garnix-io / issues Goto Github PK
View Code? Open in Web Editor NEWPublic issue tracker for garnix.io
Public issue tracker for garnix.io
Is there/ will there be a way to disable sandbox on certain flake outputs?
For eg., --option sandbox false
would allow srid/haskell-flake#21 to pass in CI.
So far I've been excluding it in garnix.yaml:
builds:
exclude:
# https://github.com/srid/haskell-flake/issues/21
- "checks.*.default-hls"
Hey team. I've been using garnix on my fork of the notmuch mail indexer: github:league/notmuch and the most recent commits don't show the yellow dot, and don't appear in my dashboard on garnix.io. The repo is still enabled in garnix app, as far as I can tell.
However, there is something possibly suspicious further down that commit log. A commit from 14 October appears to have its build still in-progress (yellow dot). I don't know why it didn't time out, nor whether it would delay recognition of subsequent pushes. The page for that build just says "Waiting for logs."
Thanks so much, garnix is great.
Would the divnix/std
deliberate, but useful output schema be in scope for garnix?
In turn I could implement std
support.
Better docs being worked on.
For now, just hit the repl
in the root and see how it works.
A metadata contract can be exposed on outputs.__std
, if necessary.
The vast majority of my user space software gets installed into shared homeConfigurations.*
targets in my flake.nix file. Even more so than my system configuration, the homeConfigurations bit gets shared between all my systems. I have gui and non-gui targets and that's about it.
I've tried adding two of the homeConfigurations targets to my garnix.yaml file to enable building them, but they aren't built. The app doesn't give any output about not finding particular targets, as best I can tell, so I don't know why it's not building them. I also haven't seen any information about building home manager configurations in the garnix docs.
If for some reason a derivation is taking very long to build, it may be better to just cancel it, but currently there's no way to do that manually.
Presumably there'd be something like a directory
option in garnix.yaml
.
The M1 build fails as follows,
error: builder for '/nix/store/yv6qfknvp1x0baxcq525h47c3vfbgp3f-emanote-0.6.5.4.drv' failed with exit code 1;
last 1 log lines:
> sandbox-exec: pattern serialization length 77788 exceeds maximum (65535)
For full logs, run 'nix log /nix/store/yv6qfknvp1x0baxcq525h47c3vfbgp3f-emanote-0.6.5.4.drv'.
https://garnix.io/build/r9qw3k0e
Same with devShell build: https://garnix.io/build/Q9PwG2Bb
Public view: https://github.com/srid/emanote/runs/6459904976
Would it be feasible to add an experimental-features
configuration field, which is passed to Nix? For example, my repo uses content-addressed derivations, so builds currently fail with
error: experimental Nix feature 'ca-derivations' is disabled; use '--extra-experimental-features ca-derivations' to override
The list of github "checks" that garnix will set on a commit is variable. It depends on the shape of the flake output.
In the github branch protection setting, I can tell github to only merge a PR if certain checks are passing. And I can add the checks that Garnix set during the last run in there.
The only issue is that the list of Garnix checks evolves over time. As I add more packages, I will get more checks. And there is no way to tell GitHub to ask for "all the checks". So I have to go back in there and update the list as it changes.
Have Garnix also publish a "all the garnix checks passed" check. Then I only have to add that one to the GitHub branch protection setting.
repo: kamadorueda/alejandra
commit: 511c3f6a88b6964e1496fb6f441f4ae5e58bd3ea
package: alejandra-x86_64-apple-darwin
status: Failure
started at: 2022-03-04T02:29:36.266444Z
finished at: 2022-03-04T02:29:36.8271Z
Logs
No logs available
Of course I suspect it is because darwin is an unsupported system
This issue is about that I don't see information in the website indicating why, there are no logs, just an anonymous 'failure'
I think I've just come across a strange bug with the macOS builder.
The command nix build .#devShells.aarch64-darwin.default --json
when run in the garnix macOS machine fails: https://github.com/EmaApps/ema-template/runs/7378656982
But the same command ran locally (on my M1 Air) succeeds:
❯ nix build .#devShells.aarch64-darwin.default --json
[{"drvPath":"/nix/store/31znmqzpx6c62lgqnfqyg0ayj3d5blcw-ghc-shell-for-ema-template-0.1.0.0.drv","outputs":{"out":"/nix/store/k63x7xl65iz3xn3501j73rdaqn9wmq4m-ghc-shell-for-ema-template-0.1.0.0"}}]
Both the CI job and my local command were run from commit tree c14b7dd
of srid/ema-template#25
The Haskell flake template https://github.com/NixOS/templates/blob/master/haskell-hello/flake.nix suggests using
checks = self.packages;
to run tests, but this doesn't work on Garnix, due to nix show
not working. It fails with
error: expected a derivation
Escape sequences are not interpreted (this show should a green color)
and are not stripped (causing some gibberish in the log)
Ideally it should do interpreting or stripping, being stripping the simplest to implement, and interpreting the more delightful to the eye
�[0m�[0m�[1m�[32m Compiling�[0m autocfg v1.1.0
�[0m�[0m�[1m�[32m Compiling�[0m libc v0.2.119
�[0m�[0m�[1m�[32m Compiling�[0m crossbeam-utils v0.8.7
�[0m�[0m�[1m�[32m Compiling�[0m lazy_static v1.4.0
�[0m�[0m�[1m�[32m Compiling�[0m cfg-if v1.0.0
�[0m�[0m�[1m�[32m Compiling�[0m crossbeam-epoch v0.9.7
�[0m�[0m�[1m�[32m Compiling�[0m serde v1.0.136
�[0m�[0m�[1m�[32m Compiling�[0m cc v1.0.73
�[0m�[0m�[1m�[32m Compiling�[0m memchr v2.4.1
When garnix is enabled for a repo, it’d be great to get an initial build without having to push further changes to the repo to trigger it.
Upon installing garnix, my home tab shows builds started a few months ago in a repo that I don't own (whose owner presumably has enabled garnix for all repos), and with which my only interaction is that I once pushed a commit to a PR branch in that repo (https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork).
This should not count as a sign that I am interested in seeing the builds from that repo.
I got this error all of sudden on Emanote:
https://github.com/EmaApps/emanote/runs/9443800979
The change itself was a trivial one: srid/emanote@ea28b6b
This is likely a somewhat recent regression, but if the flake.nix
can't be evaluated for any reason, the logs are not being displayed. That's pretty bad!
I'm not sure if the problem is related to Darwin, but I had a PR build where evaluation succeeded but nothing was built, even though I was expecting something to build based on the configuration.
Note that I'm using a non-default configuration that explicitly opts into Darwin build products. See here for the PR:
https://github.com/Gabriella439/macos-builder/pull/2/files
… and here for the matching Garnix run:
https://github.com/Gabriella439/macos-builder/pull/2/checks?check_run_id=8786448740
Provide badges for CI status.
Ideally, provide an endpoint that is compatible with shields.io. Allow filtering (e.g. garnix.io/repo/<repo>?format=shields.io&system=x86_64-linux&type=package
for all x86_64-linux packages in the latest commit of master
/main
).
Useful query params to have:
https://github.com/EmaApps/ema-template/actions/runs/3733203286/jobs/6333727221
I tried restarting the build, but the error occurs on a different derivation.
error: hash mismatch importing path '/nix/store/x3xa7h9wg6phf5a83is1vp4a663c61sq-auto-update-0.1.6';
specified: sha256:0ylfgvbw5v9v0z5mzfa139zc96qkncp2lc4ri65pbk74zla09xyb
got: sha256:1rsprx5vgsidjil565s12nz0ah89vv0126gsd0652pac9pi6fvpd
error: some substitutes for the outputs of derivation '/nix/store/k4a2l67vwlkgvwagzmbflbbiykgrb9bd-auto-update-0.1.6.drv' failed (usually happens due to networking issues); try '--fallback' to build derivation from source
Sadly I don't have screenshots, but I can share my story:
I installed the github app, configured https://github.com/kamadorueda/alejandra to be built by garnix, then nothing happened, I did not see builds or results on my garnix mainpage
I wondered, hmm, why? so I followed the steps displayed in the garnix help, but they were related to the demo repository, which I was not using and therefore I felt a little bit lost
Then I merged a PR in https://github.com/kamadorueda/alejandra, which pushed a commit to the main branch, and then garnix showed the builds: success!
This issue is just to say: it works, but maybe I was too dumb, or maybe the getting started steps can be made more intuitive
IFD is currently not allowed. We could allow it, though probably with a less clean perspective on what will be built.
Garnix CI doesn't seem to detect nixosConfigurations that contain a .
.
output of: nix flake show
:
git+file:///home/victor/src/infrastructure?ref=refs%2fheads%2fmain&rev=e614e9ed3b0fb51616b7ce247e8765cfda4af9be
├───colmena: unknown
├───devShells
│ └───x86_64-linux
│ └───default: development environment 'nix-shell'
├───nixosConfigurations
│ ├───"bastion.hades": NixOS configuration
│ ├───"bastion.olympus": NixOS configuration
│ ├───"database.hades": NixOS configuration
│ ├───"database.olympus": NixOS configuration
│ ├───"dhcp.olympus": NixOS configuration
│ ├───"dns-1.olympus": NixOS configuration
│ ├───"dns-2.olympus": NixOS configuration
│ ├───"docker-registry-proxy.hades": NixOS configuration
│ ├───"docker-registry.hades": NixOS configuration
│ ├───"gitea.olympus": NixOS configuration
│ ├───"hedgedoc.olympus": NixOS configuration
│ ├───"jackett2.hades": NixOS configuration
│ ├───"keycloak.olympus": NixOS configuration
│ ├───"mailserver.olympus": NixOS configuration
│ ├───"mastodon.hades": NixOS configuration
│ ├───"minio.hades": NixOS configuration
│ ├───"minio.olympus": NixOS configuration
│ ├───"mosquitto.olympus": NixOS configuration
│ ├───"nginx.olympus": NixOS configuration
│ ├───null: NixOS configuration
│ ├───"outline.olympus": NixOS configuration
│ ├───"prowlarr.hades": NixOS configuration
│ ├───"radarr2.hades": NixOS configuration
│ ├───"rtorrent.hades": NixOS configuration
│ ├───"sonarr2.hades": NixOS configuration
│ ├───"synapse.olympus": NixOS configuration
│ ├───"unifi.hades": NixOS configuration
│ ├───"unifi.olympus": NixOS configuration
│ ├───"vault-0.hades": NixOS configuration
│ ├───"vault-1.olympus": NixOS configuration
│ ├───"vault.olympus": NixOS configuration
│ ├───"victoriametrics.olympus": NixOS configuration
│ └───"wireguard.olympus": NixOS configuration
└───packages
└───x86_64-linux
├───apply-local: package 'apply-local'
├───default: package 'colmena-0.4.0-pre'
└───iso: package 'nixos-22.11.20221009.e3c61a2-x86_64-linux.iso'
But garnix only seems to detect one of them:
Here is a link to an example pipeline: https://github.com/NULLx76/infrastructure/runs/8788941654
Currently during signup users get directed to github to install the app, and redirected back after the installation, which is when garnix gets their username and token, and finishes signup. This flow isn't ideal because some users might not want to install the app anywhere new - they might e.g. be collaborators on a project where garnix is already installed. (At the moment, they just get kind of confusingly stuck during signup)
Currently, a flake with an input from a private github repo, as in
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.05";
puzzledb.url = "git+ssh://[email protected]:/robx/puzzledb-mirror.git?ref=nix";
...
fails to build on garnix
with
Command 'nix eval .#nixosConfigurations --apply builtins.attrNames --json' failed with exit code 1. Stderr:
error: 'git+ssh://[email protected]:/robx/puzzledb-mirror.git?ref=nix' is not a valid URL
It's unclear to me whether that could/should be made to work as is; some documented way to allow building flakes that depend on private flakes via garnix would be nice though.
Suggestion from the discord thread is to change the flake to reference the private input with a https://
URL using a personal access token.
Specifically, this PR: Gabriella439/grace#45
I double-checked that I enabled Garnix for that repository in my GitHub application settings.
I also checked the logs on garnix.io and didn't see any logs related to that repository
Does your blog have a feed?
My feedreader can't find it.
If you don't have one, please consider adding one.
The current setup is somewhat annoying since:
Instead, we can require that the app be enabled, and a garnix.yaml file be present. That way you can enable the app on all repos when configuring.
Could the YAML file be used to configure this?
For example, to disable Garnix building gh-pages
branch: https://github.com/srid/NixHaskellIndex/tree/gh-pages
In some projects one might be not allowed a flake in the toplevel directory (i.e. political/policy reasons).
In our particular project we don't want to use the flake in the toplevel directory since we use unpinned nixpkgs.
Therefore it would be cool if we could specify in garnix.toml an alternative directory.
So that building can take advantage of public binary caches.
I discovered the docs by typing https://garnix.io/docs in the browser, but it's not linked to from the main page, and therefore not easily discoverable
Garnix should force only a certain number of derivations being built at once per user. When the limit is reached, those derivations should be queued. Hercules CI has this feature and it would be a good idea to implement this.
I also accidentally caused Garnix to crash today.
Any attributes that are not built because they do not match the includes
/excludes
should be mentioned, with a link to documentation about how to change that. By default, certain packages (e.g. aarch64-darwin and aarch64-linux) are not built, and this can be confusing/surprising.
Additionally, there should be a mention of what attributes are considered at all.
I'm actually not sure if that's what is happening here, but I noticed that Garnix wasn't building this PR:
… and I'm guessing that the reason why is because the PR's branch from another repository
I wish the garnix.io page would give me a bit of an overview, rather than just listing all the most recent builds.
Basically, just a list of the latest overall results (perhaps colorized) for the default branch on each repo I have enabled garnix for. And sorted by name, to make it easy to compare.
So that, I see something like
con-kitty/categorifier[088b8d61] Failure
con-kitty/concat[68a24f40] Failure
sellout/bash-strict-mode[b35a8027] Success
sellout/emacs-extended-faces[fd111870] Failure
and then I can click through each to see the detailed results.
Repo it happens: https://github.com/srid/emanote-template
CI log: https://github.com/srid/emanote-template/runs/8058506408
package default [x86_64-linux]
fails, but I can build it successfully on my local machine:
❯ nix build .#packages.x86_64-linux.default --json
warning: Using saved setting for 'extra-substituters = https://cache.garnix.io' from ~/.local/share/nix/trusted-settings.json.
warning: Using saved setting for 'extra-trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=' from ~/.local/share/nix/trusted-settings.json.
[{"drvPath":"/nix/store/qz9w433nmbir1wvx9f983lc72nkgx7mx-emanote-static-website.drv","outputs":{"out":"/nix/store/mn8bn1bs1c1pmm79rmyvgkkrnwifc12q-emanote-static-website"}}]
❯ nix --option sandbox true build .#packages.x86_64-linux.default --json
warning: Using saved setting for 'extra-substituters = https://cache.garnix.io' from ~/.local/share/nix/trusted-settings.json.
warning: Using saved setting for 'extra-trusted-public-keys = cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=' from ~/.local/share/nix/trusted-settings.json.
[{"drvPath":"/nix/store/qz9w433nmbir1wvx9f983lc72nkgx7mx-emanote-static-website.drv","outputs":{"out":"/nix/store/mn8bn1bs1c1pmm79rmyvgkkrnwifc12q-emanote-static-website"}}]
Nix info,
❯ nix-info -m
- system: `"x86_64-linux"`
- host os: `Linux 5.15.53, NixOS, 22.11 (Raccoon), 22.11.20220721.a65b5b3`
- multi-user?: `yes`
- sandbox: `yes`
- version: `nix-env (Nix) 2.10.3`
- channels(root): `"nixos-22.11pre392433.8f485713f5e"`
- nixpkgs: `/nix/var/nix/profiles/per-user/root/channels/nixos`
- ```
Basically the title. I initially thought it is because of some configuration change I made recently. But it turns out the same is true for old commits which worked previously.
builds:
include:
- 'legacyPackages.x86_64-linux.*'
- 'devShell.x86_64-linux'
It looks like it's expecting the exclude to be present:
DecodeConfigError {message = "Aeson exception:\nError in $: \n Previous branch failure: Error in $.builds: key "exclude" not found\nexpected Null, but encountered Object"}
As the title says.
Being reliant on a single point of failure, is fine for a beta, but I hope the service can be more, competitor, and self-hosting friendly in the future.
Example job still in process for ~24h:
See the CI status in https://github.com/EmaApps/emanote/commits/master
The builds are public via github already anyhow.
repo: kamadorueda/alejandra
commit: 511c3f6a88b6964e1496fb6f441f4ae5e58bd3ea
package: alejandra-x86_64-apple-darwin
status: Failure
started at: 2022-03-04T02:29:36.266444Z
finished at: 2022-03-04T02:29:36.8271Z
Logs
No logs available
Garnix is creating builds on GitHub for unsupported systems:
As a user I would expect to either:
Have all my packages built, at least for the systems supported by hydra.nixos.org:
nix-repl> lib.systems.supported.hydra
[ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "armv6l-linux" "armv7l-linux" "i686-linux" "mipsel-linux" "aarch64-darwin" ]
or at least tier1 and tier2:
nix-repl> lib.systems.supported.tier1
[ "x86_64-linux" ]
nix-repl> lib.systems.supported.tier2
[ "aarch64-linux" "x86_64-darwin" ]
Hide the builds for unsupported systems
Show the builds as another status than failed, maybe skipped?
Currently, unless the repo is public, only the people who triggered the build themselves can see it.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.