search

cachix / install-nix-action

Installs Nix on GitHub Actions for the supported platforms: Linux and macOS.
Apache License 2.0
498 stars 78 forks source link

OpenSSL "unregistered scheme" in GitHub workflow (from `git clone`) #187

Open akaihola opened 11 months ago

akaihola commented 11 months ago

In this Linux build for the Graylint repository, as well as in the corresponding macOS build, when pip tries to use git clone to get a source tree, I get this error:

Collecting darkgraylib@ git+https://github.com/akaihola/darkgraylib.git@main (from graylint==0.0.1)
  Cloning https://github.com/akaihola/darkgraylib.git (to revision main) to /run/user/1001/pip-install-dnkydxr_/darkgraylib_bbfcb20d93f844b6b422297e35bdf0b0
  Running command git clone --filter=blob:none --quiet https://github.com/akaihola/darkgraylib.git /run/user/1001/pip-install-dnkydxr_/darkgraylib_bbfcb20d93f844b6b422297e35bdf0b0
  fatal: unable to access 'https://github.com/akaihola/darkgraylib.git/': OpenSSL/3.0.9: error:16000069:STORE routines::unregistered scheme
  error: subprocess-exited-with-error

  × git clone --filter=blob:none --quiet https://github.com/akaihola/darkgraylib.git /run/user/1001/pip-install-dnkydxr_/darkgraylib_bbfcb20d93f844b6b422297e35bdf0b0 did not run successfully.
  │ exit code: 128
  ╰─> See above for output.

  note: This error originates from a subprocess, and is likely not a problem with pip.
error: subprocess-exited-with-error

Maybe related to

akaihola commented 11 months ago

I managed to work around the problem like so:

    steps:
      - uses: actions/checkout@v3
      - uses: cachix/install-nix-action@v22
        with:
          nix_path: nixpkgs=channel:nixos-unstable
      - name: Download wheel uploaded by the build-wheel job
        uses: actions/download-artifact@v3
      - name: Run tests in nix-shell
        run: |
          nix-shell \
            --pure \
            --run '
              python -m venv venv
              source venv/bin/activate
              cert_file=/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt
              export NIX_SSL_CERT_FILE=$cert_file
              pip install "${{needs.build-wheel.outputs.wheel-path}}[test]"
              pytest
            ' \
            ./default.nix

So NIX_SSL_CERT_FILE needed to be set inside the Nix shell environment.

I wonder if there's a more elegant way to make this work.