Logs on GitHub and garnix don’t jibe

sellout commented 3 months ago

This GitHub job has very unhelpful logs:

https://cache.nixos.org/hxbk2g1wb06j26jx479ldmqxzd468ww1.narinfo
https://cache.garnix.io/hxbk2g1wb06j26jx479ldmqxzd468ww1.narinfo

but when I click through to the garnix build, it’s very clear what’s happening:

this derivation will be built:
  /nix/store/6nky25d60hj1ffhd2nv2i6fhngjmjha2-validate-default.drv
error: build of '/nix/store/6nky25d60hj1ffhd2nv2i6fhngjmjha2-validate-default.drv' on 'ssh-ng://nix-ssh@garnix4' failed: error: derivation '/nix/store/6nky25d60hj1ffhd2nv2i6fhngjmjha2-validate-default.drv' has '__noChroot' set, but that's not allowed when 'sandbox' is 'true'
error: builder for '/nix/store/6nky25d60hj1ffhd2nv2i6fhngjmjha2-validate-default.drv' failed with exit code 1

commandodev commented 4 weeks ago

Did you find a way round this @sellout? Just got set up and having the same __noChoot issue even though sandbox is set in my flake.nix

jkarni commented 4 weeks ago

@commandodev I don't think there is a way around it; garnix doesn't let you disable the sandbox (we are thinking of adding "actions" that take place entirely outside of a sandbox soon, but they won't be derivations).

sellout commented 4 weeks ago

@commandodev Yeah, what @jkarni said. For me the issue really was just the log content, and with the current garnix site, I use that directly way more than I look at GitHub logs.

My flakes have a ton of automation (thanks to Project Manager), so I generate a garnix.yaml that excludes derivations with __noChroot.[^1] Which also means I don’t run into this particular message on GitHub any more, so I don’t even know if it’s still an issue.

[^1]: Correspondingly, my project configuration generates GitHub & Renovate configs that only allow auto-merging of PRs if the repo doesn’t have any __noChroot derivations (i.e., where I can be sure that garnix is checking everything).

garnix-io / issues

Logs on GitHub and garnix don’t jibe #93