From b384181927f847f0e5102745a41acc5b426e4926 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Wed, 24 Dec 2025 11:21:09 +0000
Subject: [PATCH 1/3] fix(nix): Use fallback pattern for nix profile sourcing
 in NIX_DOCKER_FILE_TEMPLATE

The hardcoded path /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
doesn't exist in all Nix installations (e.g., Depot build containers with
single-user Nix installs).

Updated to try multiple possible locations in order:
1. /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh (multi-user daemon)
2. /nix/var/nix/profiles/default/etc/profile.d/nix.sh (determinate systems)
3. /etc/profile.d/nix.sh (system-wide)
4. /root/.nix-profile/etc/profile.d/nix.sh (single-user install)

Co-Authored-By: Samuel Mitchell <sammiphone6@gmail.com>
---
 flytekit/image_spec/default_builder.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/flytekit/image_spec/default_builder.py b/flytekit/image_spec/default_builder.py
index 2d0e513249..f5c13e9888 100644
--- a/flytekit/image_spec/default_builder.py
+++ b/flytekit/image_spec/default_builder.py
@@ -189,11 +189,12 @@
 WORKDIR /build
 
 # Build with cache mount - reuses the same cache across builds
+# Source nix profile from multiple possible locations for compatibility with different nix installations
 RUN --mount=type=bind,source=.,target=/build/ \
     --mount=type=cache,target=/nix,id=nix-determinate \
     --mount=type=cache,target=/root/.cache/nix,id=nix-git-cache \
     --mount=type=cache,target=/var/lib/containers/cache,id=container-cache \
-    . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && \
+    for f in /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/nix.sh /root/.nix-profile/etc/profile.d/nix.sh; do [ -f "$$f" ] && . "$$f" && break; done && \
     nix run .#docker.copyTo -- docker://$IMAGE_NAME --dest-creds "AWS:$ECR_TOKEN" \
     --image-parallel-copies 32 \
     --dest-creds "AWS:$ECR_TOKEN"

From b5cee719075cf941d94c0c3f0313c74e09642adf Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Wed, 24 Dec 2025 11:55:17 +0000
Subject: [PATCH 2/3] fix(nix): Add PATH fallback to guarantee nix availability

The previous fix only tried to source profile scripts, but if none exist
(e.g., with --init none), nix would not be on PATH, causing exit code 127.

This change:
1. Adds explicit PATH export for /nix/var/nix/profiles/default/bin
2. Keeps the profile sourcing loop as a fallback
3. Adds a command -v check to fail early with a clear error if nix is still not found

Co-Authored-By: Samuel Mitchell <sammiphone6@gmail.com>
---
 flytekit/image_spec/default_builder.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/flytekit/image_spec/default_builder.py b/flytekit/image_spec/default_builder.py
index f5c13e9888..549a29beb7 100644
--- a/flytekit/image_spec/default_builder.py
+++ b/flytekit/image_spec/default_builder.py
@@ -190,11 +190,14 @@
 
 # Build with cache mount - reuses the same cache across builds
 # Source nix profile from multiple possible locations for compatibility with different nix installations
+# Also add PATH fallback to guarantee nix is available even if no profile script exists
 RUN --mount=type=bind,source=.,target=/build/ \
     --mount=type=cache,target=/nix,id=nix-determinate \
     --mount=type=cache,target=/root/.cache/nix,id=nix-git-cache \
     --mount=type=cache,target=/var/lib/containers/cache,id=container-cache \
-    for f in /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/nix.sh /root/.nix-profile/etc/profile.d/nix.sh; do [ -f "$$f" ] && . "$$f" && break; done && \
+    export PATH="/nix/var/nix/profiles/default/bin:$$PATH" && \
+    for f in /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/nix.sh /root/.nix-profile/etc/profile.d/nix.sh; do [ -f "$$f" ] && . "$$f" && break; done; \
+    command -v nix >/dev/null 2>&1 || { echo "ERROR: nix command not found after sourcing profiles"; exit 1; } && \
     nix run .#docker.copyTo -- docker://$IMAGE_NAME --dest-creds "AWS:$ECR_TOKEN" \
     --image-parallel-copies 32 \
     --dest-creds "AWS:$ECR_TOKEN"

From 43071e6037ffcfe04875614a022e47b13644d404 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Wed, 24 Dec 2025 12:09:51 +0000
Subject: [PATCH 3/3] fix(nix): Add self-healing nix install and broader PATH
 fallback

The previous fix only added /nix/var/nix/profiles/default/bin to PATH,
but in single-user installs (--init none), nix might be at different locations.

This change:
1. Adds all possible nix bin locations to PATH:
   - /nix/var/nix/profiles/default/bin
   - /root/.nix-profile/bin
   - /nix/var/nix/profiles/per-user/root/profile/bin
2. Makes the build self-healing: if nix is not found (cache eviction),
   reinstall it in the same RUN step
3. Adds diagnostic output on failure to help debug future issues

Co-Authored-By: Samuel Mitchell <sammiphone6@gmail.com>
---
 flytekit/image_spec/default_builder.py | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/flytekit/image_spec/default_builder.py b/flytekit/image_spec/default_builder.py
index 549a29beb7..7329a337cf 100644
--- a/flytekit/image_spec/default_builder.py
+++ b/flytekit/image_spec/default_builder.py
@@ -189,15 +189,20 @@
 WORKDIR /build
 
 # Build with cache mount - reuses the same cache across builds
-# Source nix profile from multiple possible locations for compatibility with different nix installations
-# Also add PATH fallback to guarantee nix is available even if no profile script exists
+# Add all possible nix bin locations to PATH for compatibility with different nix installations
+# If nix is still not found (cache eviction), reinstall it in this step
 RUN --mount=type=bind,source=.,target=/build/ \
     --mount=type=cache,target=/nix,id=nix-determinate \
     --mount=type=cache,target=/root/.cache/nix,id=nix-git-cache \
     --mount=type=cache,target=/var/lib/containers/cache,id=container-cache \
-    export PATH="/nix/var/nix/profiles/default/bin:$$PATH" && \
+    export PATH="/nix/var/nix/profiles/default/bin:/root/.nix-profile/bin:/nix/var/nix/profiles/per-user/root/profile/bin:$$PATH" && \
     for f in /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh /nix/var/nix/profiles/default/etc/profile.d/nix.sh /etc/profile.d/nix.sh /root/.nix-profile/etc/profile.d/nix.sh; do [ -f "$$f" ] && . "$$f" && break; done; \
-    command -v nix >/dev/null 2>&1 || { echo "ERROR: nix command not found after sourcing profiles"; exit 1; } && \
+    if ! command -v nix >/dev/null 2>&1; then \
+        echo "Nix not found in cache, reinstalling..." && \
+        curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux --determinate --extra-conf "sandbox = true" --extra-conf "max-substitution-jobs = 256" --extra-conf "http-connections = 256" --extra-conf "download-buffer-size = 1073741824" --init none --no-confirm && \
+        export PATH="/nix/var/nix/profiles/default/bin:/root/.nix-profile/bin:/nix/var/nix/profiles/per-user/root/profile/bin:$$PATH"; \
+    fi && \
+    command -v nix >/dev/null 2>&1 || { echo "ERROR: nix command not found after install"; ls -la /nix/var/nix/profiles/ /root/.nix-profile/ 2>/dev/null || true; exit 1; } && \
     nix run .#docker.copyTo -- docker://$IMAGE_NAME --dest-creds "AWS:$ECR_TOKEN" \
     --image-parallel-copies 32 \
     --dest-creds "AWS:$ECR_TOKEN"