feat(darwin): enable sccache for darwin builds with per-user isolation

Enable sccache for darwin builds with persistent cache via stickydisk mounted
per postgres version. Use unique SCCACHE_SERVER_PORT per user ID to isolate
sccache daemons between nixbld users, preventing temp directory permission
errors. Stop existing daemon before builds to clear stale state. Override TMPDIR
to /tmp on darwin for shared temp access. Ensure cache directory has 2777
permissions via darwin activation script. Add writable check before enabling
sccache. Guard ephemeral runner sccache with directory checks.

Author: yvan-sraka

.github/workflows/nix-build.yml

@@ -59,8 +59,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -104,8 +104,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -126,9 +126,23 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Configure sccache cache directory
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        run: |
+          mkdir -p /nix/var/cache/sccache || true
+          # Stop any existing sccache daemon to avoid stale TMPDIR state
+          if command -v sccache &> /dev/null; then
+            sccache --stop-server 2>/dev/null || true
+          fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -149,9 +163,23 @@ jobs:
       - name: Checkout Repo
         if: ${{ matrix.attr != '' }}
         uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
+      - name: Mount sccache disk
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        uses: useblacksmith/stickydisk@v1
+        with:
+          key: ${{ github.repository }}-sccache-${{ runner.os }}-${{ runner.arch }}-${{ matrix.cache_key }}
+          path: /nix/var/cache/sccache
       - name: Install nix
         if: ${{ matrix.attr != '' }}
         uses: ./.github/actions/nix-install-self-hosted
+      - name: Configure sccache cache directory
+        if: ${{ matrix.attr != '' && matrix.postgresql_version }}
+        run: |
+          mkdir -p /nix/var/cache/sccache || true
+          # Stop any existing sccache daemon to avoid stale TMPDIR state
+          if command -v sccache &> /dev/null; then
+            sccache --stop-server 2>/dev/null || true
+          fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -192,8 +220,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash
@@ -234,8 +262,8 @@ jobs:
         if: ${{ matrix.attr != '' && matrix.postgresql_version && matrix.runs_on.group != 'self-hosted-runners-nix' }}
         run: |
           # With auto-allocate-uids, UID 872415232 (0x34000000) maps to nixbld inside sandbox
-          sudo chown -R 872415232 /nix/var/cache/sccache
-          sudo chmod -R 2777 /nix/var/cache/sccache
+          if [ -d /nix/var/cache/sccache ]; then sudo chown -R 872415232 /nix/var/cache/sccache; fi
+          if [ -d /nix/var/cache/sccache ]; then sudo chmod -R 2777 /nix/var/cache/sccache; fi
       - name: nix build
         if: ${{ matrix.attr != '' }}
         shell: bash

flake.lock

@@ -20,7 +20,7 @@
     nix-editor.url = "github:snowfallorg/nix-editor";
     nix-eval-jobs.inputs.flake-parts.follows = "flake-parts";
     nix-eval-jobs.inputs.treefmt-nix.follows = "treefmt-nix";
-    nix-eval-jobs.url = "github:nix-community/nix-eval-jobs";
+    nix-eval-jobs.url = "github:jfroche/nix-eval-jobs/fix-warnings";
     nix2container.inputs.nixpkgs.follows = "nixpkgs";
     nix2container.url = "github:nlewo/nix2container";
     # Pin to a specific nixpkgs version that has compatible v8 and curl versions

flake.nix

@@ -164,12 +164,29 @@ let
 
     buildPhase = ''
       runHook preBuild
-
+      echo "Platform: ${stdenv.system}"
+      echo "isDarwin: ${lib.boolToString stdenv.isDarwin}"
       if [[ -d "/nix/var/cache/sccache" && -w "/nix/var/cache/sccache" ]]; then
-        echo "sccache: cache directory available, enabling"
-        export RUSTC_WRAPPER="${sccache}/bin/sccache"
-        export SCCACHE_DIR="/nix/var/cache/sccache"
-        export SCCACHE_CACHE_SIZE="50G"
+        if touch "/nix/var/cache/sccache/.test" 2>/dev/null && rm -f "/nix/var/cache/sccache/.test" 2>/dev/null; then
+          echo "sccache: cache directory available and writable, enabling"
+          ${lib.optionalString stdenv.isDarwin ''
+            # Darwin: Use shared /tmp for TMPDIR to avoid sccache caching per-build temp paths
+            export TMPDIR=/tmp
+            export TEMP=/tmp
+            export TEMPDIR=/tmp
+            export TMP=/tmp
+          ''}
+          export RUSTC_WRAPPER="${sccache}/bin/sccache"
+          export SCCACHE_DIR="/nix/var/cache/sccache"
+          export SCCACHE_CACHE_SIZE="50G"
+          export SCCACHE_LOG=debug
+          export SCCACHE_IDLE_TIMEOUT=0
+          # Use unique port per user to isolate sccache servers
+          USER_ID=$(id -u)
+          export SCCACHE_SERVER_PORT=$((4226 + USER_ID % 100))
+        else
+          echo "sccache: cache directory not accessible in sandbox, skipping"
+        fi
       else
         echo "sccache: cache directory not available, skipping"
       fi