├── .github └── workflows │ ├── cicd.yml │ └── examples.yml ├── LICENSE ├── README.md ├── RELEASE ├── action.yml ├── examples ├── action-flakes-simple.png ├── action-minimal.png └── flakes-simple │ ├── flake.lock │ ├── flake.nix │ └── hello.patch ├── flake.lock ├── flake.nix ├── nix-quick-install.sh ├── nix_config.nix └── vercomp.sh /.github/workflows/cicd.yml: -------------------------------------------------------------------------------- 1 | name: CI/CD 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: 7 | - master 8 | 9 | concurrency: 10 | group: ${{ github.workflow }}-${{ github.ref }} 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | build: 15 | strategy: 16 | fail-fast: true 17 | matrix: 18 | os: 19 | - ubuntu-22.04 20 | - ubuntu-24.04-arm 21 | - macos-15 22 | - macos-13 23 | runs-on: ${{ matrix.os }} 24 | steps: 25 | - uses: actions/checkout@v4 26 | - uses: ./ 27 | with: 28 | nix_archives_url: https://github.com/nixbuild/nix-quick-install-action/releases/download/v30 29 | nix_version: 2.24.12 30 | - uses: cachix/cachix-action@v15 31 | with: 32 | name: nixbuild 33 | signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' 34 | - name: Build nix archives 35 | id: build-nix-archives 36 | run: | 37 | nix build .#nix-archives 38 | echo "result=$(readlink result)" >> "$GITHUB_OUTPUT" 39 | - uses: actions/upload-artifact@v4 40 | with: 41 | name: nix-archives-${{ runner.os }}-${{ runner.arch }} 42 | path: ${{ steps.build-nix-archives.outputs.result }}/ 43 | 44 | test: 45 | needs: build 46 | strategy: 47 | fail-fast: true 48 | matrix: 49 | os: 50 | - ubuntu-22.04 51 | - ubuntu-24.04-arm 52 | - macos-15 53 | - macos-13 54 | nix_version: 55 | - 2.3.18 56 | - 2.26.1 57 | - 2.25.5 58 | - 2.24.12 59 | exclude: 60 | - os: ubuntu-24.04-arm 61 | nix_version: 2.3.18 62 | runs-on: ${{ matrix.os }} 63 | steps: 64 | - uses: actions/checkout@v4 65 | - uses: actions/download-artifact@v4 66 | id: nix-archives 67 | with: 68 | name: nix-archives-${{ runner.os }}-${{ runner.arch }} 69 | - uses: ./ 70 | with: 71 | nix_archives_url: file://${{steps.nix-archives.outputs.download-path}} 72 | nix_version: ${{ matrix.nix_version }} 73 | nix_on_tmpfs: true 74 | - name: Test nix 75 | run: nix-build -v --version 76 | - name: Add to store 77 | run: | 78 | file="$RANDOM" 79 | echo "$RANDOM" > "$file" 80 | path="$(nix-store --add "./$file")" 81 | 82 | test-cachix: 83 | needs: build 84 | strategy: 85 | fail-fast: true 86 | matrix: 87 | os: 88 | - ubuntu-22.04 89 | - ubuntu-24.04-arm 90 | - macos-15 91 | - macos-13 92 | nix_version: 93 | - 2.3.18 94 | - 2.26.1 95 | - 2.25.5 96 | - 2.24.12 97 | exclude: 98 | - os: ubuntu-24.04-arm 99 | nix_version: 2.3.18 100 | runs-on: ${{ matrix.os }} 101 | steps: 102 | - uses: actions/checkout@v4 103 | - uses: actions/download-artifact@v4 104 | id: nix-archives 105 | with: 106 | name: nix-archives-${{ runner.os }}-${{ runner.arch }} 107 | - uses: ./ 108 | with: 109 | nix_archives_url: file://${{steps.nix-archives.outputs.download-path}} 110 | nix_version: ${{ matrix.nix_version }} 111 | nix_conf: ${{ matrix.nix_conf }} 112 | - uses: cachix/cachix-action@v15 113 | with: 114 | name: nixbuild 115 | signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' 116 | skipPush: true 117 | - name: Verify nix config 118 | run: | 119 | if ! egrep -q "^substituters = https://cache.nixos.org https://nixbuild.cachix.org$" "$HOME/.config/nix/nix.conf"; then 120 | echo "Invalid substituters config" 121 | exit 1 122 | fi 123 | - name: Push to Cachix 124 | if: github.event_name == 'push' && github.repository_owner == 'nixbuild' 125 | run: | 126 | dd if=/dev/urandom of=random count=1 127 | cachix push nixbuild "$(nix add-to-store random)" 128 | 129 | release: 130 | runs-on: ubuntu-latest 131 | needs: 132 | - build 133 | - test 134 | - test-cachix 135 | if: github.event_name == 'push' && github.ref == 'refs/heads/master' 136 | steps: 137 | - uses: actions/checkout@v4 138 | - uses: actions/download-artifact@v4 139 | with: 140 | name: nix-archives-Linux-X64 141 | path: /tmp/archives 142 | - uses: actions/download-artifact@v4 143 | with: 144 | name: nix-archives-Linux-ARM64 145 | path: /tmp/archives 146 | - uses: actions/download-artifact@v4 147 | with: 148 | name: nix-archives-macOS-X64 149 | path: /tmp/archives 150 | - uses: actions/download-artifact@v4 151 | with: 152 | name: nix-archives-macOS-ARM64 153 | path: /tmp/archives 154 | - uses: ./ 155 | with: 156 | nix_archives_url: file:///tmp/archives 157 | nix_version: 2.24.12 158 | - uses: cachix/cachix-action@v15 159 | with: 160 | name: nixbuild 161 | signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' 162 | - name: Build release script 163 | run: nix build .#release 164 | - name: Release if needed 165 | run: ./result/bin/release /tmp/archives ./RELEASE 166 | env: 167 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 168 | -------------------------------------------------------------------------------- /.github/workflows/examples.yml: -------------------------------------------------------------------------------- 1 | name: Examples 2 | 3 | on: 4 | push: 5 | branches: 6 | - master 7 | 8 | jobs: 9 | minimal: 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: nixbuild/nix-quick-install-action@v30 13 | - run: nix-build --version 14 | 15 | flakes-simple: 16 | runs-on: ubuntu-latest 17 | steps: 18 | - uses: actions/checkout@v4 19 | - uses: nixbuild/nix-quick-install-action@v30 20 | - name: nix build 21 | run: nix build ./examples/flakes-simple 22 | - name: hello 23 | run: ./result/bin/hello 24 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Nix Quick Install Action 2 | 3 | This GitHub Action installs [Nix](https://nixos.org/nix/) in single-user mode, 4 | and adds almost no time at all to your workflow's running time. 5 | 6 | The Nix installation is deterministic – for a given 7 | release of this action the resulting Nix setup will always be identical, no 8 | matter when you run the action. 9 | 10 | * Supports all Linux and MacOS runners 11 | 12 | * Single-user installation (no `nix-daemon`) 13 | 14 | * Installs in ≈ 1 second on Linux, ≈ 5 seconds on MacOS 15 | 16 | * Allows selecting Nix version via the `nix_version` input 17 | 18 | * Allows specifying `nix.conf` contents via the `nix_conf` input 19 | 20 | ## Details 21 | 22 | The main motivation behind this action is to install Nix as quickly as possible 23 | in your GitHub workflow. If that isn't important, you should probably use the 24 | [Install Nix](https://github.com/marketplace/actions/install-nix) action 25 | instead, which sets up Nix in multi-user mode (daemon mode) using the official 26 | Nix installer. 27 | 28 | To make this action as quick as possible, the installation is minimal: no 29 | nix-daemon, no nix channels and no `NIX_PATH`. The nix store (`/nix/store`) is 30 | owned by the unprivileged runner user. 31 | 32 | The action provides you with a fully working Nix setup, but since no `NIX_PATH` 33 | or channels are setup you need to handle this on your own. Nix Flakes is great 34 | for this, and works perfectly with this action (see below). 35 | [niv](https://github.com/nmattia/niv) should also work fine, but has not been 36 | tested yet. 37 | 38 | ## Inputs 39 | 40 | See [action.yml](action.yml) for documentation of the available inputs. 41 | The available Nix versions are listed in the [release 42 | notes](https://github.com/nixbuild/nix-quick-install-action/releases/latest). 43 | 44 | ## Usage 45 | 46 | ### Minimal example 47 | 48 | The following workflow installs Nix and then just runs 49 | `nix-build --version`: 50 | 51 | ```yaml 52 | name: Examples 53 | on: push 54 | jobs: 55 | minimal: 56 | runs-on: ubuntu-latest 57 | steps: 58 | - uses: nixbuild/nix-quick-install-action@v30 59 | - run: nix build --version 60 | - run: nix build ./examples/flakes-simple 61 | - name: hello 62 | run: ./result/bin/hello 63 | ``` 64 | 65 | ![action-minimal](examples/action-minimal.png) 66 | 67 | ### Flakes 68 | 69 | For `nix` > `2.13`, these settings are always set by default: 70 | 71 | ```conf 72 | experimental-features = nix-command flakes 73 | accept-flake-config = true 74 | ``` 75 | 76 | ![action-minimal](examples/action-flakes-simple.png) 77 | 78 | You can see the flake definition for the above example in 79 | [examples/flakes-simple/flake.nix](examples/flakes-simple/flake.nix). 80 | 81 | ### Using Cachix 82 | 83 | You can use the [Cachix action](https://github.com/marketplace/actions/cachix) 84 | together with this action, just make sure you put it after this action in your 85 | workflow. 86 | 87 | ### Using specific Nix versions locally 88 | 89 | Locally, you can use this repository's Nix flake to build or run any of the 90 | versions of Nix that this action supports. This is very convenient if you 91 | quickly need to compare the behavior between different Nix versions. 92 | 93 | Build a specific version of Nix like this (requires you to use a version of Nix 94 | that supports flakes): 95 | 96 | ``` 97 | $ nix build github:nixbuild/nix-quick-install-action#nix-2_26_1 98 | 99 | $ ./result/bin/nix --version 100 | nix (Nix) 2.26.1 101 | ``` 102 | 103 | With `nix shell -c` you can also directly run Nix like this: 104 | 105 | ``` 106 | $ nix shell github:nixbuild/nix-quick-install-action#nix-2_26_1 -c nix --version 107 | nix (Nix) 2.26.1 108 | ``` 109 | 110 | List all available Nix versions like this: 111 | 112 | ``` 113 | $ nix flake show --all-systems github:nixbuild/nix-quick-install-action/v30 114 | github:nixbuild/nix-quick-install-action/5bb6a3b3abe66fd09bbf250dce8ada94f856a703?narHash=sha256-7YaZJ5oxsrtMXXrpaqm5pz2Vr3UxdG/Cy2zPIuEuM%2Bc%3D 115 | ├───apps 116 | │ ├───aarch64-darwin 117 | │ │ └───release: app 118 | │ ├───aarch64-linux 119 | │ │ └───release: app 120 | │ ├───x86_64-darwin 121 | │ │ └───release: app 122 | │ └───x86_64-linux 123 | │ └───release: app 124 | ├───defaultApp 125 | │ ├───aarch64-darwin: app 126 | │ ├───aarch64-linux: app 127 | │ ├───x86_64-darwin: app 128 | │ └───x86_64-linux: app 129 | ├───overlays 130 | │ ├───aarch64-darwin: Nixpkgs overlay 131 | │ ├───aarch64-linux: Nixpkgs overlay 132 | │ ├───x86_64-darwin: Nixpkgs overlay 133 | │ └───x86_64-linux: Nixpkgs overlay 134 | └───packages 135 | ├───aarch64-darwin 136 | │ ├───nix-2_24_12: package 'nix-2.24.12' 137 | │ ├───nix-2_25_5: package 'nix-2.25.5' 138 | │ ├───nix-2_26_1: package 'nix-2.26.1' 139 | │ ├───nix-2_3_18: package 'nix-2.3.18' 140 | │ ├───nix-archives: package 'nix-archives' 141 | │ └───release: package 'release' 142 | ├───aarch64-linux 143 | │ ├───nix-2_24_12: package 'nix-2.24.12' 144 | │ ├───nix-2_25_5: package 'nix-2.25.5' 145 | │ ├───nix-2_26_1: package 'nix-2.26.1' 146 | │ ├───nix-archives: package 'nix-archives' 147 | │ └───release: package 'release' 148 | ├───x86_64-darwin 149 | │ ├───nix-2_24_12: package 'nix-2.24.12' 150 | │ ├───nix-2_25_5: package 'nix-2.25.5' 151 | │ ├───nix-2_26_1: package 'nix-2.26.1' 152 | │ ├───nix-2_3_18: package 'nix-2.3.18' 153 | │ ├───nix-archives: package 'nix-archives' 154 | │ └───release: package 'release' 155 | └───x86_64-linux 156 | ├───nix-2_24_12: package 'nix-2.24.12' 157 | ├───nix-2_25_5: package 'nix-2.25.5' 158 | ├───nix-2_26_1: package 'nix-2.26.1' 159 | ├───nix-2_3_18: package 'nix-2.3.18' 160 | ├───nix-archives: package 'nix-archives' 161 | └───release: package 'release' 162 | ``` 163 | 164 | If you want to make sure that the version of Nix you're trying to build hasn't 165 | been removed in the latest revision of `nix-quick-install-action`, you can 166 | specify a specific release of `nix-quick-install-action` like this: 167 | 168 | ``` 169 | $ nix build github:nixbuild/nix-quick-install-action/v29#nix-2_24_9 170 | ``` 171 | 172 | Note that we've added `/v29` to the flake url above. 173 | -------------------------------------------------------------------------------- /RELEASE: -------------------------------------------------------------------------------- 1 | v30 2 | 3 | ## Changes 4 | 5 | * Remove Nix versions: 2.18.8, 2.19.6, 2.20.8, 2.21.4, 2.23.3 6 | 7 | * Bump minor Nix versions: 2.24.9 -> 2.24.12 8 | 2.21.0 -> 2.21.4. 9 | 10 | * Add Nix versions: 2.25.5, 2.26.1 11 | 12 | * Bump default Nix version: 2.24.9 -> 2.24.12 13 | 14 | * Add support for `ubuntu-24.04-arm` (aarch64-linux) runners. 15 | 16 | * Enable support for KVM in builds. Can be turned off with the new `enable_kvm` 17 | configuration option. 18 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: Nix Quick Install 2 | description: Quickly installs Nix in unprivileged single-user mode 3 | author: Rickard Nilsson 4 | 5 | inputs: 6 | 7 | nix_version: 8 | required: true 9 | default: "2.24.12" 10 | description: | 11 | The version of Nix that should be installed 12 | 13 | If not specified, the latest stable Nix release is used. Note that each 14 | release of nix-quick-install-action has a specific set of supported 15 | Nix versions, which do not change. You can check what Nix versions are 16 | supported by the version of nix-quick-install-action you're using by 17 | going to https://github.com/nixbuild/nix-quick-install-action/releases 18 | 19 | nix_conf: 20 | required: false 21 | description: | 22 | If set, this configuration is written to XDG_CONFIG_HOME/nix/nix.conf, 23 | which is read by Nix. 24 | See https://nixos.org/manual/nix/stable/command-ref/conf-file.html for 25 | information on what settings that are available. Make sure the settings 26 | you define are supported by the Nix version you're using. 27 | 28 | github_access_token: 29 | default: ${{ github.token }} 30 | description: | 31 | Configure Nix to use the specified token when fetching from GitHub. 32 | 33 | nix_on_tmpfs: 34 | required: true 35 | default: false 36 | description: | 37 | Installs /nix on a tmpfs mount. This can make Nix operations faster, but 38 | you risk running out of memory if your Nix store grows to big. Only 39 | enable this if you're absolutely sure the size of your Nix store (and 40 | database, logs etc) will be considerably less than the available memory. 41 | This option does nothing on MacOS runners. 42 | 43 | nix_archives_url: 44 | required: false 45 | description: | 46 | Don't use. For bootstrapping purposes only. 47 | 48 | enable_kvm: 49 | description: 'Enable KVM for hardware-accelerated virtualization on Linux, if available.' 50 | required: false 51 | default: true 52 | 53 | 54 | runs: 55 | using: "composite" 56 | steps: 57 | - name: Install Nix in single-user mode 58 | run: ${{ github.action_path }}/nix-quick-install.sh 59 | shell: bash 60 | env: 61 | RELEASE_FILE: ${{ github.action_path }}/RELEASE 62 | NIX_VERSION: ${{ inputs.nix_version }} 63 | NIX_CONF: ${{ inputs.nix_conf }} 64 | NIX_ARCHIVES_URL: ${{ inputs.nix_archives_url }} 65 | NIX_ON_TMPFS: ${{ inputs.nix_on_tmpfs }} 66 | GITHUB_ACCESS_TOKEN: ${{ inputs.github_access_token }} 67 | ENABLE_KVM: ${{ inputs.enable_kvm }} 68 | 69 | branding: 70 | icon: zap 71 | color: gray-dark 72 | -------------------------------------------------------------------------------- /examples/action-flakes-simple.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nixbuild/nix-quick-install-action/8505cd40ae3d4791ca658f2697c5767212e5ce71/examples/action-flakes-simple.png -------------------------------------------------------------------------------- /examples/action-minimal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/nixbuild/nix-quick-install-action/8505cd40ae3d4791ca658f2697c5767212e5ce71/examples/action-minimal.png -------------------------------------------------------------------------------- /examples/flakes-simple/flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "nixpkgs": { 4 | "locked": { 5 | "lastModified": 1600351140, 6 | "narHash": "sha256-1mnNrYEi3zNPO4YUNso2v+xkDSWv8miX3XEyTmL37uk=", 7 | "owner": "NixOS", 8 | "repo": "nixpkgs", 9 | "rev": "faf5bdea5d9f0f9de26deaa7e864cdcd3b15b4e8", 10 | "type": "github" 11 | }, 12 | "original": { 13 | "id": "nixpkgs", 14 | "ref": "release-20.03", 15 | "type": "indirect" 16 | } 17 | }, 18 | "root": { 19 | "inputs": { 20 | "nixpkgs": "nixpkgs" 21 | } 22 | } 23 | }, 24 | "root": "root", 25 | "version": 7 26 | } 27 | -------------------------------------------------------------------------------- /examples/flakes-simple/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs = { 3 | nixpkgs.url = "nixpkgs/release-20.03"; 4 | }; 5 | 6 | outputs = { self, nixpkgs }: { 7 | 8 | defaultPackage.x86_64-linux = 9 | nixpkgs.legacyPackages.x86_64-linux.hello.overrideDerivation (drv: { 10 | patches = (drv.patches or []) ++ [ ./hello.patch ]; 11 | doCheck = false; 12 | }); 13 | 14 | }; 15 | 16 | nixConfig = { 17 | allow-import-from-derivation = "true"; 18 | }; 19 | 20 | } 21 | -------------------------------------------------------------------------------- /examples/flakes-simple/hello.patch: -------------------------------------------------------------------------------- 1 | diff -ru hello-2.10/src/hello.c hello-2.10_p/src/hello.c 2 | --- hello-2.10/src/hello.c 2014-07-19 18:53:25.000000000 +0200 3 | +++ hello-2.10_p/src/hello.c 2020-09-18 17:02:55.021880337 +0200 4 | @@ -57,7 +57,7 @@ 5 | #endif 6 | 7 | /* Having initialized gettext, get the default message. */ 8 | - greeting_msg = _("Hello, world!"); 9 | + greeting_msg = _("Hello, Nix world!"); 10 | 11 | /* Even exiting has subtleties. On exit, if any writes failed, change 12 | the exit status. The /dev/full device on GNU/Linux can be used for 13 | -------------------------------------------------------------------------------- /flake.lock: -------------------------------------------------------------------------------- 1 | { 2 | "nodes": { 3 | "flake-utils": { 4 | "inputs": { 5 | "systems": "systems" 6 | }, 7 | "locked": { 8 | "lastModified": 1731533236, 9 | "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 10 | "owner": "numtide", 11 | "repo": "flake-utils", 12 | "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 13 | "type": "github" 14 | }, 15 | "original": { 16 | "owner": "numtide", 17 | "repo": "flake-utils", 18 | "type": "github" 19 | } 20 | }, 21 | "nixpkgs-unstable": { 22 | "locked": { 23 | "lastModified": 1739863612, 24 | "narHash": "sha256-UbtgxplOhFcyjBcNbTVO8+HUHAl/WXFDOb6LvqShiZo=", 25 | "owner": "nixos", 26 | "repo": "nixpkgs", 27 | "rev": "632f04521e847173c54fa72973ec6c39a371211c", 28 | "type": "github" 29 | }, 30 | "original": { 31 | "owner": "nixos", 32 | "repo": "nixpkgs", 33 | "rev": "632f04521e847173c54fa72973ec6c39a371211c", 34 | "type": "github" 35 | } 36 | }, 37 | "root": { 38 | "inputs": { 39 | "flake-utils": "flake-utils", 40 | "nixpkgs-unstable": "nixpkgs-unstable" 41 | } 42 | }, 43 | "systems": { 44 | "locked": { 45 | "lastModified": 1681028828, 46 | "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 47 | "owner": "nix-systems", 48 | "repo": "default", 49 | "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 50 | "type": "github" 51 | }, 52 | "original": { 53 | "owner": "nix-systems", 54 | "repo": "default", 55 | "type": "github" 56 | } 57 | } 58 | }, 59 | "root": "root", 60 | "version": 7 61 | } 62 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "nix-quick-install-action"; 3 | 4 | inputs = { 5 | flake-utils.url = "github:numtide/flake-utils"; 6 | nixpkgs-unstable.url = "github:nixos/nixpkgs/632f04521e847173c54fa72973ec6c39a371211c"; 7 | }; 8 | 9 | nixConfig = { 10 | # We set some dummy Nix config here so we can use it for verification in our 11 | # CI test 12 | stalled-download-timeout = 333; # default 300 13 | }; 14 | 15 | outputs = { 16 | self, 17 | flake-utils, 18 | nixpkgs-unstable, 19 | }: 20 | let allSystems = [ "aarch64-linux" "x86_64-linux" "aarch64-darwin" "x86_64-darwin" ]; 21 | in flake-utils.lib.eachSystem allSystems (system: 22 | 23 | let 24 | 25 | inherit (nixpkgs-unstable) lib; 26 | 27 | preferRemoteBuild = drv: drv.overrideAttrs (_: { 28 | preferLocalBuild = false; 29 | allowSubstitutes = true; 30 | }); 31 | 32 | pkgs = import nixpkgs-unstable { 33 | inherit system; 34 | overlays = [ 35 | (self: super: super.prefer-remote-fetch self super) 36 | ]; 37 | }; 38 | 39 | makeNixArchive = nix: 40 | pkgs.runCommand "nix-archive" { 41 | buildInputs = [ nix pkgs.gnutar pkgs.zstd ]; 42 | closureInfo = pkgs.closureInfo { rootPaths = [ nix ]; }; 43 | fileName = "nix-${nix.version}-${system}.tar.zstd"; 44 | inherit nix; 45 | } '' 46 | mkdir -p "$out" root/nix/var/{nix,nix-quick-install-action} 47 | ln -s $nix root/nix/var/nix-quick-install-action/nix 48 | cp -t root/nix/var/nix-quick-install-action $closureInfo/registration 49 | tar -cvT $closureInfo/store-paths -C root nix | zstd -o "$out/$fileName" 50 | ''; 51 | 52 | nixVersions = system: lib.listToAttrs (map (nix: lib.nameValuePair 53 | nix.version nix 54 | ) ( 55 | [ 56 | nixpkgs-unstable.legacyPackages.${system}.nixVersions.nix_2_26 57 | nixpkgs-unstable.legacyPackages.${system}.nixVersions.nix_2_25 58 | nixpkgs-unstable.legacyPackages.${system}.nixVersions.nix_2_24 59 | ] ++ 60 | lib.optionals (system != "aarch64-linux") 61 | [ 62 | nixpkgs-unstable.legacyPackages.${system}.nixVersions.minimum 63 | ] 64 | )); 65 | 66 | nixPackages = lib.mapAttrs' 67 | (v: p: lib.nameValuePair "nix-${lib.replaceStrings ["."] ["_"] v}" p) 68 | (nixVersions system); 69 | 70 | nixArchives = system: lib.mapAttrs (_: makeNixArchive) (nixVersions system); 71 | 72 | allNixArchives = lib.concatMap (system: 73 | map (version: { 74 | inherit system version; 75 | fileName = "nix-${version}-${system}.tar.zstd"; 76 | }) (lib.attrNames (nixArchives system)) 77 | ) allSystems; 78 | 79 | in rec { 80 | defaultApp = apps.release; 81 | 82 | apps.release = flake-utils.lib.mkApp { drv = packages.release; }; 83 | 84 | overlays = final: prev: nixPackages; 85 | 86 | packages = nixPackages // { 87 | nix-archives = preferRemoteBuild (pkgs.buildEnv { 88 | name = "nix-archives"; 89 | paths = lib.attrValues (nixArchives system); 90 | }); 91 | release = preferRemoteBuild (pkgs.writeScriptBin "release" '' 92 | #!${pkgs.stdenv.shell} 93 | 94 | PATH="${lib.makeBinPath (with pkgs; [ 95 | coreutils gitMinimal github-cli 96 | ])}" 97 | 98 | if [ "$GITHUB_ACTIONS" != "true" ]; then 99 | echo >&2 "not running in GitHub, exiting" 100 | exit 1 101 | fi 102 | 103 | set -euo pipefail 104 | 105 | nix_archives="$1" 106 | release_file="$2" 107 | release="$(head -n1 "$release_file")" 108 | prev_release="$(gh release list -L 1 | cut -f 3)" 109 | 110 | if [ "$release" = "$prev_release" ]; then 111 | echo >&2 "Release tag not updated ($release)" 112 | exit 113 | else 114 | release_notes="$(mktemp)" 115 | tail -n+2 "$release_file" > "$release_notes" 116 | 117 | echo "" | cat >>"$release_notes" - "${pkgs.writeText "notes" ( 118 | lib.concatMapStringsSep "\n" (sys: '' 119 | ## Supported Nix Versions on ${sys} runners 120 | ${lib.concatStringsSep "\n" ( 121 | map (v: "* ${v}") ( 122 | lib.reverseList (lib.naturalSort (lib.attrNames (nixArchives sys))) 123 | ) 124 | )} 125 | '') [ 126 | "x86_64-linux" 127 | "aarch64-linux" 128 | "x86_64-darwin" 129 | ] 130 | )}" 131 | 132 | echo >&2 "New release: $prev_release -> $release" 133 | gh release create "$release" ${ 134 | lib.concatMapStringsSep " " ({ system, version, fileName }: 135 | ''"$nix_archives/${fileName}#nix-${version}-${system}"'' 136 | ) allNixArchives 137 | } \ 138 | --title "$GITHUB_REPOSITORY@$release" \ 139 | --notes-file "$release_notes" 140 | fi 141 | ''); 142 | }; 143 | } 144 | ); 145 | } 146 | -------------------------------------------------------------------------------- /nix-quick-install.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -eu 4 | set -o pipefail 5 | 6 | source "${BASH_SOURCE[0]%/*}/vercomp.sh" 7 | 8 | case "$(uname -m)" in 9 | x86_64) 10 | arch="x86_64" 11 | ;; 12 | arm64) 13 | arch="aarch64" 14 | ;; 15 | aarch64) 16 | arch="aarch64" 17 | ;; 18 | *) 19 | echo >&2 "unsupported architecture: $(uname -m)" 20 | exit 1 21 | esac 22 | 23 | case "$OSTYPE" in 24 | darwin*) 25 | sys="$arch-darwin" 26 | ;; 27 | linux*) 28 | sys="$arch-linux" 29 | ;; 30 | *) 31 | echo >& "unsupported OS type: $OSTYPE" 32 | exit 1 33 | esac 34 | 35 | # Enable KVM on Linux so NixOS tests can run quickly. 36 | # Do this early in the process so nix installation detects the KVM feature. 37 | enable_kvm() { 38 | echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-install-nix-action-kvm.rules 39 | sudo udevadm control --reload-rules && sudo udevadm trigger --name-match=kvm 40 | } 41 | if [[ ("$sys" =~ .*-linux) && ("$ENABLE_KVM" == 'true') ]]; then 42 | enable_kvm && echo 'Enabled KVM' || echo 'KVM is not available' 43 | fi 44 | 45 | # Make sure /nix exists and is writeable 46 | if [ -a /nix ]; then 47 | if ! [ -w /nix ]; then 48 | echo >&2 "/nix exists but is not writeable, can't set up nix-quick-install-action" 49 | exit 1 50 | else 51 | rm -rf /nix/var/nix-quick-install-action 52 | fi 53 | elif [[ "$sys" =~ .*-darwin ]]; then 54 | disk=$(/usr/bin/stat -f "%Sd" /) 55 | disk=${disk%s[0-9]*} 56 | sudo $SHELL -euo pipefail << EOF 57 | echo nix >> /etc/synthetic.conf 58 | echo -e "run\\tprivate/var/run" >> /etc/synthetic.conf 59 | /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -B &>/dev/null \ 60 | || /System/Library/Filesystems/apfs.fs/Contents/Resources/apfs.util -t &>/dev/null \ 61 | || echo "warning: failed to execute apfs.util" 62 | diskutil apfs addVolume "$disk" APFS nix -mountpoint /nix 63 | mdutil -i off /nix 64 | chown $USER /nix 65 | EOF 66 | else 67 | sudo install -d -o "$USER" /nix 68 | if [[ "$NIX_ON_TMPFS" == "true" || "$NIX_ON_TMPFS" == "True" || "$NIX_ON_TMPFS" == "TRUE" ]]; then 69 | sudo mount -t tmpfs -o size=90%,mode=0755,gid="$(id -g)",uid="$(id -u)" tmpfs /nix 70 | fi 71 | fi 72 | 73 | # Fetch and unpack nix archive 74 | if [[ "$sys" =~ .*-darwin ]]; then 75 | # MacOS tar doesn't have the --skip-old-files, so we use gtar 76 | tar=gtar 77 | else 78 | tar=tar 79 | fi 80 | rel="$(head -n1 "$RELEASE_FILE")" 81 | url="${NIX_ARCHIVES_URL:-https://github.com/nixbuild/nix-quick-install-action/releases/download/$rel}/nix-$NIX_VERSION-$sys.tar.zstd" 82 | 83 | echo >&2 "Fetching nix archives from $url" 84 | case "$url" in 85 | file://) 86 | "$tar" --skip-old-files --strip-components 1 -x -I unzstd -C /nix "${url#file://}" 87 | ;; 88 | *) 89 | curl -sL --retry 3 --retry-connrefused "$url" \ 90 | | "$tar" --skip-old-files --strip-components 1 -x -I unzstd -C /nix 91 | ;; 92 | esac 93 | 94 | # Setup nix.conf 95 | NIX_CONF_FILE="${XDG_CONFIG_HOME:-$HOME/.config}/nix/nix.conf" 96 | mkdir -p "$(dirname "$NIX_CONF_FILE")" 97 | touch "$NIX_CONF_FILE" 98 | if [ -n "${NIX_CONF:-}" ]; then 99 | printenv NIX_CONF > "$NIX_CONF_FILE" 100 | fi 101 | 102 | # Setup GitHub access token 103 | if [[ -n "${GITHUB_ACCESS_TOKEN:-}" ]]; then 104 | echo >>"$NIX_CONF_FILE" \ 105 | "access-tokens = github.com=$GITHUB_ACCESS_TOKEN" 106 | fi 107 | 108 | # Setup Flakes 109 | if vergt "$NIX_VERSION" "2.13"; then 110 | echo >>"$NIX_CONF_FILE" \ 111 | "experimental-features = nix-command flakes" 112 | echo >>"$NIX_CONF_FILE" \ 113 | "accept-flake-config = true" 114 | fi 115 | 116 | 117 | # Populate the nix db 118 | nix="$(readlink /nix/var/nix-quick-install-action/nix)" 119 | retries=2 120 | while true; do 121 | "$nix/bin/nix-store" \ 122 | --load-db < /nix/var/nix-quick-install-action/registration && break || true 123 | ((retries--)) 124 | echo >&2 "Retrying Nix DB registration" 125 | sleep 2 126 | done 127 | 128 | 129 | # Install nix in profile 130 | MANPATH= . "$nix/etc/profile.d/nix.sh" 131 | "$nix/bin/nix-env" -i "$nix" 132 | 133 | # Certificate bundle is not detected by nix.sh on macOS. 134 | if [ -z "${NIX_SSL_CERT_FILE:-}" -a -e "/etc/ssl/cert.pem" ]; then 135 | NIX_SSL_CERT_FILE="/etc/ssl/cert.pem" 136 | fi 137 | 138 | # Set env 139 | echo "$HOME/.nix-profile/bin" >> $GITHUB_PATH 140 | echo "NIX_PROFILES=/nix/var/nix/profiles/default $HOME/.nix-profile" >> $GITHUB_ENV 141 | echo "NIX_USER_PROFILE_DIR=/nix/var/nix/profiles/per-user/$USER" >> $GITHUB_ENV 142 | echo "NIX_SSL_CERT_FILE=$NIX_SSL_CERT_FILE" >> $GITHUB_ENV 143 | -------------------------------------------------------------------------------- /nix_config.nix: -------------------------------------------------------------------------------- 1 | with builtins; let 2 | boolToString = b: 3 | if b 4 | then "true" 5 | else "false"; 6 | 7 | /* 8 | Check whether a value can be coerced to a string. 9 | The value must be a string, path, or attribute set. 10 | 11 | String-like values can be used without explicit conversion in 12 | string interpolations and in most functions that expect a string. 13 | */ 14 | isStringLike = x: 15 | isString x 16 | || isPath x 17 | || x ? outPath 18 | || x ? __toString; 19 | 20 | mapAttrsToList = 21 | # A function, given an attribute's name and value, returns a new value. 22 | f: 23 | # Attribute set to map over. 24 | attrs: 25 | map (name: f name attrs.${name}) (attrNames attrs); 26 | 27 | mkValueString = v: 28 | if v == null 29 | then "" 30 | else if isInt v 31 | then toString v 32 | else if isBool v 33 | then boolToString v 34 | else if isFloat v 35 | then toString v 36 | else if isList v 37 | then concatStringsSep " " v 38 | else if isStringLike v 39 | then v 40 | else ""; 41 | 42 | mkKeyValue = k: v: "${k} = ${mkValueString v}"; 43 | 44 | mkKeyValuePairs = attrs: concatStringsSep "\n" (mapAttrsToList mkKeyValue attrs); 45 | in 46 | mkKeyValuePairs 47 | -------------------------------------------------------------------------------- /vercomp.sh: -------------------------------------------------------------------------------- 1 | # taken from: https://stackoverflow.com/a/4025065 2 | vercomp () { 3 | if [[ $1 == $2 ]] 4 | then 5 | return 0 6 | fi 7 | local IFS=. 8 | local i ver1=($1) ver2=($2) 9 | # fill empty fields in ver1 with zeros 10 | for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)) 11 | do 12 | ver1[i]=0 13 | done 14 | for ((i=0; i<${#ver1[@]}; i++)) 15 | do 16 | if [[ -z ${ver2[i]-} ]] 17 | then 18 | # fill empty fields in ver2 with zeros 19 | ver2[i]=0 20 | fi 21 | if ((10#${ver1[i]} > 10#${ver2[i]})) 22 | then 23 | return 1 24 | fi 25 | if ((10#${ver1[i]} < 10#${ver2[i]})) 26 | then 27 | return 2 28 | fi 29 | done 30 | return 0 31 | } 32 | 33 | vergt() { 34 | vercomp $1 $2 35 | case $? in 36 | 0) return 1;; 37 | 1) return 0;; 38 | 2) return 1;; 39 | esac 40 | } 41 | 42 | verlte() { 43 | vercomp $1 $2 44 | case $? in 45 | 0) return 0;; 46 | 1) return 1;; 47 | 2) return 0;; 48 | esac 49 | } 50 | --------------------------------------------------------------------------------