chore(sccache): add debugging for CI permission and cache errors

jfroche · jfroche · commit 33c6f0aa1fd7 · 2026-01-13T15:54:12.000+01:00
diff --git a/.github/actions/nix-install-ephemeral/action.yml b/.github/actions/nix-install-ephemeral/action.yml
@@ -54,3 +54,6 @@ runs:
           ${{ inputs.push-to-cache == 'true' && 'post-build-hook = /etc/nix/upload-to-cache.sh' || '' }}
           ${{ inputs.enable-sccache-sandbox-path == 'true' && 'extra-sandbox-paths = /nix/var/cache/sccache?' || '' }}
           max-jobs = 4
+          auto-allocate-uids = true
+          use-cgroups = true
+          experimental-features = nix-command flakes cgroups auto-allocate-uids
diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml
@@ -57,10 +57,16 @@ jobs:
       - name: Allow sccache cache write access
         if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
-          sudo chgrp nixbld /nix/var/cache/sccache
-          sudo chmod 777 /nix/var/cache/sccache
-          sudo chmod g+s /nix/var/cache/sccache
-          sudo setfacl -d -m u::rwX,g::rwX,o::rwX /nix/var/cache/sccache
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
+          echo "=== sccache debug: outside sandbox ==="
+          echo "Current user: $(id)"
+          echo "Cache dir ownership:"
+          ls -lan /nix/var/cache/sccache | head -10
+          echo "Sample cache files (numeric):"
+          find /nix/var/cache/sccache -type f 2>/dev/null | head -3 | xargs ls -lan 2>/dev/null || echo "No cache files"
+          echo "=== end outside sandbox debug ==="
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -102,10 +108,16 @@ jobs:
       - name: Allow sccache cache write access
         if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
-          sudo chgrp nixbld /nix/var/cache/sccache
-          sudo chmod 777 /nix/var/cache/sccache
-          sudo chmod g+s /nix/var/cache/sccache
-          sudo setfacl -d -m u::rwX,g::rwX,o::rwX /nix/var/cache/sccache
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
+          echo "=== sccache debug: outside sandbox ==="
+          echo "Current user: $(id)"
+          echo "Cache dir ownership:"
+          ls -lan /nix/var/cache/sccache | head -10
+          echo "Sample cache files (numeric):"
+          find /nix/var/cache/sccache -type f 2>/dev/null | head -3 | xargs ls -lan 2>/dev/null || echo "No cache files"
+          echo "=== end outside sandbox debug ==="
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -190,10 +202,16 @@ jobs:
       - name: Allow sccache cache write access
         if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
-          sudo chgrp nixbld /nix/var/cache/sccache
-          sudo chmod 777 /nix/var/cache/sccache
-          sudo chmod g+s /nix/var/cache/sccache
-          sudo setfacl -d -m u::rwX,g::rwX,o::rwX /nix/var/cache/sccache
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
+          echo "=== sccache debug: outside sandbox ==="
+          echo "Current user: $(id)"
+          echo "Cache dir ownership:"
+          ls -lan /nix/var/cache/sccache | head -10
+          echo "Sample cache files (numeric):"
+          find /nix/var/cache/sccache -type f 2>/dev/null | head -3 | xargs ls -lan 2>/dev/null || echo "No cache files"
+          echo "=== end outside sandbox debug ==="
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -232,10 +250,16 @@ jobs:
       - name: Allow sccache cache write access
         if: ${{ matrix.attr != '' && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
-          sudo chgrp nixbld /nix/var/cache/sccache
-          sudo chmod 777 /nix/var/cache/sccache
-          sudo chmod g+s /nix/var/cache/sccache
-          sudo setfacl -d -m u::rwX,g::rwX,o::rwX /nix/var/cache/sccache
+          # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
+          sudo chown -R 872415232 /nix/var/cache/sccache
+          sudo chmod -R 2777 /nix/var/cache/sccache
+          echo "=== sccache debug: outside sandbox ==="
+          echo "Current user: $(id)"
+          echo "Cache dir ownership:"
+          ls -lan /nix/var/cache/sccache | head -10
+          echo "Sample cache files (numeric):"
+          find /nix/var/cache/sccache -type f 2>/dev/null | head -3 | xargs ls -lan 2>/dev/null || echo "No cache files"
+          echo "=== end outside sandbox debug ==="
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
diff --git a/nix/cargo-pgrx/buildPgrxExtension.nix b/nix/cargo-pgrx/buildPgrxExtension.nix
@@ -148,11 +148,31 @@ let
         export RUSTC_WRAPPER="${sccache}/bin/sccache"
         export SCCACHE_DIR="/nix/var/cache/sccache"
         export SCCACHE_CACHE_SIZE="500G"
+        export SCCACHE_LOG=debug
+        export SCCACHE_ERROR_LOG=/tmp/sccache-error.log
+
+        echo "=== sccache debug: build user ==="
+        id
+        echo "=== sccache debug: uid_map (inside outside count) ==="
+        cat /proc/self/uid_map || echo "No uid_map"
+        cat /proc/self/gid_map || echo "No gid_map"
+        echo "=== sccache debug: cache dir from sandbox ==="
+        ls -la /nix/var/cache/sccache | head -10
+        echo "=== sccache debug: sample cache files ==="
+        find /nix/var/cache/sccache -type f 2>/dev/null | head -3 | xargs ls -la 2>/dev/null || echo "No cache files"
+        echo "=== sccache debug: test file creation ==="
+        touch /nix/var/cache/sccache/test-$$
+        ls -la /nix/var/cache/sccache/test-$$
+        rm -f /nix/var/cache/sccache/test-$$
+        echo "=== end sccache debug ==="
       else
         echo "sccache: cache directory not available, skipping"
       fi
 
 
+
+
+
       echo "Executing cargo-pgrx buildPhase"
       ${preBuildAndTest}
       ${maybeEnterBuildAndTestSubdir}
@@ -169,6 +189,10 @@ let
       if [[ -n "''${RUSTC_WRAPPER:-}" ]]; then
         echo "sccache stats:"
         ${sccache}/bin/sccache --show-stats
+        if [[ -f /tmp/sccache-error.log ]]; then
+          echo "sccache error log (last 500 lines):"
+          tail -500 /tmp/sccache-error.log || true
+        fi
       fi
 
       ${maybeLeaveBuildAndTestSubdir}
