biome: 1.9.2 -> 1.9.3
[NixPkgs.git] / pkgs / by-name / gi / github-runner / package.nix
blob93997cb01d622428f361cc1076636db7487a8c55
2   buildDotnetModule,
3   darwin,
4   dotnetCorePackages,
5   fetchFromGitHub,
6   fetchpatch,
7   git,
8   glibc,
9   glibcLocales,
10   lib,
11   nixosTests,
12   stdenv,
13   which,
14   buildPackages,
15   runtimeShell,
16   # List of Node.js runtimes the package should support
17   nodeRuntimes ? [ "node20" ],
18   nodejs_20,
21 # Node.js runtimes supported by upstream
22 assert builtins.all (x: builtins.elem x [ "node20" ]) nodeRuntimes;
24 buildDotnetModule rec {
25   pname = "github-runner";
26   version = "2.320.0";
28   src = fetchFromGitHub {
29     owner = "actions";
30     repo = "runner";
31     rev = "v${version}";
32     hash = "sha256-mVi/Z89R2nbxQAyEkpbcaU3Pc3wK6989QojHew9ad4g=";
33     leaveDotGit = true;
34     postFetch = ''
35       git -C $out rev-parse --short HEAD > $out/.git-revision
36       rm -rf $out/.git
37     '';
38   };
40   # The git commit is read during the build and some tests depend on a git repo to be present
41   # https://github.com/actions/runner/blob/22d1938ac420a4cb9e3255e47a91c2e43c38db29/src/dir.proj#L5
42   unpackPhase = ''
43     cp -r $src $TMPDIR/src
44     chmod -R +w $TMPDIR/src
45     cd $TMPDIR/src
46     (
47       export PATH=${buildPackages.git}/bin:$PATH
48       git init
49       git config user.email "root@localhost"
50       git config user.name "root"
51       git add .
52       git commit -m "Initial commit"
53       git checkout -b v${version}
54     )
55     mkdir -p $TMPDIR/bin
56     cat > $TMPDIR/bin/git <<EOF
57     #!${runtimeShell}
58     if [ \$# -eq 1 ] && [ "\$1" = "rev-parse" ]; then
59       echo $(cat $TMPDIR/src/.git-revision)
60       exit 0
61     fi
62     exec ${buildPackages.git}/bin/git "\$@"
63     EOF
64     chmod +x $TMPDIR/bin/git
65     export PATH=$TMPDIR/bin:$PATH
66   '';
68   patches = [
69     # Replace some paths that originally point to Nix's read-only store
70     ./patches/host-context-dirs.patch
71     # Use GetDirectory() to obtain "diag" dir
72     ./patches/use-get-directory-for-diag.patch
73     # Don't try to install service
74     ./patches/dont-install-service.patch
75     # Access `.env` and `.path` relative to `$RUNNER_ROOT`, if set
76     ./patches/env-sh-use-runner-root.patch
77     # Fix FHS path: https://github.com/actions/runner/pull/2464
78     (fetchpatch {
79       name = "ln-fhs.patch";
80       url = "https://github.com/actions/runner/commit/5ff0ce1.patch";
81       hash = "sha256-2Vg3cKZK3cE/OcPDZkdN2Ro2WgvduYTTwvNGxwCfXas=";
82     })
83   ];
85   postPatch =
86     ''
87       # Ignore changes to src/Runner.Sdk/BuildConstants.cs
88       substituteInPlace src/dir.proj \
89         --replace 'git update-index --assume-unchanged ./Runner.Sdk/BuildConstants.cs' \
90                   'true'
91     ''
92     + lib.optionalString (nodeRuntimes == [ "node20" ]) ''
93       substituteInPlace src/Runner.Common/Util/NodeUtil.cs \
94         --replace-fail '_defaultNodeVersion = "node16"' '_defaultNodeVersion = "node20"'
95     '';
97   DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = isNull glibcLocales;
98   LOCALE_ARCHIVE = lib.optionalString (
99     !DOTNET_SYSTEM_GLOBALIZATION_INVARIANT
100   ) "${glibcLocales}/lib/locale/locale-archive";
102   postConfigure = ''
103     # Generate src/Runner.Sdk/BuildConstants.cs
104     dotnet msbuild \
105       -t:GenerateConstant \
106       -p:ContinuousIntegrationBuild=true \
107       -p:Deterministic=true \
108       -p:PackageRuntime="${dotnetCorePackages.systemToDotnetRid stdenv.hostPlatform.system}" \
109       -p:RunnerVersion="${version}" \
110       src/dir.proj
111   '';
113   nativeBuildInputs =
114     [
115       which
116       git
117     ]
118     ++ lib.optionals (stdenv.hostPlatform.isDarwin && stdenv.hostPlatform.isAarch64) [
119       darwin.autoSignDarwinBinariesHook
120     ];
122   buildInputs = [ stdenv.cc.cc.lib ];
124   dotnet-sdk = dotnetCorePackages.sdk_6_0;
125   dotnet-runtime = dotnetCorePackages.runtime_6_0;
127   dotnetFlags = [
128     "-p:PackageRuntime=${dotnetCorePackages.systemToDotnetRid stdenv.hostPlatform.system}"
129   ];
131   # As given here: https://github.com/actions/runner/blob/0befa62/src/dir.proj#L33-L41
132   projectFile = [
133     "src/Sdk/Sdk.csproj"
134     "src/Runner.Common/Runner.Common.csproj"
135     "src/Runner.Listener/Runner.Listener.csproj"
136     "src/Runner.Worker/Runner.Worker.csproj"
137     "src/Runner.PluginHost/Runner.PluginHost.csproj"
138     "src/Runner.Sdk/Runner.Sdk.csproj"
139     "src/Runner.Plugins/Runner.Plugins.csproj"
140   ];
141   nugetDeps = ./deps.nix;
143   doCheck = true;
145   __darwinAllowLocalNetworking = true;
147   # Fully qualified name of disabled tests
148   disabledTests =
149     [
150       "GitHub.Runner.Common.Tests.Listener.SelfUpdaterL0.TestSelfUpdateAsync"
151       "GitHub.Runner.Common.Tests.ProcessInvokerL0.OomScoreAdjIsInherited"
152     ]
153     ++ map (x: "GitHub.Runner.Common.Tests.Listener.SelfUpdaterL0.TestSelfUpdateAsync_${x}") [
154       "Cancel_CloneHashTask_WhenNotNeeded"
155       "CloneHash_RuntimeAndExternals"
156       "DownloadRetry"
157       "FallbackToFullPackage"
158       "NoUpdateOnOldVersion"
159       "NotUseExternalsRuntimeTrimmedPackageOnHashMismatch"
160       "UseExternalsRuntimeTrimmedPackage"
161       "UseExternalsTrimmedPackage"
162       "ValidateHash"
163     ]
164     ++ map (x: "GitHub.Runner.Common.Tests.Listener.SelfUpdaterV2L0.${x}") [
165       "TestSelfUpdateAsync_DownloadRetry"
166       "TestSelfUpdateAsync_ValidateHash"
167       "TestSelfUpdateAsync"
168     ]
169     ++ map (x: "GitHub.Runner.Common.Tests.Worker.ActionManagerL0.PrepareActions_${x}") [
170       "CompositeActionWithActionfile_CompositeContainerNested"
171       "CompositeActionWithActionfile_CompositePrestepNested"
172       "CompositeActionWithActionfile_MaxLimit"
173       "CompositeActionWithActionfile_Node"
174       "DownloadActionFromGraph"
175       "NotPullOrBuildImagesMultipleTimes"
176       "RepositoryActionWithActionYamlFile_DockerHubImage"
177       "RepositoryActionWithActionfileAndDockerfile"
178       "RepositoryActionWithActionfile_DockerHubImage"
179       "RepositoryActionWithActionfile_Dockerfile"
180       "RepositoryActionWithActionfile_DockerfileRelativePath"
181       "RepositoryActionWithActionfile_Node"
182       "RepositoryActionWithDockerfile"
183       "RepositoryActionWithDockerfileInRelativePath"
184       "RepositoryActionWithDockerfilePrepareActions_Repository"
185       "RepositoryActionWithInvalidWrapperActionfile_Node"
186       "RepositoryActionWithWrapperActionfile_PreSteps"
187     ]
188     ++ map (x: "GitHub.Runner.Common.Tests.DotnetsdkDownloadScriptL0.${x}") [
189       "EnsureDotnetsdkBashDownloadScriptUpToDate"
190       "EnsureDotnetsdkPowershellDownloadScriptUpToDate"
191     ]
192     ++ [ "GitHub.Runner.Common.Tests.Listener.RunnerL0.TestRunOnceHandleUpdateMessage" ]
193     # Tests for trimmed runner packages which aim at reducing the update size. Not relevant for Nix.
194     ++ map (x: "GitHub.Runner.Common.Tests.PackagesTrimL0.${x}") [
195       "RunnerLayoutParts_CheckExternalsHash"
196       "RunnerLayoutParts_CheckDotnetRuntimeHash"
197     ]
198     ++ lib.optionals (stdenv.hostPlatform.system == "aarch64-linux") [
199       # "JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64"
200       "GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNodeRuntimeVersionInAlpineContainerAsync"
201       "GitHub.Runner.Common.Tests.Worker.StepHostL0.DetermineNode20RuntimeVersionInAlpineContainerAsync"
202     ]
203     ++ lib.optionals DOTNET_SYSTEM_GLOBALIZATION_INVARIANT [
204       "GitHub.Runner.Common.Tests.ProcessExtensionL0.SuccessReadProcessEnv"
205       "GitHub.Runner.Common.Tests.Util.StringUtilL0.FormatUsesInvariantCulture"
206       "GitHub.Runner.Common.Tests.Worker.VariablesL0.Constructor_SetsOrdinalIgnoreCaseComparer"
207       "GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchCancellation"
208       "GitHub.Runner.Common.Tests.Worker.WorkerL0.DispatchRunNewJob"
209     ]
210     ++ lib.optionals (!lib.elem "node16" nodeRuntimes) [
211       "GitHub.Runner.Common.Tests.ProcessExtensionL0.SuccessReadProcessEnv"
212     ];
214   testProjectFile = [ "src/Test/Test.csproj" ];
216   preCheck =
217     ''
218       mkdir -p _layout/externals
219     ''
220     + lib.optionalString (lib.elem "node20" nodeRuntimes) ''
221       ln -s ${nodejs_20} _layout/externals/node20
222     '';
224   postInstall =
225     ''
226       mkdir -p $out/bin
228       install -m755 src/Misc/layoutbin/runsvc.sh                 $out/lib/github-runner
229       install -m755 src/Misc/layoutbin/RunnerService.js          $out/lib/github-runner
230       install -m755 src/Misc/layoutroot/run.sh                   $out/lib/github-runner
231       install -m755 src/Misc/layoutroot/run-helper.sh.template   $out/lib/github-runner/run-helper.sh
232       install -m755 src/Misc/layoutroot/config.sh                $out/lib/github-runner
233       install -m755 src/Misc/layoutroot/env.sh                   $out/lib/github-runner
235       # env.sh is patched to not require any wrapping
236       ln -sr "$out/lib/github-runner/env.sh" "$out/bin/"
238       substituteInPlace $out/lib/github-runner/config.sh \
239         --replace './bin/Runner.Listener' "$out/bin/Runner.Listener"
240     ''
241     + lib.optionalString stdenv.hostPlatform.isLinux ''
242       substituteInPlace $out/lib/github-runner/config.sh \
243         --replace 'command -v ldd' 'command -v ${glibc.bin}/bin/ldd' \
244         --replace 'ldd ./bin' '${glibc.bin}/bin/ldd ${dotnet-runtime}/shared/Microsoft.NETCore.App/${dotnet-runtime.version}/' \
245         --replace '/sbin/ldconfig' '${glibc.bin}/bin/ldconfig'
246     ''
247     + ''
248       # Remove uneeded copy for run-helper template
249       substituteInPlace $out/lib/github-runner/run.sh --replace 'cp -f "$DIR"/run-helper.sh.template "$DIR"/run-helper.sh' ' '
250       substituteInPlace $out/lib/github-runner/run-helper.sh --replace '"$DIR"/bin/' '"$DIR"/'
252       # Make paths absolute
253       substituteInPlace $out/lib/github-runner/runsvc.sh \
254         --replace './externals' "$out/lib/externals" \
255         --replace './bin/RunnerService.js' "$out/lib/github-runner/RunnerService.js"
257       # The upstream package includes Node and expects it at the path
258       # externals/node$version. As opposed to the official releases, we don't
259       # link the Alpine Node flavors.
260       mkdir -p $out/lib/externals
261     ''
262     + lib.optionalString (lib.elem "node20" nodeRuntimes) ''
263       ln -s ${nodejs_20} $out/lib/externals/node20
264     ''
265     + ''
266       # Install Nodejs scripts called from workflows
267       install -D src/Misc/layoutbin/hashFiles/index.js $out/lib/github-runner/hashFiles/index.js
268       mkdir -p $out/lib/github-runner/checkScripts
269       install src/Misc/layoutbin/checkScripts/* $out/lib/github-runner/checkScripts/
270     ''
271     + lib.optionalString stdenv.hostPlatform.isLinux ''
272       # Wrap explicitly to, e.g., prevent extra entries for LD_LIBRARY_PATH
273       makeWrapperArgs=()
275       # We don't wrap with libicu
276       substituteInPlace $out/lib/github-runner/config.sh \
277         --replace '$LDCONFIG_COMMAND -NXv ''${libpath//:/ }' 'echo libicu'
278     ''
279     + ''
280       # XXX: Using the corresponding Nix argument does not work as expected:
281       #      https://github.com/NixOS/nixpkgs/issues/218449
282       # Common wrapper args for `executables`
283       makeWrapperArgs+=(
284         --run 'export RUNNER_ROOT="''${RUNNER_ROOT:-"$HOME/.github-runner"}"'
285         --run 'mkdir -p "$RUNNER_ROOT"'
286         --chdir "$out"
287       )
288     '';
290   # List of files to wrap
291   executables = [
292     "config.sh"
293     "Runner.Listener"
294     "Runner.PluginHost"
295     "Runner.Worker"
296     "run.sh"
297     "runsvc.sh"
298   ];
300   doInstallCheck = true;
301   installCheckPhase = ''
302     runHook preInstallCheck
304     export RUNNER_ROOT="$TMPDIR"
306     $out/bin/config.sh --help >/dev/null
307     $out/bin/Runner.Listener --help >/dev/null
309     version=$($out/bin/Runner.Listener --version)
310     if [[ "$version" != "${version}" ]]; then
311       printf 'Unexpected version %s' "$version"
312       exit 1
313     fi
315     commit=$($out/bin/Runner.Listener --commit)
316     if [[ "$commit" != "$(git rev-parse HEAD)" ]]; then
317       printf 'Unexpected commit %s' "$commit"
318       exit 1
319     fi
321     runHook postInstallCheck
322   '';
324   passthru = {
325     tests.smoke-test = nixosTests.github-runner;
326     updateScript = ./update.sh;
327   };
329   meta = with lib; {
330     changelog = "https://github.com/actions/runner/releases/tag/v${version}";
331     description = "Self-hosted runner for GitHub Actions";
332     homepage = "https://github.com/actions/runner";
333     license = licenses.mit;
334     maintainers = with maintainers; [
335       veehaitch
336       kfollesdal
337       aanderse
338       zimbatm
339     ];
340     platforms = [
341       "x86_64-linux"
342       "aarch64-linux"
343       "x86_64-darwin"
344       "aarch64-darwin"
345     ];
346     sourceProvenance = with sourceTypes; [ binaryNativeCode ];
347   };