From 3993d679e668dfb24210b9152bc59fc64fd10bc7 Mon Sep 17 00:00:00 2001 From: Arunavo Ray Date: Wed, 17 Dec 2025 10:30:07 +0530 Subject: [PATCH] fix: replace Cachix with Magic Nix Cache in CI workflow - Use DeterminateSystems/nix-installer-action for Nix installation - Use DeterminateSystems/magic-nix-cache-action for caching (free, no setup) - Update documentation to remove Cachix references - Add nix branch to CI triggers --- .github/workflows/nix-build.yml | 41 +++++++++-------- DISTRIBUTION_SUMMARY.md | 68 ++++++++++------------------ NIX.md | 2 +- docs/NIX_DEPLOYMENT.md | 29 ++++++------ docs/NIX_DISTRIBUTION.md | 78 ++++++++++----------------------- 5 files changed, 86 insertions(+), 132 deletions(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 5b6046f..2606263 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -1,15 +1,16 @@ -name: Nix Build and Cache -permissions: - contents: read +name: Nix Build on: push: - branches: [main] + branches: [main, nix] tags: - 'v*' pull_request: branches: [main] +permissions: + contents: read + jobs: build: strategy: @@ -20,24 +21,28 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v24 - with: - extra_nix_config: | - experimental-features = nix-command flakes + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@main - - uses: cachix/cachix-action@v12 - with: - name: gitea-mirror # Your cache name - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - - name: Build package - run: nix build --print-build-logs + - name: Setup Nix Cache + uses: DeterminateSystems/magic-nix-cache-action@main - name: Check flake run: nix flake check - - name: Test run (dry run) + - name: Build package + run: nix build --print-build-logs + + - name: Verify binary run: | - # Just verify the binary exists and is executable + # Verify the binary exists and is executable test -x ./result/bin/gitea-mirror - ./result/bin/gitea-mirror --version || echo "Version check skipped" + echo "✅ Binary exists and is executable" + + # Show package info + ls -la ./result/bin/ + + - name: Test --help flag + run: | + # Test that the binary can at least show help/version info + ./result/bin/gitea-mirror --version 2>&1 || echo "Note: --version may not be implemented" diff --git a/DISTRIBUTION_SUMMARY.md b/DISTRIBUTION_SUMMARY.md index c093695..6031abe 100644 --- a/DISTRIBUTION_SUMMARY.md +++ b/DISTRIBUTION_SUMMARY.md @@ -1,6 +1,6 @@ -# Nix Distribution - Ready to Use! 🎉 +# Nix Distribution - Ready to Use! -## Current Status: ✅ WORKS NOW +## Current Status: WORKS NOW Your Nix package is **already distributable**! Users can run it directly from GitHub without any additional setup on your end. @@ -31,32 +31,14 @@ That's it! No releases, no CI, no infrastructure needed. It works right now. ### For Basic Usage: **NO** Users can already use it from GitHub. No CI or releases required. -### For Better UX: **Recommended** -Set up binary caching so users don't compile from source. +### For CI Validation: **Already Set Up** +GitHub Actions validates builds on every push with Magic Nix Cache (free, no setup). --- -## Next Steps (Optional but Recommended) +## Next Steps (Optional) -### Option 1: Add Binary Cache (5 minutes) - -**Why:** Users download pre-built binaries instead of compiling (much faster!) - -**How:** -1. Create free account at https://cachix.org/ -2. Create cache named `gitea-mirror` -3. Add GitHub secret: `CACHIX_AUTH_TOKEN` -4. GitHub Actions workflow already created at `.github/workflows/nix-build.yml` -5. Add to your docs: - ```bash - # Users run once - cachix use gitea-mirror - - # Then they get fast binary downloads - nix run github:RayLabsHQ/gitea-mirror - ``` - -### Option 2: Release Versioning (2 minutes) +### Option 1: Release Versioning (2 minutes) **Why:** Users can pin to specific versions @@ -72,7 +54,7 @@ nix run github:RayLabsHQ/gitea-mirror/v3.8.11 No additional CI needed - tags work automatically with flakes! -### Option 3: Submit to nixpkgs (Long Term) +### Option 2: Submit to nixpkgs (Long Term) **Why:** Maximum discoverability and trust @@ -85,21 +67,21 @@ No additional CI needed - tags work automatically with flakes! ## Files Created ### Essential (Already Working) -- ✅ `flake.nix` - Package definition -- ✅ `flake.lock` - Dependency lock file -- ✅ `.envrc` - direnv integration +- `flake.nix` - Package definition +- `flake.lock` - Dependency lock file +- `.envrc` - direnv integration ### Documentation -- ✅ `NIX.md` - Quick reference for users -- ✅ `docs/NIX_DEPLOYMENT.md` - Complete deployment guide -- ✅ `docs/NIX_DISTRIBUTION.md` - Distribution guide for you (maintainer) -- ✅ `README.md` - Updated with Nix instructions +- `NIX.md` - Quick reference for users +- `docs/NIX_DEPLOYMENT.md` - Complete deployment guide +- `docs/NIX_DISTRIBUTION.md` - Distribution guide for you (maintainer) +- `README.md` - Updated with Nix instructions -### CI (Optional, Already Set Up) -- ✅ `.github/workflows/nix-build.yml` - Builds + caches to Cachix +### CI (Already Set Up) +- `.github/workflows/nix-build.yml` - Builds and validates on Linux + macOS ### Updated -- ✅ `.gitignore` - Added Nix artifacts +- `.gitignore` - Added Nix artifacts --- @@ -107,12 +89,11 @@ No additional CI needed - tags work automatically with flakes! | Setup | Time | User Experience | What You Need | |-------|------|----------------|---------------| -| **Direct GitHub** | 0 min ✅ | Slow (build from source) | Nothing! Works now | -| **+ Cachix** | 5 min | Fast (binary download) | Cachix account + token | +| **Direct GitHub** | 0 min | Slow (build from source) | Nothing! Works now | | **+ Git Tags** | 2 min | Versionable | Just push tags | | **+ nixpkgs** | Hours | Official/Trusted | PR review process | -**Recommendation:** Start with Direct GitHub (already works!), add Cachix this week for better UX. +**Recommendation:** Direct GitHub works now. Add git tags for versioning. Consider nixpkgs submission once stable. --- @@ -175,17 +156,12 @@ Users can always use latest from main: `nix run github:RayLabsHQ/gitea-mirror` ## Summary -**✅ Ready to distribute RIGHT NOW** +**Ready to distribute RIGHT NOW** - Just commit and push your `flake.nix` - Users can run directly from GitHub -- No CI, releases, or infrastructure required +- CI validates builds automatically -**🚀 Recommended next: Add Cachix (5 minutes)** -- Much better user experience -- Workflow already created -- Free for public projects - -**📦 Optional later: Submit to nixpkgs** +**Optional: Submit to nixpkgs** - Maximum discoverability - Official Nix repository - Do this once package is stable diff --git a/NIX.md b/NIX.md index 10dcca7..4026f2d 100644 --- a/NIX.md +++ b/NIX.md @@ -172,7 +172,7 @@ services.gitea-mirror = { - **[docs/NIX_DISTRIBUTION.md](docs/NIX_DISTRIBUTION.md)** - Distribution guide for maintainers - How users consume the package - - Setting up binary cache (Cachix) + - CI build caching - Releasing new versions - Submitting to nixpkgs diff --git a/docs/NIX_DEPLOYMENT.md b/docs/NIX_DEPLOYMENT.md index a8469a7..2de0bae 100644 --- a/docs/NIX_DEPLOYMENT.md +++ b/docs/NIX_DEPLOYMENT.md @@ -449,31 +449,34 @@ To migrate from Docker to Nix while keeping your data: ## CI/CD Integration -Example GitHub Actions workflow: +Example GitHub Actions workflow (see `.github/workflows/nix-build.yml`): ```yaml -name: Build with Nix +name: Nix Build on: [push, pull_request] +permissions: + contents: read + jobs: build: - runs-on: ubuntu-latest + strategy: + matrix: + os: [ubuntu-latest, macos-latest] + runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v24 - with: - extra_nix_config: | - experimental-features = nix-command flakes - - uses: cachix/cachix-action@v12 - with: - name: gitea-mirror - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix build + - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/magic-nix-cache-action@main - run: nix flake check - # Note: GitHub Actions runner usually has flakes enabled by install-nix-action + - run: nix build --print-build-logs ``` +This uses: +- **Determinate Nix Installer** - Fast, reliable Nix installation with flakes enabled by default +- **Magic Nix Cache** - Free caching using GitHub Actions cache (no account needed) + ## Resources - [Nix Manual](https://nixos.org/manual/nix/stable/) diff --git a/docs/NIX_DISTRIBUTION.md b/docs/NIX_DISTRIBUTION.md index b8e76c6..3f73258 100644 --- a/docs/NIX_DISTRIBUTION.md +++ b/docs/NIX_DISTRIBUTION.md @@ -36,39 +36,21 @@ nix run github:RayLabsHQ/gitea-mirror/v3.8.11 --- -### Method 2: Binary Cache (Recommended) +### Method 2: CI Build Caching -Pre-build packages and cache them so users download binaries instead of building: +The GitHub Actions workflow uses **Magic Nix Cache** (by Determinate Systems) to cache builds: -#### Setup: Cachix (Free for Public Projects) +- **Zero configuration required** - no accounts or tokens needed +- **Automatic** - CI workflow handles everything +- **Uses GitHub Actions cache** - fast, reliable, free -1. **Create account:** https://cachix.org/ -2. **Create cache:** `gitea-mirror` (public) -3. **Add secret to GitHub:** `Settings → Secrets → CACHIX_AUTH_TOKEN` -4. **GitHub Actions builds automatically** (see `.github/workflows/nix-build.yml`) +#### How It Works: -#### User Experience: +1. GitHub Actions builds the package on each push/PR +2. Build artifacts are cached in GitHub Actions cache +3. Subsequent builds reuse cached dependencies (faster CI) -```bash -# First time: Configure cache -cachix use gitea-mirror - -# Or add to nix.conf: -# substituters = https://cache.nixos.org https://gitea-mirror.cachix.org -# trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= gitea-mirror.cachix.org-1:YOUR_KEY_HERE - -# Then use normally - downloads pre-built binaries! -nix run github:RayLabsHQ/gitea-mirror -``` - -**Pros:** -- Fast installation (no compilation) -- Reduced bandwidth/CPU for users -- Professional experience - -**Cons:** -- Requires Cachix account (free for public) -- Requires CI setup +Note: This caches CI builds. Users still build locally, but the flake.lock ensures reproducibility. --- @@ -115,14 +97,13 @@ Already working! Users can: nix run github:RayLabsHQ/gitea-mirror ``` -### Phase 2: Binary Cache (Recommended Next) +### Phase 2: CI Build Validation ✅ -Set up Cachix for faster installs: +GitHub Actions workflow validates builds on every push/PR: -1. Create Cachix cache -2. Add `CACHIX_AUTH_TOKEN` secret to GitHub -3. Workflow already created in `.github/workflows/nix-build.yml` -4. Add instructions to docs +- Uses Magic Nix Cache for fast CI builds +- Tests on both Linux and macOS +- No setup required - works automatically ### Phase 3: Version Releases (Optional) @@ -158,17 +139,7 @@ nix run --extra-experimental-features 'nix-command flakes' github:RayLabsHQ/gite nix profile install --extra-experimental-features 'nix-command flakes' github:RayLabsHQ/gitea-mirror ``` -#### Option 2: With Binary Cache (Faster) - -```bash -# One-time setup -cachix use gitea-mirror - -# Then install (downloads pre-built binary) -nix profile install github:RayLabsHQ/gitea-mirror -``` - -#### Option 3: Pin to Specific Version +#### Option 2: Pin to Specific Version ```bash # Pin to git tag @@ -181,7 +152,7 @@ nix run github:RayLabsHQ/gitea-mirror/abc123def inputs.gitea-mirror.url = "github:RayLabsHQ/gitea-mirror/v3.8.11"; ``` -#### Option 4: NixOS Configuration +#### Option 3: NixOS Configuration ```nix { @@ -270,11 +241,11 @@ git push 2. **Test locally:** `nix flake check` 3. **Check flake.lock:** May need update if dependencies changed -### Cachix Not Working +### CI Cache Not Working -1. **Verify cache exists:** https://gitea-mirror.cachix.org -2. **Check GitHub secret:** `CACHIX_AUTH_TOKEN` is set -3. **Review workflow logs:** Ensure build + push succeeded +1. **Check workflow logs:** Review GitHub Actions for errors +2. **Clear cache:** GitHub Actions → Caches → Delete relevant cache +3. **Verify flake.lock:** May need `nix flake update` if dependencies changed ### Version Pinning Not Working @@ -336,17 +307,16 @@ trusted-public-keys = YOUR_KEY | Method | Setup Time | User Speed | Cost | Discoverability | |--------|-----------|------------|------|-----------------| | Direct GitHub | 0 min | Slow (build) | Free | Low | -| Cachix | 5 min | Fast (binary) | Free (public) | Medium | | nixpkgs | Hours/days | Fast (binary) | Free | High | -| Self-hosted | 30+ min | Fast (binary) | Server cost | Low | +| Self-hosted cache | 30+ min | Fast (binary) | Server cost | Low | -**Recommendation:** Start with **Direct GitHub** (works now), add **Cachix** for better UX (5 min), consider **nixpkgs** later for maximum reach. +**Current approach:** Direct GitHub consumption with CI validation using Magic Nix Cache. Users build locally (reproducible via flake.lock). Consider **nixpkgs** submission for maximum reach once the package is mature. --- ## Resources - [Nix Flakes Documentation](https://nixos.wiki/wiki/Flakes) -- [Cachix Documentation](https://docs.cachix.org/) +- [Magic Nix Cache](https://github.com/DeterminateSystems/magic-nix-cache-action) - [nixpkgs Contributing Guide](https://github.com/NixOS/nixpkgs/blob/master/CONTRIBUTING.md) - [Nix Binary Cache Setup](https://nixos.org/manual/nix/stable/package-management/binary-cache-substituter.html)