Symptom
All Ubuntu jobs in Rainix CI hang at the first nix develop --command … step after the Nix store cache restore, for hours, until they hit the 6h job timeout. macOS jobs in the same matrix complete normally (~10 min).
Examples from the post-merge run of PR #166:
Live UI log shows nix building chromium-unwrapped from source.
Cause
The default devShell on Linux pulls pkgs.chromium via flake.nix:148:
exec ${pkgs.chromium}/bin/chromium "$@"PR #166 bumped nixpkgs to 4ba039de0909446943c07e2b42bd2f0f4507072e. At that nixpkgs revision, cache.nixos.org does not have a prebuilt chromium binary, so Nix builds it from source on the runner — a multi-hour compile that exceeds the 6h job timeout under load.
macOS escapes because the same flake wraps the system Chrome.app on Darwin and never asks Nix to build chromium.
Slim shells (sol-shell, rust-shell) intentionally omit chromium, so consumers that pin to those (e.g. via github:rainlanguage/rainix#sol-shell in their reusable workflow calls) are unaffected. Only the default shell — which the rainix repo's own CI exercises — is impacted.
Short-term fix (this PR)
Drop pkgs.chromium from the Linux default devShell. The chromium binary is currently only used to satisfy the chromium.test.bats smoke test and any downstream consumer that opens a headless browser; nothing in rainix itself actually invokes it. Removing it unblocks CI immediately and is safe to revert once a longer-term fix is in place.
Long-term fix
Pick one:
- Pin nixpkgs to a revision where
cache.nixos.org has a prebuilt chromium binary (verify before bumping by querying the cache for the chromium output path).
- Replace
pkgs.chromium with a prebuilt binary fetch (fetchzip of a stable Chromium tarball, or pkgs.google-chrome if cached).
- Add a project binary cache (cachix or similar) that stores the chromium build, so subsequent jobs pull rather than rebuild.
Option 1 is the smallest delta and is the default until/unless we hit it again.
Symptom
All Ubuntu jobs in Rainix CI hang at the first
nix develop --command …step after the Nix store cache restore, for hours, until they hit the 6h job timeout. macOS jobs in the same matrix complete normally (~10 min).Examples from the post-merge run of PR #166:
cargo build --releaseubuntunix develop ../.. --command forge soldeer installrainix-check-shellubuntunix develop --command cargo release --versionLive UI log shows nix building
chromium-unwrappedfrom source.Cause
The default devShell on Linux pulls
pkgs.chromiumviaflake.nix:148:PR #166 bumped nixpkgs to
4ba039de0909446943c07e2b42bd2f0f4507072e. At that nixpkgs revision,cache.nixos.orgdoes not have a prebuilt chromium binary, so Nix builds it from source on the runner — a multi-hour compile that exceeds the 6h job timeout under load.macOS escapes because the same flake wraps the system Chrome.app on Darwin and never asks Nix to build chromium.
Slim shells (
sol-shell,rust-shell) intentionally omit chromium, so consumers that pin to those (e.g. viagithub:rainlanguage/rainix#sol-shellin their reusable workflow calls) are unaffected. Only the default shell — which the rainix repo's own CI exercises — is impacted.Short-term fix (this PR)
Drop
pkgs.chromiumfrom the Linux default devShell. The chromium binary is currently only used to satisfy thechromium.test.batssmoke test and any downstream consumer that opens a headless browser; nothing in rainix itself actually invokes it. Removing it unblocks CI immediately and is safe to revert once a longer-term fix is in place.Long-term fix
Pick one:
cache.nixos.orghas a prebuilt chromium binary (verify before bumping by querying the cache for the chromium output path).pkgs.chromiumwith a prebuilt binary fetch (fetchzipof a stable Chromium tarball, orpkgs.google-chromeif cached).Option 1 is the smallest delta and is the default until/unless we hit it again.