search

namespacelabs / foundation

Open-source Kubernetes application platform that powers Namespace's developer-optimized compute platform.
https://namespace.so/docs
Apache License 2.0
128 stars 9 forks source link

namespacelabs/nscloud-cache-action // [Error: EACCES: permission denied, mkdir '/nix'] { #1217

Open ghuntley opened 11 months ago

ghuntley commented 11 months ago

Intention:

Error:

https://github.com/ghuntley/ghuntley/actions/runs/7289014044/job/19862751390

Found Namespace cross-invocation cache at /cache.
node:internal/process/promises:289
            triggerUncaughtException(err, true /* fromPromise */);
            ^

[Error: EACCES: permission denied, mkdir '/nix'] {
  errno: -13,
  code: 'EACCES',
  syscall: 'mkdir',
  path: '/nix'
}

Config:

https://github.com/ghuntley/ghuntley/blob/598bf1bd5cfe90ba8106ced4103dbc3eba5c6781/.github/workflows/build.yml

name: "Build"
on:
  pull_request:
  push:
    branches:
      - 'trunk'
  workflow_dispatch:

# Cancel in-progress runs for pull requests when developers push
# additional changes
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
  build:
    runs-on: namespace-profile-cached-amd64
    steps:
      - uses: namespacelabs/nscloud-checkout-action@v2
      - uses: namespacelabs/nscloud-cache-action@v1
        with:
          path: |
            /nix
      - uses: cachix/install-nix-action@v24
        with:
          nix_path: nixpkgs=channel:nixos-unstable

      - uses: cachix/cachix-action@v12
        with:
          name: ghuntley
          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

      - uses: JRMurr/direnv-nix-action@v3
        with:
          install-nix: "false"
          cache-store: "true"

      - run: direnv exec . pre-commit run --all-files

      - run: direnv exec . depot build
      - run: direnv exec . depot build //ops/nixos
gmichelo commented 11 months ago

Hey @ghuntley, thanks for reporting this! The team is working on support nix natively in our cache action.

In the meantime, this workaround could get you unblocked: https://github.com/namespace-integration-demos/nix-cache-example/blob/main/.github/workflows/demo.yaml#L38-L42C33.

ghuntley commented 11 months ago

Confirming that bind mount into the cache volume works. Reduced 4mins off basic build of my monorepo :)