Why:
The Dockerfile previously validated `nix --version` during image build,
which is environment-sensitive and behaves differently in GitHub Actions
vs local/act builds due to PATH and non-login shell differences.
The actual contract is runtime availability of Nix, not build-step PATH
resolution. This is now reliably enforced by the dedicated `test-env-nix`
container test, which validates nix presence and flake execution in the
real execution environment.
This removes flaky CI behavior while keeping stronger, more accurate
coverage of the intended guarantee.
https://chatgpt.com/share/693bfbc7-63d8-800f-9ceb-728c7a58e963
Refactor CI to clearly separate virtualenv-based container tests from pure Nix flake tests across all distros (arch, debian, ubuntu, fedora, centos).
Introduce dedicated test-env-nix workflow and Makefile targets, rename former container tests to test-env-virtual, and update stable pipeline dependencies.
Improve Nix reliability in containers by fixing installer permissions and explicitly validating nix availability and version during image build and tests.
* Treat remote tags as the source of truth by force-fetching tags from *origin*
* Update preview output to reflect the real fetch behavior
* Align unit tests with the new forced tag fetch command
https://chatgpt.com/share/693bdfc3-b8b4-800f-8adc-b1dc63c56a89
* Add debug output for latest vs current version tag in release git ops
* Treat “no version tags yet” as highest by definition
* Align unit tests with current *string-based* `tag >= latest` behavior
* Make tag listing mocks less brittle by matching command patterns
* Rename release init test to `test_init.py` for consistent discovery
Refactor the release implementation into a dedicated workflow module with clear separation of concerns. Enforce a safe, deterministic Git flow by always syncing with the remote before modifications, pushing only the current branch and the newly created version tag, and updating the floating *latest* tag only when the released version is the highest. Add explicit user prompts for confirmation and optional branch deletion, with a forced mode to skip interaction. Update CLI wiring to pass all relevant flags, add comprehensive unit tests for the new helpers and workflow entry points, and introduce detailed documentation describing the release process, safety rules, and execution flow.
The old test tests/unit/pkgmgr/actions/test_branch.py has been removed because:
- it targeted the previous monolithic pkgmgr.actions.branch module structure
- its patch targets no longer match the refactored code
- its responsibilities are now fully covered by the new, dedicated unit,
integration, and E2E tests for branch actions and CLI wiring
This avoids redundant coverage and prevents misleading or broken tests
after the branch refactor.
https://chatgpt.com/share/693bcc8d-b84c-800f-8510-8d6c66faf627
Expanded and modernized the README to reflect PKGMGR's purpose as a
multi-distro development and packaging orchestrator. Added explanations for
Nix-based cross-distro workflows, clarified installation steps, documented the
full CLI capabilities, and embedded the architecture diagram.
Also replaced the verbose CLI DESCRIPTION_TEXT with a concise summary suitable
for `--help` output.
Included updated `assets/map.png`.
https://chatgpt.com/share/693b1d71-ca08-800f-a000-f3be49f7efb5
Updated the `mark-stable` workflow so that the `stable` tag is only moved when:
* the current push is a version tag (`v*`)
* all tests have passed
* the pushed version tag is the highest semantic version among all existing tags
This ensures that `stable` always reflects the latest valid release and prevents older version tags from overwriting it.
https://chatgpt.com/share/693b163b-0c34-800f-adcb-12cf4744dbe2
Refactored the Nix initialization script to reduce duplicated code and
centralize the installation workflow. The core functionality remains
unchanged, but all installer calls now use a unified function with retry
support to ensure resilient downloads in CI and container environments.
Key improvements:
- Added download retry logic (5 minutes total, 20-second intervals)
- Consolidated installer invocation into `install_nix_with_retry`
- Reduced code duplication across container/host install paths
- Preserved existing installation behavior for all environments
- Maintained `nixbld` group and build-user handling
- Improved consistency and readability without altering semantics
This prevents intermittent failures such as:
“curl: (6) Could not resolve host: nixos.org”
and ensures stable, deterministic Nix setup in CI pipelines.
https://chatgpt.com/share/693b13ce-fdcc-800f-a7bc-81c67478edff
Implemented a robust retry mechanism for cloning the yay AUR helper during Arch dependency installation.
The new logic retries the git clone operation for up to 5 minutes with a 20-second pause between attempts, allowing the build to proceed even when GitHub intermittently returns HTTP 504 errors.
This improves the stability of Arch container builds, especially under network pressure or transient upstream outages.
The yay build process now only starts once the clone step completes successfully.
https://chatgpt.com/share/693b102b-fdb0-800f-9f2e-d4840f14d329
Implement `ensure_nix_build_group()` and use it in all code paths where Nix is installed as root.
This resolves Nix installation failures on Ubuntu containers (root, no systemd) where the installer aborts with:
```
error: the group 'nixbld' specified in 'build-users-group' does not exist
```
The fix standardizes creation of the `nixbld` group and `nixbld1..10` build users across:
* container root mode
* systemd host daemon installs
* root-on-host without systemd (Debian/Ubuntu CI case)
This makes Nix initialization deterministic across all test distros and fixes failing Ubuntu E2E runs.
https://chatgpt.com/share/693b0e1a-e5d4-800f-8a89-7d91108b0368
This commit removes the `run_command`-based execution model for Nix flake
installations and replaces it with a direct `os.system` invocation.
This ensures that *all* Nix diagnostics (stdout/stderr) are fully visible and
no longer suppressed by wrapper logic.
Key changes:
* Directly run `nix profile install` via `os.system` for full error output
* Correctly decode real exit codes via `os.WIFEXITED` / `os.WEXITSTATUS`
* Preserve mandatory/optional behavior for flake outputs
* Update unit tests to the new execution model using `unittest`
* Add complete coverage for:
* successful installs
* mandatory failures → raise SystemExit(code)
* optional failures → warn and continue
* environment-based disabling via `PKGMGR_DISABLE_NIX_FLAKE_INSTALLER`
* Remove obsolete mocks and legacy test logic that assumed `run_command`
Overall, this improves transparency, debuggability, and correctness of the
Nix flake installer while maintaining full backward compatibility at the
interface level.
https://chatgpt.com/share/693b0a20-99f4-800f-b789-b00a50413612
- Extend PATH probing to include /home/nix/.nix-profile/bin/nix (container mode).
- Automatically invoke init-nix.sh when nix is not found before first run.
- Ensure pkgmgr always attempts a one-time Nix initialization instead of failing prematurely.
- Improve error message to clarify that nix was still missing *after* initialization attempt.
- Keep existing flake-based execution path unchanged (exec nix run …).
This makes the wrapper fully reliable across Debian/Ubuntu package installs,
fresh containers, and minimal systems where Nix is not yet initialized.
https://chatgpt.com/share/693b005d-b250-800f-8830-ab71685f51b3
- Added `git rev-parse HEAD` to test-container workflow to confirm the exact
commit SHA used during CI runs.
- Updated Dockerfile to print BASE_IMAGE and OS release information during
build for better reproducibility diagnostics.
- Extended test-container script to dump the first 40 lines of
`docker image inspect` output, allowing verification of the image ID,
creation time, and applied build args.
These additions help trace discrepancies between local builds and GitHub
Actions, ensuring we can detect mismatches in commit SHA, base image,
or container metadata.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
This ensures that GitHub Actions never reuses outdated Docker layers and that
each test run starts from a fully clean environment. The workflows for
test-container and test-e2e now explicitly invoke:
distro="${{ matrix.distro }}" make build-no-cache
before executing the actual tests.
This aligns the CI behaviour with local testing, eliminates hidden caching
differences, and guarantees deterministic test results across all distros.
https://chatgpt.com/share/693ae07a-8c58-800f-88e6-254cdb00b676
- Implement new mirror actions:
- list_mirrors: show mirrors from config, MIRRORS file, or merged view
- diff_mirrors: compare config mirrors with MIRRORS file (ONLY IN CONFIG,
ONLY IN FILE, URL MISMATCH, OK)
- merge_mirrors: merge mirrors between config and MIRRORS file in both
directions, with preview mode and user config writing via save_user_config
- setup_mirrors: prepare local Git remotes (ensure origin) and print
provider-URL suggestions for remote repositories
- Introduce mirror utilities:
- RepoMirrorContext with resolved_mirrors (config + file, file wins)
- load_config_mirrors supporting dict and list-of-dicts shapes
- read/write MIRRORS file with simple "name url" format and preview mode
- helper for building default SSH URLs from provider/account/repository
- Wire mirror commands into CLI:
- Add handle_mirror_command and integrate "mirror" into dispatch
- Add dedicated CLI parser modules under pkgmgr.cli.parser:
* common, install_update, config_cmd, navigation_cmd,
branch_cmd, release_cmd, version_cmd, changelog_cmd,
list_cmd, make_cmd, mirror_cmd
- Replace old flat cli/parser.py with modular parser package and
SortedSubParsersAction in common.py
- Update TODO.md to mark MIRROR as implemented
- Add E2E tests for mirror commands:
- test_mirror_help
- test_mirror_list_preview_all
- test_mirror_diff_preview_all
- test_mirror_merge_config_to_file_preview_all
- test_mirror_setup_preview_all
https://chatgpt.com/share/693adee0-aa3c-800f-b72a-98473fdaf760
- Introduce a GitHub Actions matrix for `test-container` and `test-e2e`
to run against arch, debian, ubuntu, fedora, and centos
- Run unit and integration tests only in the Arch container by passing
`distro="arch"` via make in the corresponding workflows
- Replace the global DISTROS loop with a single `distro` variable in
the Makefile, defaulting to `arch`, and export it for all scripts
- Update build scripts (build-image, build-image-no-cache, build-image-missing)
to build images for the selected distro only
- Simplify test-container script to validate a single distro image using
the `distro` environment variable
- Simplify E2E, unit, and integration test scripts to run against a
single distro container instead of iterating over all distros
https://chatgpt.com/share/693acbba-9e30-800f-94fb-fea4489e9078
All test scripts (unit, integration, e2e) previously overwrote the Docker
ENTRYPOINT by using `--entrypoint bash`, which bypassed the container’s
startup logic in `docker-entry.sh`.
`docker-entry.sh` performs essential initialization steps such as:
- CA bundle auto-detection (NIX_SSL_CERT_FILE, SSL_CERT_FILE, etc.)
- Nix environment setup
- PATH adjustments and distro logging
By removing the explicit `--entrypoint bash` and invoking:
bash -lc '...'
directly as the container command, the Dockerfile’s ENTRYPOINT is restored
and runs as intended before executing the test logic.
This fixes TLS issues in CentOS E2E runs where Nix was unable to fetch
flake inputs due to missing CA configuration.
https://chatgpt.com/share/693ac1f3-fb7c-800f-9e5c-b40c351a9f04
The Debian Nix package causes flake builds to fail inside the test and
container environment due to sandboxing and patched Nix behavior.
To ensure consistent behaviour across all distributions and align
container logic with production logic, pkgmgr now relies on its own
`init-nix.sh` bootstrap script instead of the distro’s `nix` package.
Dropping `Depends: nix` guarantees that both Debian containers and real
Debian systems install and initialize Nix via the upstream installer,
matching the behaviour on Arch, Fedora, and Ubuntu.
https://chatgpt.com/share/693ab9bf-e6ac-800f-83ba-a4abd1bfe407
- convert all test workflows to reusable workflow_call
- add central CI workflow for branches and PRs
- add mark-stable workflow triggered on main pushes
- ensure stable tag updates only after all tests succeed
- remove duplicated triggers from test workflows
`
https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236
- Update test_nix_build_pkgmgr.py to invoke
nix --option sandbox false build .#pkgmgr -L
to avoid sandbox/permission issues in Debian and Ubuntu containers.
- Keeps the test logic identical across all distros while ensuring
consistent flake build behaviour during E2E runs.
https://chatgpt.com/share/693aa33f-4e3c-800f-86ec-99c38a07eacb
- use correct GitHub API path (/repos/.../actions/runs)
- resolve repository via workflow_run.repository.full_name
- improve logging and safe no-tag exits
- ensure correct token handling and tag update logic
https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236
- use workflow_run.repository.full_name for gh API queries
- expose GITHUB_TOKEN as GH_TOKEN for the GitHub CLI
- improve log messages and keep tag skipped when checks are missing or failing
- add mark-stable workflow that runs on workflow_run for all test pipelines
- use GitHub API to ensure all required workflows succeeded before moving the 'stable' tag
- add Nix flake.lock to pin nixpkgs for reproducible builds
https://chatgpt.com/share/693aa4a6-7460-800f-ba47-cfc15b1b2236
- Introduce tests/e2e/test_nix_build_pkgmgr.py to inspect the Nix environment
and build the pkgmgr flake inside the container started by test-e2e.sh
- Run the same commands in every distro container: nix --version, sandbox
config, id, and nix build .#pkgmgr -L
- Print stdout/stderr and assert the flake build succeeds for easier
cross-distro Nix debugging
https://chatgpt.com/share/693aa33f-4e3c-800f-86ec-99c38a07eacb
- Quote Nix store/cache volumes and distro image name in docker run
- Use strict bash flags (set -euo pipefail) inside test container
- Print distro ID robustly with fallback
- Configure /src as Git safe.directory when git is available
https://chatgpt.com/share/693a9c0e-59ec-800f-83a1-eec31bd76962
- Switch flake package and dev shell to Python 3.11 to match pyproject
- Ensure the python-with-deps environment is preferred on PATH in nix develop
- Introduce a lightweight pkgmgr __init__ with lazy loading of pkgmgr.cli
- Avoid pulling in CLI/config dependencies on plain `import pkgmgr`, fixing
unit test imports and PyYAML availability in the Nix test containers
https://chatgpt.com/share/693a9723-27ac-800f-a6c2-c1bcc91b7dff
- Replace hardcoded python311 references with generic python3 to avoid minor
version pinning and ensure consistent interpreter selection across systems.
- Use python.pkgs instead of python311Packages in the build pipeline.
- Update devShell to use python3.withPackages, including pip and pyyaml.
- Add Python version echo in shellHook for improved debugging.
- Remove cli re-export from src/pkgmgr/__init__.py to eliminate heavy
side-effects during import and prevent premature config loading in tests.
