From 83f962c3c85e0c081025b48b1138dd14ae07f062 Mon Sep 17 00:00:00 2001 From: Ivan FB Date: Tue, 2 Jun 2026 14:04:42 +0200 Subject: [PATCH] ci: use --useSystemNim instead of editing nimble.lock MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Stripping nim from the lock breaks nimble 0.22.3: 41 packages list nim in their dependencies, so removing the nim entry makes resolution fail with "key not found: nim". nimble already has the right knob — --useSystemNim ("Use system nim and ignore nim from the lock") — which skips the locked nim (no download, no checksum) while still verifying every other locked dependency, and uses the nim the CI already installed. This is the proper fix for the Windows checksum mismatch: nim's tree checks out differently per platform, so its locked checksum is unreliable there. Verified locally with nimble 0.22.3 (exit 0, system nim used, lock left untouched). Co-Authored-By: Claude Opus 4.8 --- .github/workflows/ci.yml | 51 +++++++++-------------------- .github/workflows/windows-build.yml | 22 +++++-------- 2 files changed, 23 insertions(+), 50 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 29cd7adf4..922901f27 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -94,18 +94,11 @@ jobs: - name: Install nimble deps if: steps.cache-nimbledeps.outputs.cache-hit != 'true' run: | - # nim and nimble have unstable cross-platform checksums (their source - # trees check out differently per OS), so strip them from the lock - # before setup to avoid spurious mismatches; the toolchain installed - # above provides them, they are not resolved as project deps. - python3 -c " - import json - lock = json.load(open('nimble.lock')) - for key in ['nim', 'nimble']: - lock['packages'].pop(key, None) - json.dump(lock, open('nimble.lock', 'w'), indent=2) - " - nimble setup --localdeps -y + # Use system nim instead of the nim pinned in nimble.lock: nim's + # source tree checksums differently across platforms, so the locked + # checksum is unreliable. --useSystemNim skips the locked nim while + # still verifying every other locked dependency. + nimble setup --localdeps -y --useSystemNim make rebuild-nat-libs-nimbledeps make rebuild-bearssl-nimbledeps touch nimbledeps/.nimble-setup @@ -158,18 +151,11 @@ jobs: - name: Install nimble deps if: steps.cache-nimbledeps.outputs.cache-hit != 'true' run: | - # nim and nimble have unstable cross-platform checksums (their source - # trees check out differently per OS), so strip them from the lock - # before setup to avoid spurious mismatches; the toolchain installed - # above provides them, they are not resolved as project deps. - python3 -c " - import json - lock = json.load(open('nimble.lock')) - for key in ['nim', 'nimble']: - lock['packages'].pop(key, None) - json.dump(lock, open('nimble.lock', 'w'), indent=2) - " - nimble setup --localdeps -y + # Use system nim instead of the nim pinned in nimble.lock: nim's + # source tree checksums differently across platforms, so the locked + # checksum is unreliable. --useSystemNim skips the locked nim while + # still verifying every other locked dependency. + nimble setup --localdeps -y --useSystemNim make rebuild-nat-libs-nimbledeps make rebuild-bearssl-nimbledeps touch nimbledeps/.nimble-setup @@ -234,18 +220,11 @@ jobs: - name: Install nimble deps if: steps.cache-nimbledeps.outputs.cache-hit != 'true' run: | - # nim and nimble have unstable cross-platform checksums (their source - # trees check out differently per OS), so strip them from the lock - # before setup to avoid spurious mismatches; the toolchain installed - # above provides them, they are not resolved as project deps. - python3 -c " - import json - lock = json.load(open('nimble.lock')) - for key in ['nim', 'nimble']: - lock['packages'].pop(key, None) - json.dump(lock, open('nimble.lock', 'w'), indent=2) - " - nimble setup --localdeps -y + # Use system nim instead of the nim pinned in nimble.lock: nim's + # source tree checksums differently across platforms, so the locked + # checksum is unreliable. --useSystemNim skips the locked nim while + # still verifying every other locked dependency. + nimble setup --localdeps -y --useSystemNim make rebuild-nat-libs-nimbledeps make rebuild-bearssl-nimbledeps touch nimbledeps/.nimble-setup diff --git a/.github/workflows/windows-build.yml b/.github/workflows/windows-build.yml index c17c604ce..059cc954f 100644 --- a/.github/workflows/windows-build.yml +++ b/.github/workflows/windows-build.yml @@ -109,20 +109,14 @@ jobs: if: steps.cache-nimbledeps.outputs.cache-hit != 'true' run: | export PATH="$GITHUB_WORKSPACE/.nim_runtime/bin:$HOME/.nimble/bin:$PATH" - # nim and nimble have unstable cross-platform checksums: their source - # trees check out differently per OS (nim ships a .gitattributes that - # forces line endings on some files), so their SHA1 never matches the - # Linux-computed values in nimble.lock on Windows — even with autocrlf - # disabled. Strip them from the lock before setup; they are provided by - # the toolchain installed above, not resolved as project deps. - python -c " - import json - lock = json.load(open('nimble.lock')) - for key in ['nim', 'nimble']: - lock['packages'].pop(key, None) - json.dump(lock, open('nimble.lock', 'w'), indent=2) - " - nimble setup --localdeps -y + # Use the CI-installed system nim instead of the nim pinned in + # nimble.lock. nim's source tree checks out differently on Windows + # (its .gitattributes forces line endings on some files), so its + # checksum never matches the Linux-computed value in the lock — not + # even with autocrlf disabled. --useSystemNim makes nimble ignore the + # locked nim (no download, no checksum) while still verifying every + # other locked dependency. + nimble setup --localdeps -y --useSystemNim make rebuild-nat-libs-nimbledeps CC=gcc make rebuild-bearssl-nimbledeps CC=gcc touch nimbledeps/.nimble-setup