ratchet
ratchet copied to clipboard
sethvargo
ratchet has been submitted for inclusion in nixpkgs but has not been merged
- [X] I have reviewed the Known Issues and confirm this is not a known issue.
In case others are interested in being able to install ratchet via nix, it has been submitted twice in
- https://github.com/NixOS/nixpkgs/pull/282464
- https://github.com/NixOS/nixpkgs/pull/311799
Feel free to close this issue; however, I will otherwise plan to close it when one of those or another similar PR is merged into nixpkgs.
Thanks for asking @sethvargo. I do not think so. The issue with the original PR to add ratchet to nixpkgs at 0.7.0 was to confirm that the following
"TestResolve"
"TestLatestVersion"
are the only tests that issue network requests, which isn't possible to do from the nix sandbox. If you could verify here that this is indeed correct, that could help to move along the process of deciding what subset of the ratchet test suite, if any, to run in the checkPhase of the derivation that will build ratchet with nix.
You could leave a comment-based review at either or both of those PRs if you'd like to, but I don't think it's necessary. Many thanks again.
Nothing in the parser package should talk to the internet. The only package with egress is resolver, and it should be restricted to specific IPs. For example, you could set ACTIONS_BASE_URL and ACTIONS_UPLOAD_URL to a localhost address in tests. Container registries are more difficult to override for testing.
But yes, only TestLatestVersion and TestResolve should talk to the Internet.