molecule-ai/hermes-agent
35
0
Fork 0
Code Issues 2 Pull Requests 4 Actions 14 Packages Projects Releases Wiki Activity

fix(ci/nix): export USER before Nix steps so cachix runs in act_runner #2

Open
claude-ceo-assistant wants to merge 1 commits from fix/nix-cachix-user-env into main
pull from: fix/nix-cachix-user-env
merge into: molecule-ai:main
Conversation 0 Commits 1 Files Changed 1 +16
claude-ceo-assistant commented 2026-05-08 01:37:52 +00:00
Owner
Copy Link

Summary

Nix / nix (ubuntu-latest) was the remaining red after PR #1 fixed Tests/setup-uv. Diagnosis:

$USER must be set. If running in a container, try setting USER=root.
Error: The process '/home/runner/.nix-profile/bin/cachix' failed with exit code 1

cachix-action (called from .github/actions/nix-setup/action.yml) shells out to nix-env -iA cachix and cachix use hermes-agent. Both require HOME + USER set on the caller (Nix uses USER to scope per-user profile directories). The act_runner job container propagates HOME=/tmp/... but not USER, so cachix exits 1 on a fresh container.

The cachix step has continue-on-error: true, but act_runner appears to bubble the failure to the job result anyway — possibly an act_runner deviation from github-actions semantics, possibly a step-exit-before-catch race. Either way the proper fix is to make cachix not fail in the first place.

What changed

.github/actions/nix-setup/action.yml — adds a one-time pre-step that exports USER before any Nix invocation:

- name: Ensure USER is set (act_runner / container compat)
  shell: bash
  run: |
    if [ -z "${USER:-}" ]; then
      echo "USER=$(id -un 2>/dev/null || echo root)" >> "$GITHUB_ENV"
    fi

id -un resolves to whatever user the container runs as (root, on our act_runners). Falls back to root if id -un is unavailable. The if guard avoids overriding USER when it IS set (e.g., on a properly-configured GitHub.com runner) so this PR doesn't regress github-hosted CI.

Test plan

  • Re-run Nix / nix (ubuntu-latest) against this branch's HEAD
  • Expect cachix-action to install + cachix use hermes-agent successfully
  • Job result: pass

Tracked separately from PR #1

PR #1 fixes Tests/setup-uv (a different rate-limit-on-api.github.com pattern). Same overall theme — act_runner compat with GitHub-style actions — but distinct concerns. One PR per concern.

Class

CI / runner-environment compatibility. Not a regression of any code change in this repo; the failure mode is post-2026-05-06-org-suspension fallout (act_runner became the canonical runner once GitHub-hosted actions stopped being viable).

Generated with Claude Code.

## Summary `Nix / nix (ubuntu-latest)` was the remaining red after PR #1 fixed Tests/setup-uv. Diagnosis: ``` $USER must be set. If running in a container, try setting USER=root. Error: The process '/home/runner/.nix-profile/bin/cachix' failed with exit code 1 ``` `cachix-action` (called from `.github/actions/nix-setup/action.yml`) shells out to `nix-env -iA cachix` and `cachix use hermes-agent`. Both require `HOME + USER` set on the caller (Nix uses `USER` to scope per-user profile directories). The act_runner job container propagates `HOME=/tmp/...` but not `USER`, so cachix exits 1 on a fresh container. The cachix step has `continue-on-error: true`, but act_runner appears to bubble the failure to the job result anyway — possibly an act_runner deviation from github-actions semantics, possibly a step-exit-before-catch race. Either way the proper fix is to make cachix not fail in the first place. ## What changed `.github/actions/nix-setup/action.yml` — adds a one-time pre-step that exports `USER` before any Nix invocation: ```yaml - name: Ensure USER is set (act_runner / container compat) shell: bash run: | if [ -z "${USER:-}" ]; then echo "USER=$(id -un 2>/dev/null || echo root)" >> "$GITHUB_ENV" fi ``` `id -un` resolves to whatever user the container runs as (root, on our act_runners). Falls back to `root` if `id -un` is unavailable. The `if` guard avoids overriding USER when it IS set (e.g., on a properly-configured GitHub.com runner) so this PR doesn't regress github-hosted CI. ## Test plan - Re-run `Nix / nix (ubuntu-latest)` against this branch's HEAD - Expect cachix-action to install + `cachix use hermes-agent` successfully - Job result: pass ## Tracked separately from PR #1 PR #1 fixes Tests/setup-uv (a different rate-limit-on-api.github.com pattern). Same overall theme — act_runner compat with GitHub-style actions — but distinct concerns. One PR per concern. ## Class CI / runner-environment compatibility. Not a regression of any code change in this repo; the failure mode is post-2026-05-06-org-suspension fallout (act_runner became the canonical runner once GitHub-hosted actions stopped being viable). Generated with Claude Code.
claude-ceo-assistant added 1 commit 2026-05-08 01:37:53 +00:00
fix(ci/nix): export USER before Nix steps so cachix runs in act_runner
Some checks failed
Tests / e2e (pull_request) Successful in 3m42s
Details
Nix / nix (ubuntu-latest) (pull_request) Failing after 7m20s
Details
Tests / test (pull_request) Failing after 14m15s
Details
Nix / nix (macos-latest) (pull_request) Has been cancelled
Details
079383e63b 
Nix workflow on ubuntu-latest fails at the cachix-action step:

  $USER must be set. If running in a container, try setting USER=root.
  Error: The process /home/runner/.nix-profile/bin/cachix failed
  with exit code 1

cachix shells out to nix-env + cachix use, both of which require
HOME + USER set on the caller. On act_runner the job container does
not propagate USER from the host (it propagates HOME from /tmp/...
but not USER), so cachix exits 1 on a fresh container.

Although cachix-action has continue-on-error: true at the step
level, act_runner appears to bubble the failure up to the job
result anyway — possibly because the step exits before
continue-on-error catches it, or an act_runner deviation from
github-actions semantics. Either way the proper fix is to make
cachix not fail in the first place.

Add a pre-step to the composite action that exports USER for every
subsequent step. id -un resolves to root (the runner runs as root)
or whatever non-root user the container is configured for; falling
back to root if id -un is unavailable.

Test plan: re-run Nix / nix (ubuntu-latest) on the next push to
this branch; expect cachix-action to install + use the cache
successfully, and the job to pass overall.

Tracked next to fix/setup-uv-pin-version (PR #1) — separate concern,
separate PR.
Some checks failed
Tests / e2e (pull_request) Successful in 3m42s
Details
Nix / nix (ubuntu-latest) (pull_request) Failing after 7m20s
Details
Tests / test (pull_request) Failing after 14m15s
Details
Nix / nix (macos-latest) (pull_request) Has been cancelled
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions.

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin fix/nix-cachix-user-env:fix/nix-cachix-user-env
git checkout fix/nix-cachix-user-env
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: molecule-ai/hermes-agent#2
No description provided.
Delete Branch "fix/nix-cachix-user-env"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?