fix(sccache): disable on darwin due to sandbox temp directory restrictions

Author: yvan-sraka

.github/workflows/nix-build.yml

@@ -59,8 +59,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -104,8 +104,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -126,9 +126,41 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Setup tmate session
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: mxschmitt/action-tmate@v3
+        with:
+          limit-access-to-actor: true
+          detached: true
+      - name: Configure sccache for Nix builds
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        run: |
+          # Ensure sccache directory exists
+          mkdir -p /nix/var/cache/sccache          
+          # Start sccache server outside sandbox to handle all builds
+          if command -v sccache &> /dev/null; then
+            export SCCACHE_DIR=/nix/var/cache/sccache
+            export SCCACHE_CACHE_SIZE=50G
+            export SCCACHE_LOG=debug
+            sccache --start-server || true
+            echo "Started sccache server"
+            sccache --show-stats
+          fi
+          # Update Nix configuration to allow access to sccache directory in sandbox
+          if [ -w /etc/nix/nix.conf ]; then
+            tee -a /etc/nix/nix.conf > /dev/null <<EOF
+          extra-sandbox-paths = /nix/var/cache/sccache
+          EOF
+          fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -149,9 +181,41 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Setup tmate session
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: mxschmitt/action-tmate@v3
+        with:
+          limit-access-to-actor: true
+          detached: true
+      - name: Configure sccache for Nix builds
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        run: |
+          # Ensure sccache directory exists
+          mkdir -p /nix/var/cache/sccache          
+          # Start sccache server outside sandbox to handle all builds
+          if command -v sccache &> /dev/null; then
+            export SCCACHE_DIR=/nix/var/cache/sccache
+            export SCCACHE_CACHE_SIZE=50G
+            export SCCACHE_LOG=debug
+            sccache --start-server || true
+            echo "Started sccache server"
+            sccache --show-stats
+          fi
+          # Update Nix configuration to allow access to sccache directory in sandbox
+          if [ -w /etc/nix/nix.conf ]; then
+            tee -a /etc/nix/nix.conf > /dev/null <<EOF
+          extra-sandbox-paths = /nix/var/cache/sccache
+          EOF
+          fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -192,8 +256,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -234,8 +298,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash

flake.lock

@@ -165,14 +165,23 @@ let
     buildPhase = ''
       runHook preBuild
 
-
-      if [[ -d "/nix/var/cache/sccache" && -w "/nix/var/cache/sccache" ]]; then
-        echo "sccache: cache directory available, enabling"
-        export RUSTC_WRAPPER="${sccache}/bin/sccache"
-        export SCCACHE_DIR="/nix/var/cache/sccache"
-        export SCCACHE_CACHE_SIZE="50G"
+      echo "Platform: ${stdenv.system}"
+      echo "isDarwin: ${lib.boolToString stdenv.isDarwin}"
+
+      # sccache doesn't work in Nix Darwin sandbox due to temporary directory restrictions
+      if [[ "${lib.boolToString stdenv.isDarwin}" != "true" && -d "/nix/var/cache/sccache" && -w "/nix/var/cache/sccache" ]]; then
+        # Test if sccache can actually write to the directory (sandbox check)
+        if touch "/nix/var/cache/sccache/.test" 2>/dev/null && rm -f "/nix/var/cache/sccache/.test" 2>/dev/null; then
+          echo "sccache: cache directory available and writable in sandbox, enabling"
+          export RUSTC_WRAPPER="${sccache}/bin/sccache"
+          export SCCACHE_DIR="/nix/var/cache/sccache"
+          export SCCACHE_CACHE_SIZE="50G"
+          export SCCACHE_LOG=debug
+        else
+          echo "sccache: cache directory not accessible in sandbox (needs extra-sandbox-paths configuration), skipping"
+        fi
       else
-        echo "sccache: cache directory not available, skipping"
+        echo "sccache: not available or running on Darwin, skipping"
       fi
 
       echo "Executing cargo-pgrx buildPhase"

nix/cargo-pgrx/buildPgrxExtension.nix

@@ -311,7 +311,7 @@ def main() -> None:
 
     args = parser.parse_args()
 
-    max_workers: int = os.cpu_count() or 1
+    max_workers: int = int(os.cpu_count() / 2) or 1
 
     cmd = build_nix_eval_command(max_workers, args.flake_outputs)