Save 30-50%+ of CI time without any effort or cost. Use Magic Nix Cache, a totally free and zero-configuration binary cache for Nix on GitHub Actions.
Go to file
Graham Christensen 9ab3ce70d6
Matrix (#96)
* Update `detsys-ts` for: `Merge pull request #67 from DeterminateSystems/allow-obliterating-id-token-privs` (`4280bc94c9545f31ccf08001cc16f20ccb91b770`)

* Update the defaults / docs on the use-flakehub and use-gha-cache options

* Support the MNC trinary, to allow GHA cache to turn off if FHC is enabled

* let's go?

* arg, you can't parameterize the permissions

* don't fail fast

* Maybe if we bust the token sooner..?

* Clearer job names

* Debug...

* ?

* ...?

* ?

* fancy it up

* more seed

* Test against determinate too

* ...

* derp, obliterate

* Identify the failed-to-setup FHC as not being enabled

* Don't fail on github if the cache is throttled

* derp

* Add a success job for the ci workflow

---------

Co-authored-by: grahamc <76716+grahamc@users.noreply.github.com>
2024-11-06 21:05:00 +00:00
.github Matrix (#96) 2024-11-06 21:05:00 +00:00
dist Matrix (#96) 2024-11-06 21:05:00 +00:00
src Matrix (#96) 2024-11-06 21:05:00 +00:00
.editorconfig Rename no-op mode 2024-06-03 17:02:34 -07:00
.envrc Init the action 2023-06-26 11:57:25 -04:00
.eslintrc.json Fix nullish coalescing 2024-06-05 09:54:12 -07:00
.gitattributes Init the action 2023-06-26 11:57:25 -04:00
.gitignore Init the action 2023-06-26 11:57:25 -04:00
.prettierignore Add prettier config 2024-04-21 14:17:24 -03:00
action.yml Matrix (#96) 2024-11-06 21:05:00 +00:00
flake.lock switch to flakehub 2023-10-03 00:08:49 -04:00
flake.nix Rebase on detsys-ts and get rid of bun 2024-04-11 19:21:15 -04:00
LICENSE Init the action 2023-06-26 11:57:25 -04:00
package.json Update fast-xml-parser 2024-08-01 17:53:27 +02:00
pnpm-lock.yaml Matrix (#96) 2024-11-06 21:05:00 +00:00
prettier.config.cjs Add prettier config 2024-04-21 14:17:24 -03:00
README.md Bring back store diffing (optionally) 2024-05-22 09:44:39 -07:00
shell.nix switch to flakehub 2023-10-03 00:08:49 -04:00
tsconfig.json Rebase on detsys-ts and get rid of bun 2024-04-11 19:21:15 -04:00
tsup.config.ts Output only an index.js 2024-04-21 13:47:38 -03:00

Magic Nix Cache

Save 30-50%+ of CI time without any effort or cost. Use Magic Nix Cache, a totally free and zero-configuration binary cache for Nix on GitHub Actions.

Add our GitHub Action after installing Nix, in your workflow, like this:

- uses: DeterminateSystems/magic-nix-cache-action@main

See Usage for a detailed example.

Why use the Magic Nix Cache?

Magic Nix Cache uses the GitHub Actions built-in cache to share builds between Workflow runs, and has many advantages over alternatives.

  1. Totally free: backed by GitHub Actions' cache, there is no additional service to pay for.
  2. Zero configuration: add our action to your workflow. That's it. Everything built in your workflow will be cached.
  3. No secrets: Forks and pull requests benefit from the cache, too.
  4. Secure: Magic Nix Cache follows the same semantics as the GitHub Actions cache, and malicious pull requests cannot pollute your project.
  5. Private: The cache is stored in the GitHub Actions cache, not with an additional third party.

Note: the Magic Nix Cache doesn't offer a publicly available cache. This means the cache is only usable in CI. Zero to Nix has an article on binary caching if you want to share Nix builds with users outside of CI.

Usage

Add it to your Linux and macOS GitHub Actions workflows, like this:

name: CI

on:
  push:
  pull_request:

jobs:
  check:
    runs-on: ubuntu-22.04
    permissions:
      id-token: "write"
      contents: "read"
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/nix-installer-action@main
      - uses: DeterminateSystems/magic-nix-cache-action@main
      - uses: DeterminateSystems/flake-checker-action@main
      - name: Run `nix build`
        run: nix build .

That's it. Everything built in your workflow will be cached.

Usage Notes

The GitHub Actions Cache has a rate limit on reads and writes. Occasionally, large projects or large rebuilds may exceed those rate-limits, and you'll see evidence of that in your logs. The error looks like this:

error: unable to download 'http://127.0.0.1:37515/<...>': HTTP error 418
       response body:
       GitHub API error: API error (429 Too Many Requests): StructuredApiError { message: "Request was blocked due to exceeding usage of resource 'Count' in namespace ''." }

The caching daemon and Nix both handle this gracefully, and won't cause your CI to fail. When the rate limit is exceeded while pulling dependencies, your workflow may perform more builds than usual. When the rate limit is exceeded while uploading to the cache, the remainder of those store paths will be uploaded on the next run of the workflow.

Concepts

Upstream cache

When you configure an upstream cache for the Magic Nix Cache, any store paths fetched from that source are not cached because they are known to be fetchable on future workflow runs. The default is https://cache.nixos.org but you can set a different upstream:

- uses: DeterminateSystems/magic-nix-cache-action@main
  with:
    upstream-cache: https://my-binary-cache.com

Action Options

Parameter Description Required Default
diagnostic-endpoint Diagnostic endpoint url where diagnostics and performance data is sent. To disable set this to an empty string. https://install.determinate.systems/magic-nix-cache/perf
diff-store Whether or not to diff the store before and after Magic Nix Cache runs. false
flakehub-api-server The FlakeHub API server. https://api.flakehub.com
flakehub-cache-server The FlakeHub binary cache server. https://cache.flakehub.com
flakehub-flake-name The name of your flake on FlakeHub. The empty string will autodetect your FlakeHub flake. ""
listen The host and port to listen on. 127.0.0.1:37515
source-binary Run a version of the cache binary from somewhere already on disk. Conflicts with all other source-* options.
source-branch The branch of magic-nix-cache to use. Conflicts with all other source-* options. main
source-pr The PR of magic-nix-cache to use. Conflicts with all other source-* options.
source-revision The revision of nix-magic-nix-cache to use. Conflicts with all other source-* options.
source-tag The tag of magic-nix-cache to use. Conflicts with all other source-* options.
source-url A URL pointing to a magic-nix-cache binary. Overrides all other source-* options.
startup-notification-port The port magic-nix-cache uses for daemon startup notification. 41239
upstream-cache Your preferred upstream cache. Store paths in this store will not be cached in GitHub Actions' cache. https://cache.nixos.org
use-flakehub Whether to upload build results to FlakeHub Cache (private beta). true
use-gha-cache Whether to upload build results to the GitHub Actions cache. true