Skip to content

Commit ca1b597

Browse files
jerome-benoitjerome-benoit
authored
fix(nix): filter optional dependencies by target platform (anomalyco#8033)
1 parent d527cee commit ca1b597

File tree

5 files changed

+131
-14
lines changed

5 files changed

+131
-14
lines changed

.github/workflows/update-nix-hashes.yml

Lines changed: 92 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ on:
1717
- "packages/*/package.json"
1818

1919
jobs:
20-
update:
20+
update-linux:
2121
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
2222
runs-on: blacksmith-4vcpu-ubuntu-2404
2323
env:
@@ -47,14 +47,14 @@ jobs:
4747
nix flake update
4848
echo "✅ flake.lock updated successfully"
4949
50-
- name: Update node_modules hash
50+
- name: Update node_modules hash for x86_64-linux
5151
run: |
5252
set -euo pipefail
53-
echo "🔄 Updating node_modules hash..."
53+
echo "🔄 Updating node_modules hash for x86_64-linux..."
5454
nix/scripts/update-hashes.sh
55-
echo "✅ node_modules hash updated successfully"
55+
echo "✅ node_modules hash for x86_64-linux updated successfully"
5656
57-
- name: Commit hash changes
57+
- name: Commit Linux hash changes
5858
env:
5959
TARGET_BRANCH: ${{ github.head_ref || github.ref_name }}
6060
run: |
@@ -65,7 +65,7 @@ jobs:
6565
summarize() {
6666
local status="$1"
6767
{
68-
echo "### Nix Hash Update"
68+
echo "### Nix Hash Update (x86_64-linux)"
6969
echo ""
7070
echo "- ref: ${GITHUB_REF_NAME}"
7171
echo "- status: ${status}"
@@ -89,7 +89,92 @@ jobs:
8989
echo "🔗 Staging files..."
9090
git add "${FILES[@]}"
9191
echo "💾 Committing changes..."
92-
git commit -m "Update Nix flake.lock and hashes"
92+
git commit -m "Update Nix flake.lock and x86_64-linux hash"
93+
echo "✅ Changes committed"
94+
95+
BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}"
96+
echo "🌳 Pulling latest from branch: $BRANCH"
97+
git pull --rebase origin "$BRANCH"
98+
echo "🚀 Pushing changes to branch: $BRANCH"
99+
git push origin HEAD:"$BRANCH"
100+
echo "✅ Changes pushed successfully"
101+
102+
summarize "committed $(git rev-parse --short HEAD)"
103+
104+
update-macos:
105+
needs: update-linux
106+
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
107+
runs-on: macos-latest
108+
env:
109+
SYSTEM: aarch64-darwin
110+
111+
steps:
112+
- name: Checkout repository
113+
uses: actions/checkout@v4
114+
with:
115+
token: ${{ secrets.GITHUB_TOKEN }}
116+
fetch-depth: 0
117+
ref: ${{ github.head_ref || github.ref_name }}
118+
repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
119+
120+
- name: Setup Nix
121+
uses: DeterminateSystems/nix-installer-action@v20
122+
123+
- name: Configure git
124+
run: |
125+
git config --global user.email "action@github.com"
126+
git config --global user.name "Github Action"
127+
128+
- name: Pull latest changes
129+
env:
130+
TARGET_BRANCH: ${{ github.head_ref || github.ref_name }}
131+
run: |
132+
BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}"
133+
git pull origin "$BRANCH"
134+
135+
- name: Update node_modules hash for aarch64-darwin
136+
run: |
137+
set -euo pipefail
138+
echo "🔄 Updating node_modules hash for aarch64-darwin..."
139+
nix/scripts/update-hashes.sh
140+
echo "✅ node_modules hash for aarch64-darwin updated successfully"
141+
142+
- name: Commit macOS hash changes
143+
env:
144+
TARGET_BRANCH: ${{ github.head_ref || github.ref_name }}
145+
run: |
146+
set -euo pipefail
147+
148+
echo "🔍 Checking for changes in tracked Nix files..."
149+
150+
summarize() {
151+
local status="$1"
152+
{
153+
echo "### Nix Hash Update (aarch64-darwin)"
154+
echo ""
155+
echo "- ref: ${GITHUB_REF_NAME}"
156+
echo "- status: ${status}"
157+
} >> "$GITHUB_STEP_SUMMARY"
158+
if [ -n "${GITHUB_SERVER_URL:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ] && [ -n "${GITHUB_RUN_ID:-}" ]; then
159+
echo "- run: ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}" >> "$GITHUB_STEP_SUMMARY"
160+
fi
161+
echo "" >> "$GITHUB_STEP_SUMMARY"
162+
}
163+
164+
FILES=(nix/hashes.json)
165+
STATUS="$(git status --short -- "${FILES[@]}" || true)"
166+
if [ -z "$STATUS" ]; then
167+
echo "✅ No changes detected. Hash is already up to date."
168+
summarize "no changes"
169+
exit 0
170+
fi
171+
172+
echo "📝 Changes detected:"
173+
echo "$STATUS"
174+
echo "🔗 Staging files..."
175+
git add "${FILES[@]}"
176+
echo "💾 Committing changes..."
177+
git commit -m "Update aarch64-darwin hash"
93178
echo "✅ Changes committed"
94179
95180
BRANCH="${TARGET_BRANCH:-${GITHUB_REF_NAME}}"

flake.nix

Lines changed: 23 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,11 +27,28 @@
2727
"aarch64-darwin" = "bun-darwin-arm64";
2828
"x86_64-darwin" = "bun-darwin-x64";
2929
};
30-
defaultNodeModules = "sha256-AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=";
30+
31+
# Parse "bun-{os}-{cpu}" to {os, cpu}
32+
parseBunTarget =
33+
target:
34+
let
35+
parts = lib.splitString "-" target;
36+
in
37+
{
38+
os = builtins.elemAt parts 1;
39+
cpu = builtins.elemAt parts 2;
40+
};
41+
3142
hashesFile = "${./nix}/hashes.json";
3243
hashesData =
3344
if builtins.pathExists hashesFile then builtins.fromJSON (builtins.readFile hashesFile) else { };
34-
nodeModulesHash = hashesData.nodeModules or defaultNodeModules;
45+
# Lookup hash: supports per-system ({system: hash}) or legacy single hash
46+
nodeModulesHashFor =
47+
system:
48+
if builtins.isAttrs hashesData.nodeModules then
49+
hashesData.nodeModules.${system}
50+
else
51+
hashesData.nodeModules;
3552
modelsDev = forEachSystem (
3653
system:
3754
let
@@ -63,8 +80,11 @@
6380
system:
6481
let
6582
pkgs = pkgsFor system;
83+
bunPlatform = parseBunTarget bunTarget.${system};
6684
mkNodeModules = pkgs.callPackage ./nix/node-modules.nix {
67-
hash = nodeModulesHash;
85+
hash = nodeModulesHashFor system;
86+
bunCpu = bunPlatform.cpu;
87+
bunOs = bunPlatform.os;
6888
};
6989
mkOpencode = pkgs.callPackage ./nix/opencode.nix { };
7090
mkDesktop = pkgs.callPackage ./nix/desktop.nix { };

nix/hashes.json

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
11
{
2-
"nodeModules": "sha256-FbV9MDkPXCSPO0TL3uYvkMmfVTDH9Lyr2r1ZolYdWW0="
2+
"nodeModules": {
3+
"x86_64-linux": "sha256-8nur5CuUCSV/SzD16hNXVoIlKsiPBXDzCnoITK0IhC4=",
4+
"aarch64-darwin": "sha256-vD1g9dviI2nMBTTPwI87sK01hSZ+cdnmb1V72AdJYq4="
5+
}
36
}

nix/node-modules.nix

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
bun,
66
cacert,
77
curl,
8+
bunCpu,
9+
bunOs,
810
}:
911
args:
1012
stdenvNoCC.mkDerivation {
@@ -29,8 +31,8 @@ stdenvNoCC.mkDerivation {
2931
export HOME=$(mktemp -d)
3032
export BUN_INSTALL_CACHE_DIR=$(mktemp -d)
3133
bun install \
32-
--cpu="*" \
33-
--os="*" \
34+
--cpu="${bunCpu}" \
35+
--os="${bunOs}" \
3436
--frozen-lockfile \
3537
--ignore-scripts \
3638
--no-progress \

nix/scripts/update-hashes.sh

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,16 @@ trap cleanup EXIT
3333

3434
write_node_modules_hash() {
3535
local value="$1"
36+
local system="${2:-$SYSTEM}"
3637
local temp
3738
temp=$(mktemp)
38-
jq --arg value "$value" '.nodeModules = $value' "$HASH_FILE" >"$temp"
39+
40+
if jq -e '.nodeModules | type == "object"' "$HASH_FILE" >/dev/null 2>&1; then
41+
jq --arg system "$system" --arg value "$value" '.nodeModules[$system] = $value' "$HASH_FILE" >"$temp"
42+
else
43+
jq --arg system "$system" --arg value "$value" '.nodeModules = {($system): $value}' "$HASH_FILE" >"$temp"
44+
fi
45+
3946
mv "$temp" "$HASH_FILE"
4047
}
4148

0 commit comments

Comments
 (0)