diff options
| author | Travis A. Everett <travis.a.everett@gmail.com> | 2020-07-08 20:10:22 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-07-08 20:10:22 -0500 |
| commit | cfe6ea746c3b88887eafda3eaccedc654f61651f (patch) | |
| tree | 9adf777675d55d2eb6c084ab9c9a1a25536395ab /.github | |
| parent | b981e5aacf3848424264f4a84826f8f9ca33da14 (diff) | |
add temp CI job to test syspolicy impact
Starting in Catalina, macOS runs a syspolicyd "assessment" that hits the network for each binary/script executable. It does cache these results, but Nix tends to introduce many "new" executables per build. (You can read more about this at https://github.com/NixOS/nix/issues/3789).
This PR adds a temporary, redundant macOS job with these assessments disabled. I'm hoping you can adopt it for a few weeks to help me collect more data on how this affects real projects.
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/test.yml | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7755466a0..47fa041e9 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -12,3 +12,13 @@ jobs: - uses: actions/checkout@v2 - uses: cachix/install-nix-action@v10 - run: nix-build release.nix --arg nix '{ outPath = ./.; revCount = 123; shortRev = "abcdefgh"; }' --arg systems '[ builtins.currentSystem ]' -A installerScript -A perlBindings + macos_perf_test: + runs-on: macos-latest + steps: + - name: Disable syspolicy assessments + run: | + spctl --status + sudo spctl --master-disable + - uses: actions/checkout@v2 + - uses: cachix/install-nix-action@v10 + - run: nix-build release.nix --arg nix '{ outPath = ./.; revCount = 123; shortRev = "abcdefgh"; }' --arg systems '[ builtins.currentSystem ]' -A installerScript -A perlBindings |