Problem: node16 is now deprecated and github-runner provided by nixpkgs
no longer supports this runtime. However, "actions/checkout@v3" uses
this runtime.
Solution: Update CI pipeline to use "actions/checkout@v4".
Problem: When profile activation confirmation fails due to
confirmation timeout and performs a rollback, zero exit code is
returned. Such a behavior is confusing since rollback usually means
something went wrong during deployment and it shouldn't return
successful exit code.
Solution: Explicitly return confirmation waiting error instead of
printing it and silently signalizing success.
Problem: Currently profile activation waiting timeout is hardcoded to
240 seconds, see https://github.com/serokell/deploy-rs/pull/48.
In some cases, this timeout can be exceeded (e.g.
activation performs a heavy DB migration and waits for it to finish
before considering the profile activation succesful).
Solution: Make this timeout configurable via 'activationTimeout' deploy
attribute or corresponding '--activation-timeout' CLI option. For the
sake of backward compatibility, the new 'wait' subcommand
'--activation-timeout' option is made optional and defaults to 240
seconds if it wasn't provided.
Problem: We want to be able to run CI checks on PRs from external forks.
However, this is only possible with 'on: pull_request', while currently
CI is triggered 'on: push'
Solution: Change CI triggering condition to 'on: pull_request'.
Problem: Since https://github.com/NixOS/nix/pull/5226 nix profiles for
users are stored in 'XDG_STATE_HOME' or 'HOME' directory. However,
'deploy-rs' still expects profiles to be present in
'/nix/var/nix/profiles/per-user'. As a result, an attempt to deploy a
profile with newer nix may fail with an error about non-existing files.
Solution: Instead of deducing the profile path prior to ssh'ing and
actual activation, deduce the path to the profile during as a part of
'activate-rs' invocation.
Now if the profile path is not specified explicitly as an attribute in
profile within the deploy flake, the path to the profile is determined
based on the user to which the profile belongs and on the values of
'XDG_STATE_HOME' and 'HOME' variables.
Additionally, if the old profile directory (in
'/nix/var/nix/profiles/per-user') for a given user already exists, it is
used instead for the sake of backward compatibility.
Problem: It's possible to use 'deploy-rs' for deploying 'darwinSystem'
configuration from 'nix-darwin' to a darwin system. However, there is no
dedicated activatiot script for darwin and thus one has to come up with
'custom' activation script.
Solution:
1) Add 'darwin' attribute to 'lib.activate' that provides a script that
should be used to activate 'darwinSystem' config with 'deploy-rs'.
2) Add a new 'examples/darwin' example that provides simple flake for
deploying configuration to a darwin target.
Problem: Since 2.15 nix no longer reference '.drv' as derivation
outputs. At the same time, nix before '2.13' doesn't support '.drv'
special suffix handling.
Solution: Provide '^out' suffix for the profile deriver in case
'nix path-info <...>.drv' returns the same '<...>.drv' path.
In other cases either an error about the build result not being present
in the /nix/store is returned or an actual build result path is
returned.
Problem: 'temp_path' and 'lock_path' are handled as 'String'.
This can be a problem when the 'temp_path' directory is a symlink
on the target system, e.g. this is the case with the default
'/tmp' and macOS, where this directory is actually a symlink to '/private/tmp'.
Solution: Handle 'temp_path' and 'lock_path' as actual Paths.
Also, canonicalize 'temp_path' to avoid canary file path mismatches when checking
filesystem events.
As a side effect, also update the 'notify' dependency to the latest stable version.
Use the deploy-rs from the final packages set. This can avoid rebuilding
deploy-rs when using it in a nixos config. It can use the version cached
in nixpkgs.
Also add instructions to the readme on how to craft an overlay that uses
nixpkgs deploy-rs.
Problem: '--hostname' is ignored when used with '--remote-build'.
Solution: Account for 'data.deploy_data.cmd_overrides.hostname' when
building a profile remotely.
Try to build everything first before pushing to remotes. Since the build
is more likely to fail than the upload, if there is an error the deployment
will fail sooner and before uploading any potentially unusable configuration.
This can be useful when e.g. deploying a kernel update to a target host.
You usually plan a reboot (or kexec) after that to activate the new
kernel. However you don't want to wait for services to be restarted
first since these will be "restarted" anyways on the reboot. In cases
like GitLab or the Atlassian stack this actually makes a difference.
This patch changes the following things:
* If `--boot` is provided, `nix-env -p profile-to-activate --set` is
called for each deployed profile to make sure that it is activated
automatically after a reboot.
* However, the actual activation (e.g. `switch-to-configuration switch`)
is skipped. Instead:
* For NixOS, `switch-to-configuration boot` is called to set the new
profile as default in the bootloader.
* For everything else, nothing else is done. The profile is already
the new default (and thus picked up on the next boot).
