add temp CI job to test syspolicy impact (#127)

Starting in Catalina, macOS runs a syspolicyd "assessment" that hits the network for each binary/script executable. It does cache these results, but Nix tends to introduce many "new" executables per build. (You can read more about this at NixOS/nix#3789). This PR adds a temporary, redundant macOS job with these assessments disabled. I'm hoping you can adopt it for a few weeks to help me collect more data on how this affects real projects.
NorfairKing · Jul 9, 2020 · 94082a2 · 94082a2
1 parent 44c4517
commit 94082a2
Showing 1 changed file with 34 additions and 0 deletions.
diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml
@@ -42,3 +42,37 @@ jobs:
         name: smos
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
     - run: nix-build default.nix
+  macos_perf_test:
+    name: macos_perf_test / Nix
+    runs-on: macos-latest
+    steps:
+    - name: Disable syspolicy assessments
+      run: |
+        spctl --status
+        sudo spctl --master-disable
+    - uses: actions/checkout@v2
+    - uses: cachix/install-nix-action@v8
+    - name: free disk space
+      run: |
+        if [[ "${{matrix.os}}" == "ubuntu-latest" ]]
+        then
+          sudo rm -rf /opt
+        fi
+    - uses: cachix/cachix-action@v6
+      with:
+        name: validity
+    - uses: cachix/cachix-action@v6
+      with:
+        name: cursor
+    - uses: cachix/cachix-action@v6
+      with:
+        name: mergeful
+    - uses: cachix/cachix-action@v6
+      with:
+        name: yamlparse
+    - uses: cachix/cachix-action@v6
+      with:
+        name: smos
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+    - run: nix-build default.nix
+