macOS self-hosted runner: unable to find `security`

[yannham]

Hello,

I'm trying to move the CI of the Nickel to use our self-hosted runners, which should be faster and keep store paths around, improving caching. We are running build machinse with Nix installed, so we removed the install-nix-action step.

After fixing cachix not being in the path as well, the Linux runner works fine, but the macOS one fails with:

Cachix: checking version
  ##[debug]Setup done
  /nix/store/yfwziwccd0jiqbkp43pkryhli1xnlb8j-cachix-1.7.4-bin/bin/cachix --version
  cachix: security: createProcess: posix_spawnp: does not exist (No such file or directory)

A quick search seems to indicate that this is likely caused by cachix calling to security, but it is nowhere to be found. You can find the draft PR to move to self(-hosted runners here (pretty short): https://github.com/tweag/nickel/pull/2037. The macOS logs are here.

As the build machines' environment should be rather standard (macOS with Nix installed, runners aren't sandboxed to the best of my knowledge), I wonder if there was any known gotchas here that could be responsible for this in the environment of the cachix action?

[domenkozar]

This is due to a underlying Haskell package doing that call, I thought we fixed that in nixpkgs, maybe you need to bump nixpkgs?

[yannham]

Thanks Domen. I don't have the rights to do this directly but will ask the version and to get it bumped if needed, and I'll report back here.

[yannham]

Updating to latest nixpkgs fixed the Cachix issue. Sorry for the noise