
+    echo "$HOME/.nix-profile/bin"
+} >> "$GITHUB_PATH"
+
+# Close the log message group which was opened above
+echo "::endgroup::"