From 8c9bda1782b8a6e340860f57a21b52b6ef3e67bb Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 20 Aug 2023 22:58:56 +0300 Subject: [PATCH 01/23] Add support for nix store remote copying This is a requirement in order to make Bazel remote execution work. Without it it's not guaranteed that any necessary nix paths will be available during the build. Any local derivation will be copied over to a specified remote nix server which will also as a Bazel executor. This way any nix paths required during the build, will be available. The user will have to provide the `BAZEL_NIX_REMOTE` environment variable. This should be the name of any entry on the SSH_CONFIG file where all the authentication details are provided. e.g ```bash $ export BAZEL_NIX_REMOTE=nix-server $ cat ~/.ssh/config Host nix-server Hostname 1.2.3.4 IdentityFile ~/.ssh/nix-server Port 2222 User nix-user ``` This was done in order to simplify the processes of authentication and keep the number of configuration options to a minimum. --- core/nixpkgs.bzl | 45 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 41 insertions(+), 4 deletions(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index 1e28fa5af..568225f61 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -396,22 +396,60 @@ def _nixpkgs_build_file_content(repository_ctx): else: return None -def _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content): +def _nixpkgs_build_and_symlink(repository_ctx, nix_build_path, expr_args, build_file_content): # Large enough integer that Bazel can still parse. We don't have # access to MAX_INT and 0 is not a valid timeout so this is as good # as we can do. The value shouldn't be too large to avoid errors on # macOS, see https://github.com/tweag/rules_nixpkgs/issues/92. timeout = 8640000 repository_ctx.report_progress("Building Nix derivation") + + nix_host = repository_ctx.os.environ.get('BAZEL_NIX_REMOTE', '') + if nix_host: + nix_store = "ssh-ng://{host}?max-connections=1".format(host = nix_host) + repository_ctx.report_progress("Remote-building Nix derivation") + exec_result = execute_or_fail( + repository_ctx, + [nix_build_path, "--store", nix_store, "--eval-store", "auto"] + expr_args, + failure_message = "Cannot build Nix attribute '{}'.".format( + repository_ctx.attr.attribute_path, + ), + quiet = repository_ctx.attr.quiet, + timeout = timeout, + ) + output_path = exec_result.stdout.splitlines()[-1] + + ssh_path = repository_ctx.which("ssh") + repository_ctx.report_progress("Creating remote store root") + exec_result = execute_or_fail( + repository_ctx, + [ssh_path] + [nix_host, "nix-store --add-root /nix/var/nix/gcroots/per-user/nix/rules_nixpkgs_{root} -r {path}".format(root = output_path.split('/')[-1], path = output_path) ], + failure_message = "Cannot build Nix attribute '{}'.".format( + repository_ctx.attr.attribute_path, + ), + quiet = repository_ctx.attr.quiet, + timeout = 10000, + ) + + nix_path = repository_ctx.which("nix") + repository_ctx.report_progress("Downloading Nix derivation") + exec_result = repository_ctx.execute( + [nix_path, "copy", "--from", nix_store, output_path], + quiet = repository_ctx.attr.quiet, + timeout = 10000, + ) + exec_result = execute_or_fail( repository_ctx, - nix_build, + [nix_build_path] + expr_args, failure_message = "Cannot build Nix derivation for package '@{}'.".format(repository_ctx.name), quiet = repository_ctx.attr.quiet, timeout = timeout, ) output_path = exec_result.stdout.splitlines()[-1] + repository_ctx.report_progress("Creating local folders") + # ensure that the output is a directory test_path = repository_ctx.which("test") execute_or_fail( @@ -542,9 +580,8 @@ def _nixpkgs_package_impl(repository_ctx): "nix-build", extra_msg = "See: https://nixos.org/nix/", ) - nix_build = [nix_build_path] + expr_args - _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content) + _nixpkgs_build_and_symlink(repository_ctx, nix_build_path, expr_args, build_file_content) _nixpkgs_package = repository_rule( implementation = _nixpkgs_package_impl, From 1d0c513382c236e370b87b92a89bcfecd8d761f7 Mon Sep 17 00:00:00 2001 From: z8v Date: Wed, 23 Aug 2023 12:16:47 +0300 Subject: [PATCH 02/23] Update patch to be compatible with the current state of rules_nixpkgs --- core/nixpkgs.bzl | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index 568225f61..236f1a596 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -396,7 +396,7 @@ def _nixpkgs_build_file_content(repository_ctx): else: return None -def _nixpkgs_build_and_symlink(repository_ctx, nix_build_path, expr_args, build_file_content): +def _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_content): # Large enough integer that Bazel can still parse. We don't have # access to MAX_INT and 0 is not a valid timeout so this is as good # as we can do. The value shouldn't be too large to avoid errors on @@ -410,7 +410,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build_path, expr_args, build_ repository_ctx.report_progress("Remote-building Nix derivation") exec_result = execute_or_fail( repository_ctx, - [nix_build_path, "--store", nix_store, "--eval-store", "auto"] + expr_args, + [nix_path, "build", "--store", nix_store, "--eval-store", "auto"] + expr_args, failure_message = "Cannot build Nix attribute '{}'.".format( repository_ctx.attr.attribute_path, ), @@ -441,7 +441,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build_path, expr_args, build_ exec_result = execute_or_fail( repository_ctx, - [nix_build_path] + expr_args, + [nix_path, "build"] + expr_args, failure_message = "Cannot build Nix derivation for package '@{}'.".format(repository_ctx.name), quiet = repository_ctx.attr.quiet, timeout = timeout, @@ -575,13 +575,13 @@ def _nixpkgs_package_impl(repository_ctx): for opt in repository_ctx.attr.nixopts ]) - nix_build_path = executable_path( + nix_path = executable_path( repository_ctx, - "nix-build", + "nix", extra_msg = "See: https://nixos.org/nix/", ) - _nixpkgs_build_and_symlink(repository_ctx, nix_build_path, expr_args, build_file_content) + _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_content) _nixpkgs_package = repository_rule( implementation = _nixpkgs_package_impl, @@ -778,9 +778,8 @@ def _nixpkgs_flake_package_impl(repository_ctx): "nix", extra_msg = "See: https://nixos.org/nix/", ) - nix_build = [nix_path, "build"] + expr_args - _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content) + _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_content) _nixpkgs_flake_package = repository_rule( implementation = _nixpkgs_flake_package_impl, From aa4cf1d88638398d83335da6bd61412f594ea692 Mon Sep 17 00:00:00 2001 From: z8v Date: Wed, 23 Aug 2023 12:29:23 +0300 Subject: [PATCH 03/23] Remove extra nix_path variable --- core/nixpkgs.bzl | 1 - 1 file changed, 1 deletion(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index 236f1a596..73028d71e 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -431,7 +431,6 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_c timeout = 10000, ) - nix_path = repository_ctx.which("nix") repository_ctx.report_progress("Downloading Nix derivation") exec_result = repository_ctx.execute( [nix_path, "copy", "--from", nix_store, output_path], From 7e628fee2b1a023982d8de11699d2f11ca60f5ec Mon Sep 17 00:00:00 2001 From: z8v Date: Wed, 23 Aug 2023 12:47:41 +0300 Subject: [PATCH 04/23] Use separate nix path for the remote server --- core/nixpkgs.bzl | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index 73028d71e..f4ac8dfa1 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -396,7 +396,7 @@ def _nixpkgs_build_file_content(repository_ctx): else: return None -def _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_content): +def _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content): # Large enough integer that Bazel can still parse. We don't have # access to MAX_INT and 0 is not a valid timeout so this is as good # as we can do. The value shouldn't be too large to avoid errors on @@ -404,13 +404,19 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_c timeout = 8640000 repository_ctx.report_progress("Building Nix derivation") + nix_path = executable_path( + repository_ctx, + "nix", + extra_msg = "See: https://nixos.org/nix/", + ) + nix_host = repository_ctx.os.environ.get('BAZEL_NIX_REMOTE', '') if nix_host: nix_store = "ssh-ng://{host}?max-connections=1".format(host = nix_host) repository_ctx.report_progress("Remote-building Nix derivation") exec_result = execute_or_fail( repository_ctx, - [nix_path, "build", "--store", nix_store, "--eval-store", "auto"] + expr_args, + [nix_path, "build", "--store", nix_store, "--eval-store", "auto"], failure_message = "Cannot build Nix attribute '{}'.".format( repository_ctx.attr.attribute_path, ), @@ -440,7 +446,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_c exec_result = execute_or_fail( repository_ctx, - [nix_path, "build"] + expr_args, + nix_build, failure_message = "Cannot build Nix derivation for package '@{}'.".format(repository_ctx.name), quiet = repository_ctx.attr.quiet, timeout = timeout, @@ -574,13 +580,15 @@ def _nixpkgs_package_impl(repository_ctx): for opt in repository_ctx.attr.nixopts ]) - nix_path = executable_path( + nix_build_path = executable_path( repository_ctx, - "nix", + "nix-build", extra_msg = "See: https://nixos.org/nix/", ) - _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_content) + nix_build = [nix_build_path] + expr_args + + _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content) _nixpkgs_package = repository_rule( implementation = _nixpkgs_package_impl, @@ -777,8 +785,9 @@ def _nixpkgs_flake_package_impl(repository_ctx): "nix", extra_msg = "See: https://nixos.org/nix/", ) + nix_build = [nix_path, "build"] + expr_args - _nixpkgs_build_and_symlink(repository_ctx, nix_path, expr_args, build_file_content) + _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content) _nixpkgs_flake_package = repository_rule( implementation = _nixpkgs_flake_package_impl, From 6a110dd7d5ae259ae30063ca17104ee22152d7de Mon Sep 17 00:00:00 2001 From: z8v Date: Wed, 23 Aug 2023 12:59:03 +0300 Subject: [PATCH 05/23] Add an extra argument for exprs --- core/nixpkgs.bzl | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index f4ac8dfa1..5d646ad10 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -396,7 +396,7 @@ def _nixpkgs_build_file_content(repository_ctx): else: return None -def _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content): +def _nixpkgs_build_and_symlink(repository_ctx, nix_build_cmd, expr_args, build_file_content): # Large enough integer that Bazel can still parse. We don't have # access to MAX_INT and 0 is not a valid timeout so this is as good # as we can do. The value shouldn't be too large to avoid errors on @@ -416,7 +416,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content): repository_ctx.report_progress("Remote-building Nix derivation") exec_result = execute_or_fail( repository_ctx, - [nix_path, "build", "--store", nix_store, "--eval-store", "auto"], + nix_build_cmd + ["--store", nix_store, "--eval-store", "auto"] + expr_args, failure_message = "Cannot build Nix attribute '{}'.".format( repository_ctx.attr.attribute_path, ), @@ -446,7 +446,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content): exec_result = execute_or_fail( repository_ctx, - nix_build, + nix_build_cmd + expr_args, failure_message = "Cannot build Nix derivation for package '@{}'.".format(repository_ctx.name), quiet = repository_ctx.attr.quiet, timeout = timeout, @@ -586,9 +586,7 @@ def _nixpkgs_package_impl(repository_ctx): extra_msg = "See: https://nixos.org/nix/", ) - nix_build = [nix_build_path] + expr_args - - _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content) + _nixpkgs_build_and_symlink(repository_ctx, [nix_build_path], expr_args, build_file_content) _nixpkgs_package = repository_rule( implementation = _nixpkgs_package_impl, @@ -785,9 +783,8 @@ def _nixpkgs_flake_package_impl(repository_ctx): "nix", extra_msg = "See: https://nixos.org/nix/", ) - nix_build = [nix_path, "build"] + expr_args - _nixpkgs_build_and_symlink(repository_ctx, nix_build, build_file_content) + _nixpkgs_build_and_symlink(repository_ctx, [nix_path, "build"], expr_args, build_file_content) _nixpkgs_flake_package = repository_rule( implementation = _nixpkgs_flake_package_impl, From b8d7c52639c23141599f571a3ab311342ea36fa2 Mon Sep 17 00:00:00 2001 From: z8v Date: Wed, 23 Aug 2023 13:10:20 +0300 Subject: [PATCH 06/23] Fix invalid attribute names --- core/nixpkgs.bzl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index 5d646ad10..94271c0f1 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -418,7 +418,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build_cmd, expr_args, build_f repository_ctx, nix_build_cmd + ["--store", nix_store, "--eval-store", "auto"] + expr_args, failure_message = "Cannot build Nix attribute '{}'.".format( - repository_ctx.attr.attribute_path, + repository_ctx.attr.name, ), quiet = repository_ctx.attr.quiet, timeout = timeout, @@ -430,8 +430,8 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build_cmd, expr_args, build_f exec_result = execute_or_fail( repository_ctx, [ssh_path] + [nix_host, "nix-store --add-root /nix/var/nix/gcroots/per-user/nix/rules_nixpkgs_{root} -r {path}".format(root = output_path.split('/')[-1], path = output_path) ], - failure_message = "Cannot build Nix attribute '{}'.".format( - repository_ctx.attr.attribute_path, + failure_message = "Cannot create remote store root for Nix attribute '{}'.".format( + repository_ctx.attr.name, ), quiet = repository_ctx.attr.quiet, timeout = 10000, From 6e3009baf29f9a7b33cdb7319becc4036e68e1d1 Mon Sep 17 00:00:00 2001 From: z8v Date: Wed, 23 Aug 2023 13:14:07 +0300 Subject: [PATCH 07/23] Put the gcroot on the home directory of the remote user --- core/nixpkgs.bzl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/nixpkgs.bzl b/core/nixpkgs.bzl index 94271c0f1..f6d2dd8a7 100644 --- a/core/nixpkgs.bzl +++ b/core/nixpkgs.bzl @@ -429,7 +429,7 @@ def _nixpkgs_build_and_symlink(repository_ctx, nix_build_cmd, expr_args, build_f repository_ctx.report_progress("Creating remote store root") exec_result = execute_or_fail( repository_ctx, - [ssh_path] + [nix_host, "nix-store --add-root /nix/var/nix/gcroots/per-user/nix/rules_nixpkgs_{root} -r {path}".format(root = output_path.split('/')[-1], path = output_path) ], + [ssh_path] + [nix_host, "nix-store --add-root ~/rules_nixpkgs_gcroots/{root} -r {path}".format(root = output_path.split('/')[-1], path = output_path) ], failure_message = "Cannot create remote store root for Nix attribute '{}'.".format( repository_ctx.attr.name, ), From 2e7627922660f7ba5b22a0472a83568ec075b8ab Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:01:14 +0300 Subject: [PATCH 08/23] Run a remote nix server on the CI --- .github/nix-server/Dockerfile | 21 +++++++++++++++++++++ .github/nix-server/config | 5 +++++ .github/workflows/workflow.yaml | 21 +++++++++++++++++++++ .gitignore | 2 ++ 4 files changed, 49 insertions(+) create mode 100644 .github/nix-server/Dockerfile create mode 100644 .github/nix-server/config diff --git a/.github/nix-server/Dockerfile b/.github/nix-server/Dockerfile new file mode 100644 index 000000000..9fd775b46 --- /dev/null +++ b/.github/nix-server/Dockerfile @@ -0,0 +1,21 @@ +FROM ubuntu:23.04 + +RUN apt-get update -qq && \ + apt-get install openssh-server curl xz-utils sudo locales ca-certificates -y && \ + apt-get clean && \ + rm -rf /var/lib/apt/lists/* + +RUN mkdir -m 0755 /nix && \ + groupadd -r nixbld && \ + chown root /nix && \ + for n in $(seq 1 10); do useradd -c "Nix build user $n" -d /var/empty -g nixbld -G nixbld -M -N -r -s "$(command -v nologin)" "nixbld$n"; done + +RUN curl -L https://nixos.org/nix/install | bash + +COPY .github/nix-server/keys . + +RUN cat ci.pub > $HOME/.ssh/authorized_keys + +RUN echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config + +CMD ["/usr/sbin/sshd", "-D"] diff --git a/.github/nix-server/config b/.github/nix-server/config new file mode 100644 index 000000000..a20ac555c --- /dev/null +++ b/.github/nix-server/config @@ -0,0 +1,5 @@ +Host nix-server + Hostname localhost + Port 2222 + User root + IdentityFile .github/nix-server/keys/ci diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index ca1194d29..2e6306013 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -27,6 +27,9 @@ jobs: bzlmodEnabled: - true - false + withNixRemote: + - true + - false runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v3.6.0 @@ -49,13 +52,31 @@ jobs: # no-op flag to avoid "ERROR: Config value 'ci' is not defined in any .rc file" common:ci --announce_rc=false EOF + - name: Start remote Nix server + if: ${{ matrix.withNixRemote }} == "true" + run: | + # Generate temporary SSH keys. + mkdir -p $HOME/.ssh + mkdir -p .github/nix-server/keys + ssh-keygen -t ed25519 -f .github/nix-server/keys/ci -C ci-nix-server -q -N "" + + docker build -t nix-server -f .github/nix-server/Dockerfile . + docker run -p 2222:22 nix-server + + cp .github/nix-server/config $HOME/.ssh/config - name: Build & test env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} + NIX_REMOTE_ENABLED: ${{ matrix.withNixRemote }} run: | + if [ "$NIX_REMOTE_ENABLED" == "true" ]; then + export BAZEL_NIX_REMOTE=nix-server + fi + nix-shell --pure \ --keep GITHUB_REPOSITORY \ --keep BZLMOD_ENABLED \ + --keep BAZEL_NIX_REMOTE \ --run 'bash .github/build-and-test' test-examples: name: Build & Test - Examples diff --git a/.gitignore b/.gitignore index a204dfbf0..22a8ca831 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ /**/bazel-* /**/node_modules + +.github/nix-server/keys From d56e2bdfbce888028eef155f91e3021f0bcc5550 Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:03:01 +0300 Subject: [PATCH 09/23] Skip running the nix server on macos --- .github/workflows/workflow.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 2e6306013..85b41ce58 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -53,7 +53,7 @@ jobs: common:ci --announce_rc=false EOF - name: Start remote Nix server - if: ${{ matrix.withNixRemote }} == "true" + if: ${{ matrix.withNixRemote }} == "true" && ${{ matrix.os }} == "ubuntu-latest" run: | # Generate temporary SSH keys. mkdir -p $HOME/.ssh @@ -61,7 +61,7 @@ jobs: ssh-keygen -t ed25519 -f .github/nix-server/keys/ci -C ci-nix-server -q -N "" docker build -t nix-server -f .github/nix-server/Dockerfile . - docker run -p 2222:22 nix-server + docker run -d -p 2222:22 nix-server cp .github/nix-server/config $HOME/.ssh/config - name: Build & test From b8b04cf7a74153ff7c07c27bbc52f96998927ef1 Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:10:26 +0300 Subject: [PATCH 10/23] Fix conditionals --- .github/workflows/workflow.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 85b41ce58..c12d7dcb4 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -53,7 +53,7 @@ jobs: common:ci --announce_rc=false EOF - name: Start remote Nix server - if: ${{ matrix.withNixRemote }} == "true" && ${{ matrix.os }} == "ubuntu-latest" + if: ${{ matrix.withNixRemote == "true" }} && ${{ matrix.os == "ubuntu-latest" }} run: | # Generate temporary SSH keys. mkdir -p $HOME/.ssh @@ -67,9 +67,8 @@ jobs: - name: Build & test env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} - NIX_REMOTE_ENABLED: ${{ matrix.withNixRemote }} run: | - if [ "$NIX_REMOTE_ENABLED" == "true" ]; then + if [ ${{ matrix.withNixRemote }} = true ]; then export BAZEL_NIX_REMOTE=nix-server fi From a1725d83b4bc07bc82133d476cf08c394db9123e Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:19:47 +0300 Subject: [PATCH 11/23] Add symlinks for nix-store and nix-daemon --- .github/nix-server/Dockerfile | 5 ++++- .github/workflows/workflow.yaml | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/nix-server/Dockerfile b/.github/nix-server/Dockerfile index 9fd775b46..624824f33 100644 --- a/.github/nix-server/Dockerfile +++ b/.github/nix-server/Dockerfile @@ -16,6 +16,9 @@ COPY .github/nix-server/keys . RUN cat ci.pub > $HOME/.ssh/authorized_keys -RUN echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config +RUN echo 'PermitRootLogin yes' >> /etc/ssh/sshd_config && \ + echo ". /root/.nix-profile/etc/profile.d/nix.sh" >> $HOME/.bashrc && \ + ln -sf /root/.nix-profile/bin/nix-store /usr/bin/ && \ + ln -sf /root/.nix-profile/bin/nix-daemon /usr/bin/ CMD ["/usr/sbin/sshd", "-D"] diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index c12d7dcb4..13b57f1db 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -68,7 +68,7 @@ jobs: env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} run: | - if [ ${{ matrix.withNixRemote }} = true ]; then + if [ ${{ matrix.withNixRemote }} = "true" ]; then export BAZEL_NIX_REMOTE=nix-server fi From 1965ebda703a129073253d7c4658aa2b38855f62 Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:23:50 +0300 Subject: [PATCH 12/23] Fix quotes on conditionals --- .github/workflows/workflow.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 13b57f1db..39b834f8d 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -53,7 +53,7 @@ jobs: common:ci --announce_rc=false EOF - name: Start remote Nix server - if: ${{ matrix.withNixRemote == "true" }} && ${{ matrix.os == "ubuntu-latest" }} + if: matrix.withNixRemote && matrix.os == 'ubuntu-latest' run: | # Generate temporary SSH keys. mkdir -p $HOME/.ssh From c18c05e72f76fe94bab55d0868eb1c6d3c834ddb Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:30:18 +0300 Subject: [PATCH 13/23] Install the openssh client --- .github/workflows/workflow.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 39b834f8d..395c43dbf 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -63,6 +63,9 @@ jobs: docker build -t nix-server -f .github/nix-server/Dockerfile . docker run -d -p 2222:22 nix-server + sudo apt-get update -qq + sudo apt-get install openssh-server -y + cp .github/nix-server/config $HOME/.ssh/config - name: Build & test env: From dac4d723926f48776127db6facf12a4b4be8f39a Mon Sep 17 00:00:00 2001 From: z8v Date: Sun, 27 Aug 2023 22:36:57 +0300 Subject: [PATCH 14/23] Add debug info --- .github/workflows/workflow.yaml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 395c43dbf..3ba1b52cc 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -64,9 +64,15 @@ jobs: docker run -d -p 2222:22 nix-server sudo apt-get update -qq - sudo apt-get install openssh-server -y + sudo apt-get install openssh-client -y cp .github/nix-server/config $HOME/.ssh/config + cat $HOME/.ssh/config + sudo chmod -R 600 $HOME/.ssh/ + echo $HOME + pwd + id + ssh -V - name: Build & test env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} From 3e8a2f06f7e1a05ea381bbebf77dbc7991900db8 Mon Sep 17 00:00:00 2001 From: z8v Date: Mon, 28 Aug 2023 15:01:16 +0300 Subject: [PATCH 15/23] Test remote server with ping --- .github/workflows/workflow.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 3ba1b52cc..c81e8f6a4 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -79,6 +79,8 @@ jobs: run: | if [ ${{ matrix.withNixRemote }} = "true" ]; then export BAZEL_NIX_REMOTE=nix-server + + nix store ping --store ssh://nix-server fi nix-shell --pure \ From 1cce1ea09b1a0170dd237ec0356a0f89838ae59c Mon Sep 17 00:00:00 2001 From: z8v Date: Mon, 28 Aug 2023 15:02:35 +0300 Subject: [PATCH 16/23] Add openssh on the nix-shell --- .github/workflows/workflow.yaml | 5 ----- flake.nix | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index c81e8f6a4..d29c6a0ec 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -63,9 +63,6 @@ jobs: docker build -t nix-server -f .github/nix-server/Dockerfile . docker run -d -p 2222:22 nix-server - sudo apt-get update -qq - sudo apt-get install openssh-client -y - cp .github/nix-server/config $HOME/.ssh/config cat $HOME/.ssh/config sudo chmod -R 600 $HOME/.ssh/ @@ -79,8 +76,6 @@ jobs: run: | if [ ${{ matrix.withNixRemote }} = "true" ]; then export BAZEL_NIX_REMOTE=nix-server - - nix store ping --store ssh://nix-server fi nix-shell --pure \ diff --git a/flake.nix b/flake.nix index 586f07f26..63abf7a17 100644 --- a/flake.nix +++ b/flake.nix @@ -15,7 +15,7 @@ { devShells.default = with pkgs; mkShell { name = "rules_nixpkgs_shell"; - packages = [ bazel_6 bazel-buildtools cacert gcc nix git ]; + packages = [ bazel_6 bazel-buildtools cacert gcc nix git openssh ]; }; }); } From 4ff55c7354ddf4bc3f70c5a16a8259ee3a18c765 Mon Sep 17 00:00:00 2001 From: z8v Date: Mon, 28 Aug 2023 15:04:39 +0300 Subject: [PATCH 17/23] Remove debug statements --- .github/workflows/workflow.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index d29c6a0ec..1f36224a1 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -64,12 +64,7 @@ jobs: docker run -d -p 2222:22 nix-server cp .github/nix-server/config $HOME/.ssh/config - cat $HOME/.ssh/config sudo chmod -R 600 $HOME/.ssh/ - echo $HOME - pwd - id - ssh -V - name: Build & test env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} From 61e99ad51b03759eba5692d65be419c5d8884e63 Mon Sep 17 00:00:00 2001 From: z8v Date: Mon, 28 Aug 2023 15:09:58 +0300 Subject: [PATCH 18/23] Use global ssh config --- .github/nix-server/config | 4 ++++ .github/workflows/workflow.yaml | 3 +-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/nix-server/config b/.github/nix-server/config index a20ac555c..d16ad0ca2 100644 --- a/.github/nix-server/config +++ b/.github/nix-server/config @@ -3,3 +3,7 @@ Host nix-server Port 2222 User root IdentityFile .github/nix-server/keys/ci + +Host * + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 1f36224a1..f49a84294 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -63,8 +63,7 @@ jobs: docker build -t nix-server -f .github/nix-server/Dockerfile . docker run -d -p 2222:22 nix-server - cp .github/nix-server/config $HOME/.ssh/config - sudo chmod -R 600 $HOME/.ssh/ + sudo cp .github/nix-server/config /etc/ssh/ssh_config - name: Build & test env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} From a4ea99fcd658c09f33771388d0e47fd1dfeb3c2e Mon Sep 17 00:00:00 2001 From: z8v Date: Mon, 28 Aug 2023 15:23:18 +0300 Subject: [PATCH 19/23] Change path of identityfile --- .github/nix-server/config | 2 +- .github/workflows/workflow.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/nix-server/config b/.github/nix-server/config index d16ad0ca2..083d6b9c9 100644 --- a/.github/nix-server/config +++ b/.github/nix-server/config @@ -2,7 +2,7 @@ Host nix-server Hostname localhost Port 2222 User root - IdentityFile .github/nix-server/keys/ci + IdentityFile /home/runner/.ssh/ci Host * StrictHostKeyChecking no diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index f49a84294..14b667de7 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -63,6 +63,8 @@ jobs: docker build -t nix-server -f .github/nix-server/Dockerfile . docker run -d -p 2222:22 nix-server + cp .github/nix-server/keys/* $HOME/.ssh/ + sudo cp .github/nix-server/config /etc/ssh/ssh_config - name: Build & test env: From 581e3519d4fc4584a5eddc73d6e354417c39b635 Mon Sep 17 00:00:00 2001 From: z8v Date: Mon, 28 Aug 2023 15:36:04 +0300 Subject: [PATCH 20/23] Fix conditional --- .github/workflows/workflow.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 14b667de7..089dec644 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -69,8 +69,10 @@ jobs: - name: Build & test env: BZLMOD_ENABLED: ${{ matrix.bzlmodEnabled }} + NIX_REMOTE_ENABLED: matrix.withNixRemote && matrix.os == 'ubuntu-latest' run: | - if [ ${{ matrix.withNixRemote }} = "true" ]; then + if [ "$NIX_REMOTE_ENABLED" = "true" ]; then + echo "Setting BAZEL_NIX_REMOTE env variable" export BAZEL_NIX_REMOTE=nix-server fi From 7bb3ddda428286c4b0002a760dba17e3d530c640 Mon Sep 17 00:00:00 2001 From: z8v Date: Tue, 5 Sep 2023 13:01:41 +0300 Subject: [PATCH 21/23] Update job name for nix remote --- .github/workflows/workflow.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index 089dec644..d048135bf 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -17,7 +17,7 @@ jobs: with: access_token: ${{ github.token }} test-nixpkgs: - name: Build & Test - Nixpkgs - ${{ matrix.bzlmodEnabled && 'bzlmod' || 'workspace' }} - ${{ matrix.os }} + name: Build & Test - Nixpkgs - ${{ matrix.bzlmodEnabled && 'bzlmod' || 'workspace' }} ${{ matrix.withNixRemote && '- NixRemote' || '' }} - ${{ matrix.os }} strategy: fail-fast: false matrix: From bdb8624f60290f3853579975f98ebf70be2a6b49 Mon Sep 17 00:00:00 2001 From: z8v Date: Tue, 5 Sep 2023 13:03:15 +0300 Subject: [PATCH 22/23] Remove extra space from job name --- .github/workflows/workflow.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/workflow.yaml b/.github/workflows/workflow.yaml index d048135bf..19f464ec3 100644 --- a/.github/workflows/workflow.yaml +++ b/.github/workflows/workflow.yaml @@ -17,7 +17,7 @@ jobs: with: access_token: ${{ github.token }} test-nixpkgs: - name: Build & Test - Nixpkgs - ${{ matrix.bzlmodEnabled && 'bzlmod' || 'workspace' }} ${{ matrix.withNixRemote && '- NixRemote' || '' }} - ${{ matrix.os }} + name: Build & Test - Nixpkgs - ${{ matrix.bzlmodEnabled && 'bzlmod' || 'workspace' }} ${{ matrix.withNixRemote && '- NixRemote ' || '' }}- ${{ matrix.os }} strategy: fail-fast: false matrix: From 9247b879ead70ce2c45a9727fd330c0d79581f8a Mon Sep 17 00:00:00 2001 From: Ben Radford <104896700+benradf@users.noreply.github.com> Date: Tue, 5 Sep 2023 11:13:33 +0100 Subject: [PATCH 23/23] Update README.md --- examples/toolchains/cc_cross_osx_to_linux_amd64/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/toolchains/cc_cross_osx_to_linux_amd64/README.md b/examples/toolchains/cc_cross_osx_to_linux_amd64/README.md index 50fbaf863..54a0dfbc5 100644 --- a/examples/toolchains/cc_cross_osx_to_linux_amd64/README.md +++ b/examples/toolchains/cc_cross_osx_to_linux_amd64/README.md @@ -9,5 +9,5 @@ This example uses the Nix package manager to provide C++ dependencies, and as su To run the example with Nix, issue the following command: ``` -nix-shell --command 'bazel run --config=cross:hello' +nix-shell --command 'bazel run --config=cross :hello' ```