We ran into this issue wherein GitHub's `actions/checkout` would fail
because `git-config` would fail to include additional configuration.
The symptom was:
```
Error: fatal: could not read Username for 'https://github.com': terminal prompts disabled
```
And is caused by `git config --local includeIf.gitdir:/var/lib/github-runners/_work/…`.
Wherein `git` apparently resolves (canonicalizes) the current repository
path which then does not match the argument for `includeIf.gitdir` which
then means the configuration that `actions/checkout` is trying to apply
does not get pulled in, which then prevents git from authenticating with
GitHub and fails the build.
Ngl, gemini 3 found that out for me.
We could prefix `/private` everywhere, but changing the user's home
directory is going to [be tricky], not sure what do to about that.
[be tricky]: 7e22bf538a/modules/users/default.nix (L208)
The conditional override was intended to be backwards-compatible with older runner packages without the `nodeRuntimes` argument.
However, `override` doesn't yield default arguments, so the override was never applied.
This commit removes the conditional entirely since `nodeRuntimes` was added back in 24.05.
This backs out commit 3b738c765d.
Setting a `umask` made the parent directory have too conservative of
permissions making it so `_github-runner` couldn't access the child
directories.
Shellcheck complains:
> args=(
> ^-- SC2054 (warning): Use spaces, not commas, to separate array elements.
Quote the --labels argument to resolve.
Signed-off-by: Sirio Balmelli <sirio@b-ad.ch>
As `/run` gets recreated every reboot and we can't specify dependencies
for launchd, creating the `workDir` every reboot will require extra
complexity with a separate daemon that runs as `root` otherwise it won't
have sufficient privileges.
As we clean the `workDir` when the service first starts anyway, it ends
up being the same.
While #859 added basic support for configuring GitHub runners through
nix-darwin, it did not yet support all of the options the NixOS module
offers.
I am aware that this is a rather big overhaul. I think, however, that
it's worth it:
- Copies the `options.nix` from the [NixOS module] with only minor
adaptations. This should help to keep track of any changes to it.
- Respect the `workDir` config option. So far, the implementation didn't
even read the value of the option.
- Allow configuring a custom user and group.
If both are `null`, nix-darwin manages the `_github-runner` user
shared among all instances. Take care of creating your own users if
that's not what you want.
- Also creates the necessary directories for state, logs and the working
directory (unless `workDir != null`). It uses the following locations:
* state: `/var/lib/github-runners/${name}`
* logs: `/var/log/github-runners/${name}`
* work: The value of `workDir` or `/var/run/github-runners/${name}`
if (`workDir == null`).
We have to create the logs directory before starting the service since
launchd expects that the `Standard{Error,Out}Path` exist. We do this
by prepending to [`system.activationScripts.launchd.text`].
All directories belong to the configured `user` and `group`.
- Warn if a `tokenFile` points to the Nix store.
[NixOS module]: 3c30c56/nixos/modules/services/continuous-integration/github-runner/options.nix
[`system.activationScripts.launchd.text`]: bbde06b/modules/system/launchd.nix (L99-L123)
