hercules-ci-agent-0.10.1 - 2024-02-12

Changed

• More work is performed concurrently during evaluation, including binary cache lookups and (more) build dispatch. This results in a speedup.

• Dependencies of build dependencies are not scheduled eagerly anymore.
  This reduces the scope of all jobs that are evaluated by agents since this release, resulting in a speedup.
  This resolves a noticable slowdown when first evaluating significant Nixpkgs updates when its staging branch is merged.

  Strictly speaking, a job success no longer guarantees that absolutely everything (all the way up to the bootstrap binaries) is realisable on your agents.
  This property is generally not your responsibility, and enforcing it had the effect of excluding less reproducible platforms such as darwin.
  Instead, a weaker property is provided: your derivations are realisable, as well as the immediate build dependencies. "Your derivations" is defined as those whose outputs are not already cached.

  CI setups based on the Nix command line interface (almost all CIs) also behave this way.

• The recommended configuration format is now JSON, preferably generated using a configuration manager such as NixOS or nix-darwin.
  TOML is still supported, but does not support null in labels, and due to library limitations, it requires that intermediate tables be specified. See the config file documentation.

• services.hercules-ci-agent is now an alias for services.hercules-ci-agents."", which still provides the same behavior as the old module.

• Hardening flags have been applied to the NixOS module.

• The effect sandbox now use the crun container runtime instead of runc.

• Attribute sets containing a _type attribute are not scanned for derivations in herculesCI.<...>.outputs. This prevents accidental scanning of large or failing attribute trees, such as NixOS configurations. nixosConfigurations in Flakes are still built as usual, as they are not (verbatim) in the herculesCI.<...>.outputs attributes.

Added

• Effect mounts. Specify effectMountables in the agent configuration, deploy, and mount them into an effect. This can be used for instance to expose the host's /etc/hosts, or hardware devices such as GPUs. Access is controlled by the agent configuration.

• New configuration option remotePlatformsWithSameFeatures, allowing a remote build to be used before more elaborate remote builder support is implemented.
  The recommended method for running a cluster is still to install hercules-ci-agent on each machine, as that is more efficient and accurate.

• Agent labels can now be null, when using the JSON configuration format.

Fixed

• Low level crash details are now reported in the log as expected.

• An interaction between the Nix GC and threads has been fixed, solving such a crash.