Amaan Qureshi
2ccb8a9a56
upload-release: disable containerd image store to preserve gzip layer compression
...
Docker 28+ defaults to the containerd image store, which pushes layers
uncompressed instead of gzip. The GHA runner image updated Docker to
29.x (actions/runner-images#13633), causing the `nixos/nix:2.33.3`
image to balloon from 138 MB to 505 MB, with all 70 layers pushed as
`application/vnd.docker.image.rootfs.diff.tar` instead of `.tar.gzip`.
OCI clients that only support gzip (e.g. `go-containerregistry`, used
by Concourse CI) fail with "gzip: invalid header".
This commit disables the containerd snapshotter in the release workflow
before any Docker operations, restoring the classic storage driver that
preserves gzip compression through the `docker load` / `docker push`
pipeline.
Fixes #15246
2026-02-16 14:08:08 -05:00
dependabot[bot]
5f9483519a
build(deps): bump docker/login-action from 3.6.0 to 3.7.0
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 3.6.0 to 3.7.0.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](5e57cd1181...c94ce9fb46 )
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-version: 3.7.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-02-03 03:28:21 +00:00
Sergei Zimmerman
b75403f15b
ci: Stop uploading docker images for pre-release versions
...
This is no longer needed (best I can tell), since nix docker
images now get uploaded to GHCR as part of the release process too
and they contain both aarch64 and x86_64 instead of only x86_64.
2026-01-02 18:36:38 +03:00
Sergei Zimmerman
a1569458cc
upload-release: Also push to GHCR as part of the release process
2025-12-30 02:00:21 +03:00
Sergei Zimmerman
4599daa10e
ci: Add upload-release.yml
...
This workflow is supposed to automate release uploads by using OIDC
for AWS setup. DockerHub still uses long-lived credentials, but that's
not fixable. In a follow-up we could set up release uploads to GHCR too.
2025-12-30 02:00:20 +03:00
Sergei Zimmerman
b17034ba59
Merge pull request #14874 from xokdvium/flake-regression-reuse-nix-closure
...
ci: Run flake-regressions also with the newly built daemon
2025-12-28 14:46:15 +00:00
Sergei Zimmerman
c54af23b41
ci: Pin download-artifact actions sha
2025-12-28 05:36:20 +03:00
Sergei Zimmerman
6eebfe6274
ci: Run flake-regressions also with the newly built daemon
...
Runs the tests against the new daemon as well as the cli.
This more reliably shares the artifact (not relying directly on github
actions cache). We've seen github evict our caches super fast, so it would
be nice to move away from it entirely if possible.
2025-12-28 05:18:43 +03:00
Sergei Zimmerman
c867ed6726
ci: Make docker-push workflow more configurable
...
This should allow reusing this workflow (with more tweaks)
in the releng workflow.
2025-12-28 03:35:40 +03:00
Sergei Zimmerman
fb05f6de0d
ci: Pin actions in docker-push reusable workflow
2025-12-28 03:35:39 +03:00
Sergei Zimmerman
745983dfc0
ci: Move docker_push_image into a separate workflow
...
Best reviewed with -w --color-moved. This just moves the code
into a separate workflow. This will allow us to reuse it in
the release job for github releng of releases.
2025-12-28 03:35:36 +03:00
Jörg Thalheim
9f2795e588
Merge pull request #14805 from NixOS/dependabot/github_actions/cachix/install-nix-action-31.9.0
...
build(deps): bump cachix/install-nix-action from 31.8.4 to 31.9.0
2025-12-16 19:58:01 +00:00
Jörg Thalheim
12cee327a0
Merge pull request #14806 from NixOS/dependabot/github_actions/korthout/backport-action-4.0.1
...
build(deps): bump korthout/backport-action from 3.4.1 to 4.0.1
2025-12-16 19:56:42 +00:00
Jörg Thalheim
3b73dcba39
Merge pull request #14807 from NixOS/dependabot/github_actions/actions/upload-artifact-6
...
build(deps): bump actions/upload-artifact from 5 to 6
2025-12-16 19:56:23 +00:00
dependabot[bot]
1fc5648204
build(deps): bump actions/download-artifact from 6 to 7
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 6 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-15 22:01:01 +00:00
dependabot[bot]
d7e0bcaa51
build(deps): bump actions/upload-artifact from 5 to 6
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-15 22:00:57 +00:00
dependabot[bot]
4227d24bc3
build(deps): bump korthout/backport-action from 3.4.1 to 4.0.1
...
Bumps [korthout/backport-action](https://github.com/korthout/backport-action ) from 3.4.1 to 4.0.1.
- [Release notes](https://github.com/korthout/backport-action/releases )
- [Commits](d07416681c...c656f5d585 )
---
updated-dependencies:
- dependency-name: korthout/backport-action
dependency-version: 4.0.1
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-15 22:00:53 +00:00
dependabot[bot]
7720dad11f
build(deps): bump cachix/install-nix-action from 31.8.4 to 31.9.0
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 31.8.4 to 31.9.0.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md )
- [Commits](0b0e072294...4e002c8ec8 )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-version: 31.9.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-12-15 22:00:48 +00:00
dependabot[bot]
d8d75cff9f
build(deps): bump actions/checkout from 5 to 6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-24 22:03:58 +00:00
dependabot[bot]
ae4ed24257
build(deps): bump cachix/install-nix-action from 31.8.3 to 31.8.4
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 31.8.3 to 31.8.4.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md )
- [Commits](7ec16f2c06...0b0e072294 )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-version: 31.8.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-17 22:01:06 +00:00
dependabot[bot]
2150d7a754
build(deps): bump cachix/install-nix-action from 31.8.2 to 31.8.3
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 31.8.2 to 31.8.3.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md )
- [Commits](456688f15b...7ec16f2c06 )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-version: 31.8.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-10 22:00:54 +00:00
John Ericson
f2436a47bb
Merge pull request #14388 from NixOS/dependabot/github_actions/actions/upload-artifact-5
...
build(deps): bump actions/upload-artifact from 4 to 5
2025-11-04 18:14:06 +00:00
John Ericson
83ddfaebf4
Merge pull request #14389 from NixOS/dependabot/github_actions/actions/download-artifact-6
...
build(deps): bump actions/download-artifact from 5 to 6
2025-11-04 18:13:45 +00:00
dependabot[bot]
c3d4c5f69d
build(deps): bump cachix/install-nix-action from 31.5.1 to 31.8.2
...
Bumps [cachix/install-nix-action](https://github.com/cachix/install-nix-action ) from 31.5.1 to 31.8.2.
- [Release notes](https://github.com/cachix/install-nix-action/releases )
- [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md )
- [Commits](c134e4c9e3...456688f15b )
---
updated-dependencies:
- dependency-name: cachix/install-nix-action
dependency-version: 31.8.2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-11-03 22:00:54 +00:00
dependabot[bot]
ccc06451df
build(deps): bump actions/download-artifact from 5 to 6
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 5 to 6.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-27 22:35:42 +00:00
dependabot[bot]
3775a2a226
build(deps): bump actions/upload-artifact from 4 to 5
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-27 22:22:54 +00:00
Bernardo Meurer Costa
ad664ce64e
ci: cancel previous workflow runs on PR updates
...
Add concurrency group configuration to the CI workflow to automatically
cancel outdated runs when a PR receives new commits or is force-pushed.
This prevents wasting CI resources on superseded code.
2025-10-27 20:56:56 +00:00
Sergei Zimmerman
f3d8d1f719
ci: Reuse composite install-nix-action for docker_push_image job
2025-10-23 02:17:11 +03:00
Sergei Zimmerman
c8a15bf70d
ci: Pin cachix action
2025-10-23 02:17:10 +03:00
Sergei Zimmerman
ad5c6a53b9
ci: Move magic-nix-cache-action into install-nix-action composite
...
This reduces duplication and pins the underlying version of magic-nix-cache,
as we already do with other actions.
2025-10-23 02:17:09 +03:00
Bernardo Meurer Costa
fa0d00e668
ci: cleanup s3 tests
...
This cleans up the work done in 8c2828387 . Now that #13752 has landed,
there's no need to test configurations without AWS auth in CI.
2025-10-15 23:51:08 +03:00
Bernardo Meurer Costa
1f710300c9
refactor(libstore): withCurlS3 -> withAWS
...
Now that the legacy S3 implementation is gone, we can go back to calling
things `NIX_WITH_S3_SUPPORT`.
2025-10-15 18:23:56 +00:00
Bernardo Meurer Costa
9295c14a35
refactor(libstore): replace AWS SDK with curl-based S3 implementation
...
This commit replaces the AWS C++ SDK with a lighter curl-based approach
for S3 binary cache operations.
- Removed dependency on the heavy aws-cpp-sdk-s3 and aws-cpp-sdk-transfer
- Added lightweight aws-crt-cpp for credential resolution only
- Leverages curl's native AWS SigV4 authentication (requires curl >= 7.75.0)
- S3BinaryCacheStore now delegates to HttpBinaryCacheStore
- Function s3ToHttpsUrl converts ParsedS3URL to ParsedURL
- Multipart uploads are no longer supported (may be reimplemented later)
- Build now requires curl >= 7.75.0 for AWS SigV4 support
Fixes : #13084 , #12671 , #11748 , #12403 , #5947
2025-10-15 18:23:55 +00:00
Eelco Dolstra
c44d2d5913
Merge pull request #14241 from NixOS/dependabot/github_actions/actions/create-github-app-token-2
...
build(deps): bump actions/create-github-app-token from 1 to 2
2025-10-14 11:55:43 +00:00
dependabot[bot]
b846f27682
build(deps): bump actions/checkout from 4 to 5
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-13 22:00:59 +00:00
dependabot[bot]
962862e9e0
build(deps): bump actions/create-github-app-token from 1 to 2
...
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token ) from 1 to 2.
- [Release notes](https://github.com/actions/create-github-app-token/releases )
- [Commits](https://github.com/actions/create-github-app-token/compare/v1...v2 )
---
updated-dependencies:
- dependency-name: actions/create-github-app-token
dependency-version: '2'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-10-13 22:00:55 +00:00
Jörg Thalheim
118acc84ba
only build on push to master
...
we have now merge queues for maintainance branches. We still build it
for master to have our installer beeing updated. In future this part
could go in new workflow instead.
2025-10-09 14:16:14 +01:00
Jörg Thalheim
090f7fb05e
Merge pull request #14002 from getchoo-contrib/getchoo/dogfood-experimental-installer
...
Add experimental installer to installer tests
2025-10-08 04:05:46 +00:00
Bernardo Meurer Costa
a400ea4257
ci: integrate vm_tests into main tests job
...
This consolidates the separate vm_tests job into the main tests job,
simplifying the CI workflow. VM tests now run as part of the regular
test matrix.
2025-10-08 02:46:56 +00:00
Sergei Zimmerman
fc8b784924
Merge pull request #14147 from lovesegfault/nix-multi-ci
...
ci: test without s3 and with curl-based-s3
2025-10-08 02:38:03 +03:00
Jörg Thalheim
63e8b5f94a
ci: Switch away from mergify to backport action
...
We want to use github native queues.
2025-10-07 23:43:03 +03:00
Bernardo Meurer Costa
8c28283876
ci: test without s3 and with curl-based-s3
2025-10-06 16:24:21 +00:00
Seth Flynn
d2293fb458
ci: enable experimental installer tests
2025-10-03 01:26:55 -04:00
Jörg Thalheim
00775ad83c
Apply suggestion from @getchoo
...
Co-authored-by: Seth Flynn <getchoo@tuta.io >
2025-09-24 13:14:00 +02:00
Sergei Zimmerman
35d8ffe01d
ci: Split formatting check into a separate job, gate other jobs
...
This makes the CI fail fast and more explicitly in case the formatting
is incorrect and provides a better error messages. This also ensures
that we don't burn CI on useless checks for code that wouldn't pass lints
anyway.
2025-09-24 00:34:35 +03:00
dependabot[bot]
7128abd217
build(deps): bump actions/labeler from 5 to 6
...
Bumps [actions/labeler](https://github.com/actions/labeler ) from 5 to 6.
- [Release notes](https://github.com/actions/labeler/releases )
- [Commits](https://github.com/actions/labeler/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/labeler
dependency-version: '6'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-09-08 22:00:58 +00:00
Jörg Thalheim
677b1c0f8f
prepare merge queues for nix
2025-08-15 08:05:01 +02:00
Sergei Zimmerman
26dbda6302
ci/docker_push_image: Remove dead step
...
This step is now part of the check_secrets job and
the output is completely unused.
2025-08-14 14:54:45 +03:00
Sergei Zimmerman
48d15ed1fb
ci/check_secrets: Remove deprecated set-output
2025-08-14 14:54:20 +03:00
dependabot[bot]
4fb89eb2ea
build(deps): bump actions/download-artifact from 4 to 5
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2025-08-12 09:05:31 +00:00