-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaction.bash
executable file
·94 lines (85 loc) · 2.53 KB
/
action.bash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/usr/bin/env bash
set -euo pipefail
group() {
printf "::group::%s\n" "$*"
}
endgroup() {
printf "::endgroup::\n"
}
die() {
printf "::error::%s\n" "$*"
exit 1
}
group 'Preflight checks'
{
test ! -e /nix -o -w /nix ||
die "failed to set up Lix: /nix exists but isn't writable"
: "${GITHUB_ACTION_REPOSITORY:="$GITHUB_REPOSITORY"}"
: "${XDG_CONFIG_HOME:="$HOME/.config"}"
}
endgroup
group 'Mount /nix'
{
test -e /nix || case "$RUNNER_OS" in
Linux)
sudo install -d -o "$USER" /nix
$LIX_ON_DISK || sudo mount -t tmpfs -o "size=90%,mode=0755,uid=$UID,gid=$(id -g)" tmpfs /nix
;;
macOS)
sudo tee -a /etc/synthetic.conf <<<$'nix\nrun\tprivate/var/run\n'
sudo /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t || :
test -L /run || die "failed to set up Lix: apfs.util couldn't symlink /run"
stat -f %Sd / |
sed -e 's/s[0-9]*$//' |
xargs -I{} -- sudo diskutil apfs addVolume {} APFS nix -mountpoint /nix
sudo mdutil -i off /nix
sudo chown "$USER" /nix
;;
*)
die "failed to set up Lix: this action doesn't support $RUNNER_OS runners (yet? :)"
;;
esac
}
endgroup
group 'Install Lix store'
{
test -f "$LIX_STORE_FILE" ||
gh release download "v$(cat "$GITHUB_ACTION_PATH/VERSION")" \
--output "${LIX_STORE_FILE##*/}" \
--pattern "${LIX_STORE_FILE##*/}" \
--repo "$GITHUB_ACTION_REPOSITORY"
time gh attestation verify "$LIX_STORE_FILE" --{,signer-}repo="$GITHUB_ACTION_REPOSITORY"
rm -rf /nix/var/gha
test "$RUNNER_OS" != macOS && tar=tar || tar=gtar
$tar --auto-compress --extract --skip-old-files --directory /nix --strip-components 1 <"$LIX_STORE_FILE"
}
endgroup
group 'Synthesize nix.conf'
{
mkdir -p "$XDG_CONFIG_HOME/nix"
tee -a "$XDG_CONFIG_HOME/nix/nix.conf" <<EOF
accept-flake-config = true
access-tokens = ${GITHUB_SERVER_URL#*://}=$GITHUB_TOKEN
experimental-features = nix-command flakes
include $XDG_CONFIG_HOME/nix/$GITHUB_REPOSITORY_ID.conf
EOF
tee "$XDG_CONFIG_HOME/nix/$GITHUB_REPOSITORY_ID.conf" <<<"$NIX_CONF"
}
endgroup
group 'Install Lix'
{
CDPATH='' cd "$(readlink /nix/var/gha/lix)"
./bin/nix-store --load-db </nix/var/gha/registration
# shellcheck source=/dev/null
MANPATH='' . ./etc/profile.d/nix.sh
test -n "${NIX_SSL_CERT_FILE:-}" -o ! -e /etc/ssl/cert.pem ||
NIX_SSL_CERT_FILE=/etc/ssl/cert.pem
./bin/nix-env --install "$PWD"
tee -a "$GITHUB_PATH" <<<"$HOME/.nix-profile/bin"
tee -a "$GITHUB_ENV" <<EOF
NIX_PROFILES=/nix/var/nix/profiles/default $HOME/.nix-profile
NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER
NIX_SSL_CERT_FILE=$NIX_SSL_CERT_FILE
EOF
}
endgroup