sethvargo
commented
5 months ago Hi @cameronraysmith - thanks. Do you need anything from me?
Closed cameronraysmith closed 5 months ago
sethvargo
commented
5 months ago Hi @cameronraysmith - thanks. Do you need anything from me?
cameronraysmith
commented
5 months ago Thanks for asking @sethvargo. I do not think so. The issue with the original PR to add ratchet to nixpkgs at 0.7.0 was to confirm that the following
"TestResolve"
"TestLatestVersion"are the only tests that issue network requests, which isn't possible to do from the nix sandbox. If you could verify here that this is indeed correct, that could help to move along the process of deciding what subset of the ratchet test suite, if any, to run in the checkPhase of the derivation that will build ratchet with nix.
You could leave a comment-based review at either or both of those PRs if you'd like to, but I don't think it's necessary. Many thanks again.
sethvargo
commented
5 months ago Nothing in the parser package should talk to the internet. The only package with egress is resolver, and it should be restricted to specific IPs. For example, you could set ACTIONS_BASE_URL and ACTIONS_UPLOAD_URL to a localhost address in tests. Container registries are more difficult to override for testing.
But yes, only TestLatestVersion and TestResolve should talk to the Internet.
cameronraysmith
commented
5 months ago
In case others are interested in being able to install ratchet via nix, it has been submitted twice in
Feel free to close this issue; however, I will otherwise plan to close it when one of those or another similar PR is merged into nixpkgs.