Skip to content

[devbox add] --allow-insecure should handle multiple, user-specified packages #4975

[devbox add] --allow-insecure should handle multiple, user-specified packages

[devbox add] --allow-insecure should handle multiple, user-specified packages #4975

Workflow file for this run

name: cli-tests
# Runs the Devbox CLI tests
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
on:
pull_request:
push:
branches:
- main
merge_group:
branches:
- main
workflow_call:
inputs:
run-mac-tests:
type: boolean
workflow_dispatch:
inputs:
run-mac-tests:
type: boolean
# run the example tests with DEVBOX_DEBUG=1
example-debug:
type: boolean
permissions:
contents: read
pull-requests: read
defaults:
run:
# Explicitly setting the shell to bash runs commands with
# `bash --noprofile --norc -eo pipefail` instead of `bash -e`.
shell: bash
env:
HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DEVBOX_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
HOMEBREW_NO_ANALYTICS: 1
HOMEBREW_NO_AUTO_UPDATE: 1
HOMEBREW_NO_EMOJI: 1
HOMEBREW_NO_ENV_HINTS: 1
HOMEBREW_NO_INSTALL_CLEANUP: 1
DEVBOX_DEBUG: 1
jobs:
build-devbox:
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: ./go.mod
- name: Build devbox
run: go build -o dist/devbox ./cmd/devbox
- name: Upload devbox artifact
uses: actions/upload-artifact@v3
with:
name: devbox-${{ runner.os }}-${{ runner.arch }}
path: ./dist/devbox
retention-days: 7
typos:
name: Spell Check with Typos
if: github.ref != 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: crate-ci/typos@v1.16.26
golangci-lint:
needs: build-devbox
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
timeout-minutes: 10
steps:
- uses: actions/checkout@v3
# We can remove this once we fix nix golangci-lint issue and move to devbox
- uses: actions/setup-go@v4
with:
go-version-file: ./go.mod
cache: false
# This can be reanabled once released version supports runx
# and we can remove needs: build-devbox
# - name: Install devbox
# uses: jetpack-io/devbox-install-action@v0.7.0
# with:
# enable-cache: true
- name: Mount golang cache
uses: actions/cache@v3
with:
path: |
~/.cache/golangci-lint
~/.cache/go-build
~/go/pkg
key: go-${{ runner.os }}-${{ hashFiles('go.sum') }}
- name: Download devbox
uses: actions/download-artifact@v3
with:
name: devbox-${{ runner.os }}-${{ runner.arch }}
- name: Add devbox to path
run: |
chmod +x ./devbox
sudo mv ./devbox /usr/local/bin/
- run: devbox run lint
test:
needs: build-devbox
strategy:
matrix:
is-main:
- ${{ github.ref == 'refs/heads/main' && 'is-main' || 'not-main' }}
os: [ubuntu-latest, macos-latest]
# This is an optimization that runs tests twice, with and without
# the devbox.json tests. We can require the other tests to complete before
# merging, while keeping the others as an additional non-required signal
run-project-tests: ["project-tests", "project-tests-off"]
# Run tests on:
# 1. the oldest supported nix version (which is 2.9.0? But determinate-systems installer has 2.12.0)
# 2. latest nix version
nix-version: ["2.12.0", "2.19.2"]
exclude:
- is-main: "not-main"
os: "${{ inputs.run-mac-tests && 'dummy' || 'macos-latest' }}"
- is-main: "is-main"
run-project-tests: "project-tests-off"
- run-project-tests: "project-tests"
os: macos-latest
runs-on: ${{ matrix.os }}
timeout-minutes: 37
steps:
- name: Maximize build disk space
uses: easimon/maximize-build-space@v8
if: matrix.os == 'ubuntu-latest'
with:
root-reserve-mb: 40000
temp-reserve-mb: 10000
remove-dotnet: true
remove-android: true
remove-haskell: true
remove-codeql: true
- uses: actions/checkout@v3
- uses: actions/setup-go@v4
with:
go-version-file: ./go.mod
- name: Mount golang cache
uses: actions/cache@v3
with:
path: |
~/.cache/go-build
~/go/pkg
key: go-devbox-tests-${{ runner.os }}-${{ hashFiles('go.sum') }}
- name: Install additional shells (dash, zsh)
run: |
if [ "$RUNNER_OS" == "Linux" ]; then
sudo apt-get update
sudo apt-get install dash zsh
elif [ "$RUNNER_OS" == "macOS" ]; then
brew update
brew install dash zsh
fi
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
with:
logger: pretty
extra-conf: experimental-features = ca-derivations fetch-closure
nix-package-url: https://releases.nixos.org/nix/nix-${{ matrix.nix-version }}/nix-${{ matrix.nix-version }}-${{ runner.arch == 'X64' && 'x86_64' || 'aarch64' }}-${{ runner.os == 'macOS' && 'darwin' || 'linux' }}.tar.xz
- name: Run tests
env:
# For devbox.json tests, we default to non-debug mode since the debug output is less useful than for unit testscripts.
# But we allow overriding via inputs.example-debug
DEVBOX_DEBUG: ${{ (matrix.run-project-tests == 'project-tests-off' || inputs.example-debug) && '1' || '0' }}
DEVBOX_RUN_PROJECT_TESTS: ${{ matrix.run-project-tests == 'project-tests' && '1' || '0' }}
# Used in `go test -timeout` flag. Needs a value that time.ParseDuration can parse.
DEVBOX_GOLANG_TEST_TIMEOUT: "${{ (github.ref == 'refs/heads/main' || inputs.run-mac-tests) && '35m' || '30m' }}"
run: |
echo "::group::Nix version"
nix --version
echo "::endgroup::"
echo "::group::Contents of /etc/nix/nix.conf"
cat /etc/nix/nix.conf || true
echo "::endgroup::"
echo "::group::Resolved Nix config"
nix show-config --extra-experimental-features nix-command
echo "::endgroup::"
go test -v -timeout $DEVBOX_GOLANG_TEST_TIMEOUT ./...
auto-nix-install: # ensure Devbox installs nix and works properly after installation.
needs: build-devbox
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Download devbox
uses: actions/download-artifact@v3
with:
name: devbox-${{ runner.os }}-${{ runner.arch }}
- name: Add devbox to path
run: |
chmod +x ./devbox
sudo mv ./devbox /usr/local/bin/
- name: Install nix and devbox packages
run: |
export NIX_INSTALLER_NO_CHANNEL_ADD=1
# Setup github authentication to ensure Github's rate limits are not hit.
# If this works, we can consider refactoring this into a reusable github action helper.
mkdir -p ~/.config/nix
echo "access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}" > ~/.config/nix/nix.conf
devbox run echo "Installing packages..."
- name: Test removing package
run: devbox rm go
# Run a sanity test to make sure Devbox can install and remove packages with
# the last 3 Nix releases.
test-nix-versions:
needs: build-devbox
strategy:
matrix:
os: [ubuntu-latest, macos-latest]
nix-version: [2.15.1, 2.16.1, 2.17.0, 2.18.0, 2.19.2]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v3
- name: Download devbox
uses: actions/download-artifact@v3
with:
name: devbox-${{ runner.os }}-${{ runner.arch }}
- name: Add devbox to path
run: |
chmod +x ./devbox
sudo mv ./devbox /usr/local/bin/
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
with:
logger: pretty
extra-conf: experimental-features = ca-derivations fetch-closure
nix-package-url: https://releases.nixos.org/nix/nix-${{ matrix.nix-version }}/nix-${{ matrix.nix-version }}-${{ runner.arch == 'X64' && 'x86_64' || 'aarch64' }}-${{ runner.os == 'macOS' && 'darwin' || 'linux' }}.tar.xz
- name: Run devbox install, devbox run, devbox rm
run: |
echo "::group::Nix version"
nix --version
echo "::endgroup::"
echo "::group::Contents of /etc/nix/nix.conf"
cat /etc/nix/nix.conf || true
echo "::endgroup::"
echo "::group::Resolved Nix config"
nix show-config --extra-experimental-features nix-command
echo "::endgroup::"
devbox install
devbox run -- echo "Hello from devbox!"
devbox rm go