[remove nixpkgs] add toPath, and edit devbox.lock only on update command

[savil]

Summary

This PR rolls in a few fixes:

1. Add toPath to builtins.fetchClosure
   • lets us remove --impure flag in nix print-dev-env
2. Add ca_store_path to devbox.lock
   • Because this is system-dependent, and is calculated locally, a devbox update will only update the user's system's ca_store_path.
   • This is good for team-mates on the same system, and to avoid the slow nix store make-content-addressed <path> call on each devbox shell/run/shellenv.
3. Only update devbox.lock during devbox update.
   • Previously, it would update system info on devbox shell/run/shellenv.
4. Simplify devbox.lock schema's SystemInfo to have StorePath and CAStorePath. These are used as fromPath and toPath in builtins.fetchClosure.

Miscellaneous changes:

1. I remove actionlint from the devbox.json. It is not core to our workflows, and I am working with very minimal space on devbox cloud VM. This reduces "out of space errors" marginally.

How was it tested?

In examples/development/go/hello-world:
devbox update and devbox shell

The devbox.lock diff is now

❯ git diff
diff --git a/examples/development/go/hello-world/devbox.lock b/examples/development/go/hello-world/
devbox.lock
index 34556d3f..168874db 100644
--- a/examples/development/go/hello-world/devbox.lock
+++ b/examples/development/go/hello-world/devbox.lock
@@ -2,9 +2,18 @@
   "lockfile_version": "1",
   "packages": {
     "[email protected]": {
-      "last_modified": "2023-05-01T16:53:22Z",
-      "resolved": "github:NixOS/nixpkgs/8670e496ffd093b60e74e7fa53526aa5920d09eb#go_1_19",
-      "version": "1.19.8"
+      "last_modified": "2023-05-03T02:55:54Z",
+      "resolved": "github:NixOS/nixpkgs/0d373d5af960504dd60c3d06c65e553b36ef29d8#go_1_19",

+      "version": "1.19.8",
+      "systems": {
+        "aarch64-darwin": {
+          "store_path": "/nix/store/7m99ip3616l3z670y83p34r3plwd4iq1-go-1.19.8"
+        },
+        "x86_64-linux": {
+          "store_path": "/nix/store/r0x0agq0vwn0p6z99vkkvn8l8a8idzsb-go-1.19.8",
+          "ca_store_path": "/nix/store/ns557l24yf1f16f9jvbmxv57qdkkn2mj-go-1.19.8"
+        }
+      }
     }
   }
-}
\ No newline at end of file
+}

[LucilleH]

line 119 to line 128 the logic is a bit hard to follow, since you have if !needsSysInfo, needsLocalStorePath, if needsSysInfo...

Can we flatten this a bit? Something like:

        var userSysInfo
        var localStorePath
	if featureflag.RemoveNixpkgs.Enabled() {
		userSysInfo = d.lockfile.Packages[pkg.Raw].Systems[userSystem]
		if userSysInfo != nil {
			localStorePath = userSysInfo.LocalStorePath
		}
	}

         if userSysInfo == nil { ... }
         if localStorePath == "" { ... }

[gcurtis]

I'm finding some of the new terms a bit confusing. Could we make them match what Nix calls them?

• BinaryStorePath - this can just be StorePath. There isn't any difference between a path in a remote binary cache and a local store.
• LocalStorePath - it looks like this is just the content-addressed version of the store path. Could we call it CAStorePath (or ContentAddressedStorePath if CA sounds like certificate)?
• BinaryStore → BinaryCache

[gcurtis]

Does nix store make-content-addressed --json work?

[savil]

oh yeah, good call. Will try that...

[gcurtis]

Does Nix automatically download these if they're not in the store yet?

[savil]

yep

[gcurtis]

👍🏻

[savil]

I'm finding some of the new terms a bit confusing. Could we make them match what Nix calls them?

• BinaryStorePath - this can just be StorePath. There isn't any difference between a path in a remote binary cache and a local store.
• LocalStorePath - it looks like this is just the content-addressed version of the store path. Could we call it CAStorePath (or ContentAddressedStorePath if CA sounds like certificate)?
• BinaryStore → BinaryCache

Sounds good to me. Don't feel strongly about the current names (except I didn't want it to be "fromPath" and "toPath", since those don't make sense outside the context of fetchClosure)

[savil]

All CICD has passed. Going to make a small "rename" I missed out and then land...

[savil]

oops, forgot to rename the key to ca_store_path

[mikeland73]

Wait, could this override an existing (different) system that already has a CA path?

[savil]

You are right! Much obliged 🙏🏾

sending fix: #1259

[mikeland73]

Most of the logic in this block could be encapsulated in lock file. Maybe:

if existing.CanBeUpdated(newEntry) {
  d.lockfile.Update(existing, newEntry)
}

or something like that. It could deal with version changes and also missing system stuff.

That way we could make Package.Systems semi-private. (It still needs to be exported because it is part of the JSON)

[mikeland73]

Also, is this logic block missing profile install/uninstall? e.g. if a package previously required nixpkgs and we replace it with one that does not require it, do we want to update the profile?

[savil]

yes, I agree this could likely be moved into the lock package. In general, I think quite a bit of the update code (beyond this block) could be better encapsulated. I may not have time to get to it though...

[savil]

Also, is this logic block missing profile install/uninstall? e.g. if a package previously required nixpkgs and we replace it with one that does not require it, do we want to update the profile?

🤔 yeah, this one I am unsure about. In theory, the package's binary should be the exact same.

Its also why I think it was okay and/or put a question mark after using InputAddressedPath in the Package.Installable here.

@gcurtis would you have an opinion?