Reusing project-pinned nixpkgs in cachix/install-nix-action

I have a GitHub action in which I want to test a project which pins nixpkgs.

Getting Nix installed into the GHA is easily done with cachix/install-nix-action:

- name: Install Nix
  uses: cachix/install-nix-action@v12
  with:
    nix_path: nixpkgs=channel:nixos-unstable

Ideally, I would replace channel:nixos-unstable with the exact version of
nixpkgs which is pinned in the project. Currently the project pins nixpkgs in shell.nix like this

{ <other stuff>
, nixpkgs-commit-id ? "8e78c2cfbae71720869c35b6710d652bf28b37cc"
} :

Rather than hacking together an ad-hoc parser, I thought I’d ask for suggestions on how to specify the pinning within the project in a way that would allow it to be reused easily and robustly in cachix/install-nix-action.

Any suggestions?

In your case:

with: 
  nix_path: nixpkgs=https://github.com/NixOS/nixpkgs-channels/archive/<rev>.tar.gz

more references here Quick and Easy Nixpkgs Pinning - Vaibhav Sagar

Sorry, I wasn’t clear enough about what my problem is: how should I copy that hash out of wherever my project specifies it, into the GHA’s nix_path: nixpks=..., in a robust and DRY way? I don’t want to burden a human with ensuring that it is synced between those two locations!

IOW, what’s the best way of getting a single source of information about the nixpkgs version being used by both the GHA action and shell.nix?

Sounds like a good use case to keep a flakes.lock file. I haven’t used it much so wont be of much help. Specifying the nixpkgs revision in any form to me is sufficient. It’s about being declerative and specific. Btw, sounds like you’re using multiple nixpkgs revision in single project? If so, I’d stop that and just declare it once root-level as per DRY. And also KISS :slight_smile: (override packages individually if that’s needed).

No. I wonder how I gave that impression.

There is one nixpkgs version for the whole project, and I’d simply like the GHA to download and install that version in the first place, rather than some random version being fetched, only for the pinned version to be grabbed immediately afterwards.

yes I misunderstood your question indeed. I use GHA, usually with cachix, I never noticed this behavior, but it could be present, that it first installs random nixpkgs (or the one specified inside the action itself) then the pinned one, being cached it’s usually super fast anyway.

Hmm, I guess you’re right: it’s probably not worth the effort, as it’s a drop in the ocean of the heavy work that gets done afterwards.

I would just avoid setting nix_path in the first place, putting everything I need into shell.nix.

I do put everything that I can in shell.nix, but I don’t see how the GitHub Action itself can be put in shell.nix and the Action fails on darwin if nix_path is not set explicitly for cachix/install-nix-action.