unversioned binary download, dependency on install.determinate.systems

[PhilippHeuer]

Hi, thanks for creating this project and nix-installer. I managed to use the action successfully but have some concerns:

• the hard dependency on install.determinate.systems (all workflows using this action would break if your server / hoster is unavailable)
• the action is fetching unversioned binaries according to the log -> https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-...
• the action requires sudo, the v10 changelog has a point about not requiring sudo anymore but when using step-security/harden-runner to disable sudo the action fails

My intent was to disable telemetry, only use versioned resources and avoid additional dependencies unless absolutely necessary. There are a few options in the action + install script, so i tried the following:

- uses: DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563 # v10
  env:
    NIX_INSTALLER_BINARY_ROOT: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0"
    NIX_INSTALLER_OVERRIDE_URL: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux"
  with:
    diagnostic-endpoint: "" # opt-out of telemetry
    source-url: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh"

Both NIX_INSTALLER_BINARY_ROOT and NIX_INSTALLER_OVERRIDE_URL didn't have any effect and the file is still downloaded from https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-.... Is there anything else i can try?

CI Logs

Run DeterminateSystems/nix-installer-action@de22e16c4711fca50c816cc9081563429d1cf563
  with:
    source-url: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh
    flakehub: false
    force-docker-shim: false
    github-token: ***
    github-server-url: https://github.com/
    kvm: true
    modify-profile: true
    reinstall: false
    start-daemon: true
    trust-runner-user: true
  env:
    NIX_INSTALLER_BINARY_ROOT: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0
    NIX_INSTALLER_OVERRIDE_URL: "https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux"
...
Installing Nix
  Fetching binary from https://install.determinate.systems/nix/nix-installer-x86_64-linux?ci=github&correlation=GH-...
...

[lucperkins]

@PhilippHeuer Could you try again with a more recent commit? We've recently overhauled the JS behind this Action pretty significantly. I don't have a specific reason to think that that would or wouldn't fix this issue, but the changes have been significant enough that it's worth trying.

[PhilippHeuer]

I gave v11 a try but the action runs into an permission error when overwriting the source-url, so i can't test the new version. I've added the raw logs below.

If i don't overwrite the source-url the action works the same way as before.

2024-05-16T21:20:31.5667144Z ##[group]Run DeterminateSystems/nix-installer-action@8cdf194da984e4f12b2f8c36d1fa107c1dd67f5c
2024-05-16T21:20:31.5667945Z with:
2024-05-16T21:20:31.5668233Z   kvm: false
2024-05-16T21:20:31.5668920Z   source-url: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh
2024-05-16T21:20:31.5669774Z   flakehub: false
2024-05-16T21:20:31.5670082Z   force-docker-shim: false
2024-05-16T21:20:31.5670652Z   github-token: ***
2024-05-16T21:20:31.5671097Z   github-server-url: https://github.com
2024-05-16T21:20:31.5671551Z   modify-profile: true
2024-05-16T21:20:31.5671870Z   reinstall: false
2024-05-16T21:20:31.5672265Z   start-daemon: true
2024-05-16T21:20:31.5672631Z   trust-runner-user: true
2024-05-16T21:20:31.5672960Z env:
2024-05-16T21:20:31.5673622Z   NIX_INSTALLER_BINARY_ROOT: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0
2024-05-16T21:20:31.5674798Z   NIX_INSTALLER_OVERRIDE_URL: https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux
2024-05-16T21:20:31.5675703Z ##[endgroup]
2024-05-16T21:20:31.8093019Z ##[group]Installing Nix
2024-05-16T21:20:31.8094784Z ##[group]Downloading nix-installer for x86_64-linux
2024-05-16T21:20:31.8096485Z Fetching from https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer.sh
2024-05-16T21:20:32.1113245Z Cache Size: ~0 MB (5865 B)
2024-05-16T21:20:32.1152084Z [command]/usr/bin/tar -xf /home/runner/work/_temp/868dd348-7870-4761-82ea-01690ee3764e/cache.tzst -P -C /home/runner/work/_temp/nix-installer-b1acb33e-e069-4809-8c1f-2ea3f4271daf --use-compress-program unzstd
2024-05-16T21:20:32.1287405Z Cache restored successfully
2024-05-16T21:20:32.1296051Z ##[endgroup]
2024-05-16T21:20:32.1317539Z [command]/home/runner/work/_temp/nix-installer-b1acb33e-e069-4809-8c1f-2ea3f4271daf/nix-installer install linux
2024-05-16T21:20:32.1365639Z /bin/sh: 0: cannot open /home/runner/work/_temp/nix-installer-b1acb33e-e069-4809-8c1f-2ea3f4271daf/nix-installer: Permission denied
2024-05-16T21:20:32.1439208Z ##[error]Error: The process '/home/runner/work/_temp/nix-installer-b1acb33e-e069-4809-8c1f-2ea3f4271daf/nix-installer' failed with exit code 2

[lucperkins]

@PhilippHeuer I think the description in action.yml is now outdated. Could you try setting source-url to https://github.com/DeterminateSystems/nix-installer/releases/download/v0.19.0/nix-installer-x86_64-linux? As far as I can tell, that path should be a path to a nix-installer executable, not to a nix-installer.sh file (as suggested by the input's description).