From d13d5ac938d654b7c13a06299db61dd87a19430e Mon Sep 17 00:00:00 2001 From: Benjamin Moosherr Date: Fri, 28 Mar 2025 23:07:41 +0100 Subject: [PATCH 1/4] CI: Use a faster method to install Nix The old method also didn't reproduce the same environment if there was a cache hit (the sandbox was disabled in this case). --- .github/workflows/maven.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index c24e84749..c4917be92 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -17,11 +17,7 @@ jobs: steps: - uses: actions/checkout@v4 - - name: Install Nix with cached packages - uses: rikhuijzer/cache-install@v1.1.4 - with: - key: nix-${{ hashFiles('.github/workflows/maven.yml', 'default.nix', 'nix/**', 'pom.xml', 'local-maven-repo') }} - nix_file: nix/github-workflow-dependencies.nix + - uses: cachix/install-nix-action@v31 - name: Build run: nix-build - name: Upload Javadoc artifact From da11a13c1451f5a52672fe494ac6e20116346865 Mon Sep 17 00:00:00 2001 From: Benjamin Moosherr Date: Fri, 28 Mar 2025 23:13:08 +0100 Subject: [PATCH 2/4] CI: Cache dependencies between runs This should be more reliable than the old cache-install action because all the software is operated according to their intended interfaces. --- .github/workflows/maven.yml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index c4917be92..d030ff709 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -18,6 +18,29 @@ jobs: steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v31 + - name: List pre-installed store paths + run: find /nix/store -mindepth 1 -maxdepth 1 | sort > pre-installed + - uses: actions/cache/restore@v4 + id: cache + with: + path: cache-closure.nar + key: nix-${{ hashFiles('.github/workflows/maven.yml', 'default.nix', 'nix/**', 'pom.xml', 'local-maven-repo') }} + - name: Import cache + if: steps.cache.outputs.cache-hit == 'true' + run: nix-store --import < cache-closure.nar + - name: Build dependency cache + if: steps.cache.outputs.cache-hit != 'true' + run: nix-build --out-link dependencies nix/github-workflow-dependencies.nix + - name: Export cache + if: steps.cache.outputs.cache-hit != 'true' + run: | + find /nix/store -mindepth 1 -maxdepth 1 | sort > store-paths + nix-store --export $(comm -13 pre-installed store-paths) > cache-closure.nar + - uses: actions/cache/save@v4 + if: steps.cache.outputs.cache-hit != 'true' + with: + path: cache-closure.nar + key: nix-${{ hashFiles('.github/workflows/maven.yml', 'default.nix', 'nix/**', 'pom.xml', 'local-maven-repo') }} - name: Build run: nix-build - name: Upload Javadoc artifact From d8bfef1ae53014a265ac45937b054a25eca5b66f Mon Sep 17 00:00:00 2001 From: Benjamin Moosherr Date: Mon, 31 Mar 2025 09:36:46 +0200 Subject: [PATCH 3/4] CI: Remove the caching mechanism After testing (everything works as excepted) and measuring the cache, we noticed that the time improvement is not worth the additional complexity. Hence, we decided to remove this cache but leave it in the commit history in case it becomes relevant in the future. This effectively reverts commit da11a13c1451f5a52672fe494ac6e20116346865 "CI: Cache dependencies between runs". --- .github/workflows/maven.yml | 24 +----------------------- nix/github-workflow-dependencies.nix | 16 ---------------- 2 files changed, 1 insertion(+), 39 deletions(-) delete mode 100644 nix/github-workflow-dependencies.nix diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index d030ff709..a94e1ea36 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -18,29 +18,7 @@ jobs: steps: - uses: actions/checkout@v4 - uses: cachix/install-nix-action@v31 - - name: List pre-installed store paths - run: find /nix/store -mindepth 1 -maxdepth 1 | sort > pre-installed - - uses: actions/cache/restore@v4 - id: cache - with: - path: cache-closure.nar - key: nix-${{ hashFiles('.github/workflows/maven.yml', 'default.nix', 'nix/**', 'pom.xml', 'local-maven-repo') }} - - name: Import cache - if: steps.cache.outputs.cache-hit == 'true' - run: nix-store --import < cache-closure.nar - - name: Build dependency cache - if: steps.cache.outputs.cache-hit != 'true' - run: nix-build --out-link dependencies nix/github-workflow-dependencies.nix - - name: Export cache - if: steps.cache.outputs.cache-hit != 'true' - run: | - find /nix/store -mindepth 1 -maxdepth 1 | sort > store-paths - nix-store --export $(comm -13 pre-installed store-paths) > cache-closure.nar - - uses: actions/cache/save@v4 - if: steps.cache.outputs.cache-hit != 'true' - with: - path: cache-closure.nar - key: nix-${{ hashFiles('.github/workflows/maven.yml', 'default.nix', 'nix/**', 'pom.xml', 'local-maven-repo') }} + # The dependencies could be cached if necessary. See PR #156 and da11a13c1451f5a52672fe494ac6e20116346865 for additional information. - name: Build run: nix-build - name: Upload Javadoc artifact diff --git a/nix/github-workflow-dependencies.nix b/nix/github-workflow-dependencies.nix deleted file mode 100644 index 72c9cc63e..000000000 --- a/nix/github-workflow-dependencies.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - sources ? import ./sources.nix, - system ? builtins.currentSystem, - pkgs ? - import sources.nixpkgs { - overlays = []; - config = {}; - inherit system; - }, -}: let - DiffDetective = import ../default.nix {}; -in - pkgs.mkShell { - inputsFrom = [DiffDetective]; - pkgs = [DiffDetective.mavenRepo]; - } From 76f7b078d9f7ec486996acef02dde5a9b6b8702a Mon Sep 17 00:00:00 2001 From: Benjamin Moosherr Date: Sun, 30 Mar 2025 21:53:56 +0200 Subject: [PATCH 4/4] CI: Disable network accesses by github-pages In case the Nix sandbox is enabled, the github-metadata plugin automatically disables network accesses. However, if the sandbox is disabled (e.g., on MacOS or by explicitly disabling it), the github-metadata plugin tries to access the GitHub API and (fortunately) fails which aborts the build. As the required patch is currently unreleased, the patch is directly fetched from GitHub. This overlay can be removed as soon as this patch lands in nixpkgs and we update to such a nixpkgs version. --- default.nix | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/default.nix b/default.nix index cab1125a6..70e65df3e 100644 --- a/default.nix +++ b/default.nix @@ -3,7 +3,24 @@ system ? builtins.currentSystem, pkgs ? import sources.nixpkgs { - overlays = []; + overlays = [ + (final: previous: { + defaultGemConfig = previous.defaultGemConfig // { + jekyll-github-metadata = attrs: { + dontBuild = false; + patches = [ + (final.fetchpatch { + url = "https://github.com/jekyll/github-metadata/commit/17cc5af5e1fd95d98d43676610cc8a47969350ab.patch"; + hash = "sha256-dUqvnYsjfG5xQIYS48B3xz0GLVYo2BrDAnYUafmDFKw="; + relative = "lib"; + stripLen = 1; + extraPrefix = "lib/jekyll-github-metadata/"; + }) + ]; + }; + }; + }) + ]; config = {}; inherit system; }, @@ -93,7 +110,7 @@ pkgs.stdenvNoCC.mkDerivation rec { if buildGitHubPages then '' mvn javadoc:javadoc - JEKYLL_ENV=production PAGES_REPO_NWO=VariantSync/DiffDetective JEKYLL_BUILD_REVISION= github-pages build + JEKYLL_ENV=production PAGES_REPO_NWO=VariantSync/DiffDetective JEKYLL_BUILD_REVISION= PAGES_DISABLE_NETWORK=1 github-pages build rm -rf _site/target '' else ""