Merge branch 'LnL7:master' into fix-cacerts-with-spaces

LnL7 · Jan 22, 2024 · 24735ab · 24735ab
2 parents 86b8ee4 + 1e706ef
commit 24735ab
Show file tree

Hide file tree

Showing 156 changed files with 3,899 additions and 2,949 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -12,7 +12,7 @@ jobs:
   build:
     runs-on: macos-12
     steps:
-    - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v17
+    - uses: actions/checkout@v3
+    - uses: cachix/install-nix-action@v22
     - run: |
         nix build ${{ github.event.client_payload.args }} -vL
diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml
@@ -12,8 +12,8 @@ jobs:
   debug:
     runs-on: macos-12
     steps:
-    - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v17
+    - uses: actions/checkout@v3
+    - uses: cachix/install-nix-action@v22
     - run: |
         nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
         nix-channel --update

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,33 +2,70 @@ name: "Test"
 on:
   pull_request:
   push:
+
+env:
+  CURRENT_STABLE_CHANNEL: nixpkgs-23.05-darwin
+
 jobs:
-  tests:
+  test-stable:
+    runs-on: macos-12
+    timeout-minutes: 30
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install nix corresponding to latest stable channel
+      uses: cachix/install-nix-action@v23
+      with:
+        install_url: https://releases.nixos.org/nix/nix-2.13.6/install
+    - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A tests
+    - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A manpages
+    - run: nix-build ./release.nix -I nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }} -I darwin=. -A examples.simple
+
+  test-unstable:
     runs-on: macos-12
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v17
-    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A tests
-    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A manpages
-    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A examples.simple
-  install:
+    - uses: actions/checkout@v3
+    - name: Install nix from current unstable channel
+      uses: cachix/install-nix-action@v23
+    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A tests
+    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A manpages
+    - run: nix-build ./release.nix -I nixpkgs=channel:nixpkgs-unstable -I darwin=. -A examples.simple
+
+  install-against-stable:
     runs-on: macos-12
     timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v2
-    - uses: cachix/install-nix-action@v17
-    - run: |
-        nix-channel --add https://nixos.org/channels/nixpkgs-22.05-darwin nixpkgs
+    - uses: actions/checkout@v3
+    - name: Install nix corresponding to latest stable channel
+      uses: cachix/install-nix-action@v23
+      with:
+        install_url: https://releases.nixos.org/nix/nix-2.13.6/install
+        nix_path: nixpkgs=channel:${{ env.CURRENT_STABLE_CHANNEL }}
+    - name: Install ${{ env.CURRENT_STABLE_CHANNEL }} channel
+      run: |
+        nix-channel --add https://nixos.org/channels/${{ env.CURRENT_STABLE_CHANNEL }} nixpkgs
         nix-channel --update
-    - run: |
+    - name: Install nix-darwin and test
+      run: |
         export NIX_PATH=$HOME/.nix-defexpr/channels
+
+        # We run nix-darwin twice to test that it can create darwin-configuration correctly for us
+        # but we expect it to fail setting up /etc/nix/nix.conf
+        nix-shell -A installer || true
+
+        nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
+        /usr/bin/sed -i.bak \
+          "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
+          ~/.nixpkgs/darwin-configuration.nix
+
         nix-shell -A installer
         nix-shell -A installer.check
-    - run: |
+    - name: Build and activate default derivation
+      run: |
         . /etc/static/bashrc
         darwin-rebuild switch -I darwin=.
-    - run: |
+    - name: Test uninstallation of nix-darwin
+      run: |
         export NIX_PATH=$HOME/.nix-defexpr/channels
         nix-shell -A uninstaller
         nix-shell -A uninstaller.check
@@ -38,32 +75,79 @@ jobs:
       timeout-minutes: 15
       with:
         limit-access-to-actor: true
-  install-flake:
+
+  install-against-unstable:
     runs-on: macos-12
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
+    - name: Install nix from current unstable channel
+      uses: cachix/install-nix-action@v23
       with:
-        fetch-depth: 0
-    - uses: cachix/install-nix-action@v17
-      with:
-         install_url: https://github.com/numtide/nix-flakes-installer/releases/download/nix-2.10.0pre20220808_73fde9e/install
-         extra_nix_config: |
-           experimental-features = nix-command flakes
-           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-    - run: |
+        nix_path: nixpkgs=channel:nixpkgs-unstable
+    - name: Install nixpkgs-unstable channel
+      run: |
         nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs
         nix-channel --update
-    - run: |
+    - name: Install nix-darwin and test
+      run: |
         export NIX_PATH=$HOME/.nix-defexpr/channels
+
+        # We run nix-darwin twice to test that it can create darwin-configuration correctly for us
+        # but we expect it to fail setting up /etc/nix/nix.conf
+        nix-shell -A installer || true
+
+        nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
+        /usr/bin/sed -i.bak \
+          "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
+          ~/.nixpkgs/darwin-configuration.nix
+
         nix-shell -A installer
-    - run: |
-        nix build ./modules/examples#darwinConfigurations.simple.system --override-input darwin .
-    - run: |
-        ./result/sw/bin/darwin-rebuild switch --flake ./modules/examples#simple --override-input darwin .
-    - run: |
+        nix-shell -A installer.check
+    - name: Build and activate default derivation
+      run: |
         . /etc/static/bashrc
-        darwin-rebuild build --flake ./modules/examples#simple --override-input darwin .
+        darwin-rebuild switch -I darwin=.
+    - name: Test uninstallation of nix-darwin
+      run: |
+        export NIX_PATH=$HOME/.nix-defexpr/channels
+        nix-shell -A uninstaller
+        nix-shell -A uninstaller.check
+    - name: Debugging tmate session
+      if: ${{ failure() }}
+      uses: mxschmitt/action-tmate@v3
+      timeout-minutes: 15
+      with:
+        limit-access-to-actor: true
+
+  install-flake-against-stable:
+    runs-on: macos-12
+    timeout-minutes: 30
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install nix version corresponding to latest stable channel
+      uses: cachix/install-nix-action@v23
+      with:
+        install_url: https://releases.nixos.org/nix/nix-2.13.6/install
+    - name: Install nix-darwin
+      run: |
+        mkdir -p ~/.config/nix-darwin
+        darwin=$(pwd)
+        pushd ~/.config/nix-darwin
+          nix flake init -t $darwin
+          nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
+          /usr/bin/sed -i.bak \
+            "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
+            flake.nix
+        popd
+        nix run .#darwin-rebuild -- \
+          switch --flake ~/.config/nix-darwin#simple \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
+    - name: Rebuild and activate simple flake, but this time using nix-darwin's flake interface
+      run: |
+        . /etc/static/bashrc
+        darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }}
     - name: Test git submodules
       run: |
         . /etc/static/bashrc
@@ -78,10 +162,11 @@ jobs:
         popd
 
         cp -a ./modules/examples/. /tmp/test-nix-darwin-submodules
+        cp -a ./modules/examples/flake/flake.nix /tmp/test-nix-darwin-submodules
 
         pushd /tmp/test-nix-darwin-submodules
           /usr/bin/sed -i.bak \
-            '\#modules = \[#s#darwin.darwinModules.simple#./simple.nix#' \
+            '\#modules = \[#s#configuration#configuration ./simple.nix#' \
             ./flake.nix
           /usr/bin/sed -i.bak \
             's#pkgs.vim#pkgs."${import ./submodule-test/hello.nix}"#' \
@@ -96,15 +181,17 @@ jobs:
         # Should fail
         darwin-rebuild build \
           --flake /tmp/test-nix-darwin-submodules#simple \
-          --override-input darwin . \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
           && {
             printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
             exit 1
           }
         # Should also fail
         darwin-rebuild build \
           --flake /tmp/test-nix-darwin-submodules?submodules=0#simple \
-          --override-input darwin . \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
           && {
             printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
             exit 1
@@ -113,4 +200,93 @@ jobs:
         # Should succeed
         darwin-rebuild build \
           --flake /tmp/test-nix-darwin-submodules?submodules=1#simple \
-          --override-input darwin .
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/${{ env.CURRENT_STABLE_CHANNEL }} \
+
+  install-flake-against-unstable:
+    runs-on: macos-12
+    timeout-minutes: 30
+    steps:
+    - uses: actions/checkout@v3
+    - name: Install nix from current unstable channel
+      uses: cachix/install-nix-action@v23
+    - name: Install nix-darwin
+      run: |
+        mkdir -p ~/.config/nix-darwin
+        darwin=$(pwd)
+        pushd ~/.config/nix-darwin
+          nix flake init -t $darwin
+          nixConfHash=$(shasum -a 256 /etc/nix/nix.conf | cut -d ' ' -f 1)
+          /usr/bin/sed -i.bak \
+            "s/# nix.package = pkgs.nix;/nix.settings.access-tokens = [ \"github.com=\${{ secrets.GITHUB_TOKEN }}\" ]; environment.etc.\"nix\/nix.conf\".knownSha256Hashes = [ \"$nixConfHash\" ];/" \
+            flake.nix
+        popd
+        nix run .#darwin-rebuild -- \
+          switch --flake ~/.config/nix-darwin#simple \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/nixpkgs-unstable
+    - name: Rebuild and activate simple flake, but this time using nix-darwin's flake interface
+      run: |
+        . /etc/static/bashrc
+        darwin-rebuild build --flake ./modules/examples/flake#simple --override-input nix-darwin . --override-input nixpkgs nixpkgs/nixpkgs-unstable
+    - name: Test git submodules
+      run: |
+        . /etc/static/bashrc
+
+        mkdir -p /tmp/{test-nix-darwin-submodules,example-submodule}
+
+        pushd /tmp/example-submodule
+          echo '"hello"' > hello.nix
+          git init
+          git add .
+          git commit -m "add a submodule we will import"
+        popd
+
+        cp -a ./modules/examples/. /tmp/test-nix-darwin-submodules
+        cp -a ./modules/examples/flake/flake.nix /tmp/test-nix-darwin-submodules
+
+        pushd /tmp/test-nix-darwin-submodules
+          /usr/bin/sed -i.bak \
+            '\#modules = \[#s#configuration#configuration ./simple.nix#' \
+            ./flake.nix
+          /usr/bin/sed -i.bak \
+            's#pkgs.vim#pkgs."${import ./submodule-test/hello.nix}"#' \
+            ./simple.nix
+          git init
+          git add flake.nix simple.nix
+          git \
+            -c protocol.file.allow=always \
+            submodule add /tmp/example-submodule submodule-test
+        popd
+
+        # Should fail
+        darwin-rebuild build \
+          --flake /tmp/test-nix-darwin-submodules#simple \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/nixpkgs-unstable \
+          && {
+            printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
+            exit 1
+          }
+
+        # Should also fail
+        darwin-rebuild build \
+          --flake /tmp/test-nix-darwin-submodules?submodules=0#simple \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/nixpkgs-unstable \
+          && {
+            printf 'succeeded while expecting failure due to submodule\n' >/dev/stderr
+            exit 1
+          }
+
+        # Should succeed
+        darwin-rebuild build \
+          --flake /tmp/test-nix-darwin-submodules?submodules=1#simple \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/nixpkgs-unstable
+
+        # Should also succeed
+        darwin-rebuild build \
+          --flake git+file:///tmp/test-nix-darwin-submodules?submodules=1#simple \
+          --override-input nix-darwin . \
+          --override-input nixpkgs nixpkgs/nixpkgs-unstable
diff --git a/.github/workflows/update-manual.yml b/.github/workflows/update-manual.yml
@@ -17,21 +17,19 @@ jobs:
         fetch-depth: 0
 
     - name: Install Nix
-      uses: cachix/install-nix-action@v17
-      with:
-        extra_nix_config: |
-          access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+      uses: cachix/install-nix-action@v22
 
     - name: Build manual
       run: |
-        nix-build ./release.nix -I nixpkgs=channel:nixpkgs-22.05-darwin -I darwin=. -A manualHTML
+        nix-build ./release.nix -I nixpkgs=channel:nixpkgs-23.05-darwin -I darwin=. -A manualHTML
 
     - name: Push update to manual
       run: |
         git checkout gh-pages
         rm -rf manual
         cp -R result/share/doc/darwin manual
         rm result
+        git checkout master -- README.md
         git config user.name github-actions
         git config user.email [email protected]
         git add --all