Add resolve_nix_bin to reliably locate the nix binary in non-login shells.
Create and enforce global nix symlinks for CI environments (/usr/local/bin, best-effort /usr/bin and /bin).
Apply symlink enforcement on fast path, after PATH adjustments, and post-install when running as root.
Improve warnings when nix is installed but not on PATH.
https://chatgpt.com/share/693c6013-af2c-800f-a1bc-baed0d29fab7
Move CA bundle detection from the Docker entrypoint to CentOS dependencies and persist it system-wide.
This ensures Nix, Git, curl, and Python HTTPS access works in virgin environments by configuring `/etc/profile.d` and `/etc/nix/nix.conf`.
Removes runtime-only CA exports from the container entrypoint and makes the setup reproducible and distro-correct.
https://chatgpt.com/share/693c5ddf-3260-800f-ac94-38c635dba307
- Replaced all `X | None` type hints with `Optional[X]`
- Adjusted typing imports across modules
- Fixed import order and removed invalid future-import placements
- Ensured code runs correctly on Python 3.9
https://chatgpt.com/share/693c58e1-ce70-800f-9088-5864571e024a
Refactored the E2E update-all test to execute real CLI commands instead of invoking *main.py*.
The test is now split into two independent cases: one running *pkgmgr update* directly and one running the same command via *nix run .#pkgmgr*.
This improves realism, diagnostics, and parity with actual user workflows inside the container.
https://chatgpt.com/share/693c52cb-cc10-800f-994b-5b2940dcf948
Ensure /home/nix and .nix-profile are accessible for non-root users,
create /usr/local/bin/nix symlink with fail-fast behavior, and replace
silent permission fixes with explicit checks, clear error messages,
and deterministic exit codes.
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
Refactor Dockerfile into multi-stage virgin/full targets and introduce a single
flag-based image build script. Standardize image naming, remove redundant build
scripts, and update Makefile targets accordingly. CI workflows now build missing
virgin images and run root and user tests consistently across all supported
distributions.
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
* Switch virgin root/user workflows to use *make install* + *make setup/setup-venv*
* Add Git *safe.directory /src* to avoid flake evaluation failures on mounted repos
* Enable Nix flake run in workflows and prepare */nix* for non-root execution
* Refactor Arch packaging to build in an isolated */tmp* directory via *aur_builder*
* Rename installer scripts (*run-** → *dependencies.sh* / *package.sh*) and adjust Docker entry + env var to *REINSTALL_PKGMGR*
https://chatgpt.com/share/693c29d9-9b28-800f-a549-5661c783d968
Why:
The Dockerfile previously validated `nix --version` during image build,
which is environment-sensitive and behaves differently in GitHub Actions
vs local/act builds due to PATH and non-login shell differences.
The actual contract is runtime availability of Nix, not build-step PATH
resolution. This is now reliably enforced by the dedicated `test-env-nix`
container test, which validates nix presence and flake execution in the
real execution environment.
This removes flaky CI behavior while keeping stronger, more accurate
coverage of the intended guarantee.
https://chatgpt.com/share/693bfbc7-63d8-800f-9ceb-728c7a58e963
Refactor CI to clearly separate virtualenv-based container tests from pure Nix flake tests across all distros (arch, debian, ubuntu, fedora, centos).
Introduce dedicated test-env-nix workflow and Makefile targets, rename former container tests to test-env-virtual, and update stable pipeline dependencies.
Improve Nix reliability in containers by fixing installer permissions and explicitly validating nix availability and version during image build and tests.
* Treat remote tags as the source of truth by force-fetching tags from *origin*
* Update preview output to reflect the real fetch behavior
* Align unit tests with the new forced tag fetch command
https://chatgpt.com/share/693bdfc3-b8b4-800f-8adc-b1dc63c56a89
* Add debug output for latest vs current version tag in release git ops
* Treat “no version tags yet” as highest by definition
* Align unit tests with current *string-based* `tag >= latest` behavior
* Make tag listing mocks less brittle by matching command patterns
* Rename release init test to `test_init.py` for consistent discovery
Refactor the release implementation into a dedicated workflow module with clear separation of concerns. Enforce a safe, deterministic Git flow by always syncing with the remote before modifications, pushing only the current branch and the newly created version tag, and updating the floating *latest* tag only when the released version is the highest. Add explicit user prompts for confirmation and optional branch deletion, with a forced mode to skip interaction. Update CLI wiring to pass all relevant flags, add comprehensive unit tests for the new helpers and workflow entry points, and introduce detailed documentation describing the release process, safety rules, and execution flow.
The old test tests/unit/pkgmgr/actions/test_branch.py has been removed because:
- it targeted the previous monolithic pkgmgr.actions.branch module structure
- its patch targets no longer match the refactored code
- its responsibilities are now fully covered by the new, dedicated unit,
integration, and E2E tests for branch actions and CLI wiring
This avoids redundant coverage and prevents misleading or broken tests
after the branch refactor.
https://chatgpt.com/share/693bcc8d-b84c-800f-8510-8d6c66faf627
Expanded and modernized the README to reflect PKGMGR's purpose as a
multi-distro development and packaging orchestrator. Added explanations for
Nix-based cross-distro workflows, clarified installation steps, documented the
full CLI capabilities, and embedded the architecture diagram.
Also replaced the verbose CLI DESCRIPTION_TEXT with a concise summary suitable
for `--help` output.
Included updated `assets/map.png`.
https://chatgpt.com/share/693b1d71-ca08-800f-a000-f3be49f7efb5
Updated the `mark-stable` workflow so that the `stable` tag is only moved when:
* the current push is a version tag (`v*`)
* all tests have passed
* the pushed version tag is the highest semantic version among all existing tags
This ensures that `stable` always reflects the latest valid release and prevents older version tags from overwriting it.
https://chatgpt.com/share/693b163b-0c34-800f-adcb-12cf4744dbe2
Refactored the Nix initialization script to reduce duplicated code and
centralize the installation workflow. The core functionality remains
unchanged, but all installer calls now use a unified function with retry
support to ensure resilient downloads in CI and container environments.
Key improvements:
- Added download retry logic (5 minutes total, 20-second intervals)
- Consolidated installer invocation into `install_nix_with_retry`
- Reduced code duplication across container/host install paths
- Preserved existing installation behavior for all environments
- Maintained `nixbld` group and build-user handling
- Improved consistency and readability without altering semantics
This prevents intermittent failures such as:
“curl: (6) Could not resolve host: nixos.org”
and ensures stable, deterministic Nix setup in CI pipelines.
https://chatgpt.com/share/693b13ce-fdcc-800f-a7bc-81c67478edff
Implemented a robust retry mechanism for cloning the yay AUR helper during Arch dependency installation.
The new logic retries the git clone operation for up to 5 minutes with a 20-second pause between attempts, allowing the build to proceed even when GitHub intermittently returns HTTP 504 errors.
This improves the stability of Arch container builds, especially under network pressure or transient upstream outages.
The yay build process now only starts once the clone step completes successfully.
https://chatgpt.com/share/693b102b-fdb0-800f-9f2e-d4840f14d329
Implement `ensure_nix_build_group()` and use it in all code paths where Nix is installed as root.
This resolves Nix installation failures on Ubuntu containers (root, no systemd) where the installer aborts with:
```
error: the group 'nixbld' specified in 'build-users-group' does not exist
```
The fix standardizes creation of the `nixbld` group and `nixbld1..10` build users across:
* container root mode
* systemd host daemon installs
* root-on-host without systemd (Debian/Ubuntu CI case)
This makes Nix initialization deterministic across all test distros and fixes failing Ubuntu E2E runs.
https://chatgpt.com/share/693b0e1a-e5d4-800f-8a89-7d91108b0368
This commit removes the `run_command`-based execution model for Nix flake
installations and replaces it with a direct `os.system` invocation.
This ensures that *all* Nix diagnostics (stdout/stderr) are fully visible and
no longer suppressed by wrapper logic.
Key changes:
* Directly run `nix profile install` via `os.system` for full error output
* Correctly decode real exit codes via `os.WIFEXITED` / `os.WEXITSTATUS`
* Preserve mandatory/optional behavior for flake outputs
* Update unit tests to the new execution model using `unittest`
* Add complete coverage for:
* successful installs
* mandatory failures → raise SystemExit(code)
* optional failures → warn and continue
* environment-based disabling via `PKGMGR_DISABLE_NIX_FLAKE_INSTALLER`
* Remove obsolete mocks and legacy test logic that assumed `run_command`
Overall, this improves transparency, debuggability, and correctness of the
Nix flake installer while maintaining full backward compatibility at the
interface level.
https://chatgpt.com/share/693b0a20-99f4-800f-b789-b00a50413612
- Extend PATH probing to include /home/nix/.nix-profile/bin/nix (container mode).
- Automatically invoke init-nix.sh when nix is not found before first run.
- Ensure pkgmgr always attempts a one-time Nix initialization instead of failing prematurely.
- Improve error message to clarify that nix was still missing *after* initialization attempt.
- Keep existing flake-based execution path unchanged (exec nix run …).
This makes the wrapper fully reliable across Debian/Ubuntu package installs,
fresh containers, and minimal systems where Nix is not yet initialized.
https://chatgpt.com/share/693b005d-b250-800f-8830-ab71685f51b3
- Added `git rev-parse HEAD` to test-container workflow to confirm the exact
commit SHA used during CI runs.
- Updated Dockerfile to print BASE_IMAGE and OS release information during
build for better reproducibility diagnostics.
- Extended test-container script to dump the first 40 lines of
`docker image inspect` output, allowing verification of the image ID,
creation time, and applied build args.
These additions help trace discrepancies between local builds and GitHub
Actions, ensuring we can detect mismatches in commit SHA, base image,
or container metadata.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
This ensures that GitHub Actions never reuses outdated Docker layers and that
each test run starts from a fully clean environment. The workflows for
test-container and test-e2e now explicitly invoke:
distro="${{ matrix.distro }}" make build-no-cache
before executing the actual tests.
This aligns the CI behaviour with local testing, eliminates hidden caching
differences, and guarantees deterministic test results across all distros.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
- Implement new mirror actions:
- list_mirrors: show mirrors from config, MIRRORS file, or merged view
- diff_mirrors: compare config mirrors with MIRRORS file (ONLY IN CONFIG,
ONLY IN FILE, URL MISMATCH, OK)
- merge_mirrors: merge mirrors between config and MIRRORS file in both
directions, with preview mode and user config writing via save_user_config
- setup_mirrors: prepare local Git remotes (ensure origin) and print
provider-URL suggestions for remote repositories
- Introduce mirror utilities:
- RepoMirrorContext with resolved_mirrors (config + file, file wins)
- load_config_mirrors supporting dict and list-of-dicts shapes
- read/write MIRRORS file with simple "name url" format and preview mode
- helper for building default SSH URLs from provider/account/repository
- Wire mirror commands into CLI:
- Add handle_mirror_command and integrate "mirror" into dispatch
- Add dedicated CLI parser modules under pkgmgr.cli.parser:
* common, install_update, config_cmd, navigation_cmd,
branch_cmd, release_cmd, version_cmd, changelog_cmd,
list_cmd, make_cmd, mirror_cmd
- Replace old flat cli/parser.py with modular parser package and
SortedSubParsersAction in common.py
- Update TODO.md to mark MIRROR as implemented
- Add E2E tests for mirror commands:
- test_mirror_help
- test_mirror_list_preview_all
- test_mirror_diff_preview_all
- test_mirror_merge_config_to_file_preview_all
- test_mirror_setup_preview_all
https://chatgpt.com/share/693adee0-aa3c-800f-b72a-98473fdaf760
