From 94082a2710d0f3600fbd418f9d19f7c3d334ad4e Mon Sep 17 00:00:00 2001
From: "Travis A. Everett" <travis.a.everett@gmail.com>
Date: Thu, 9 Jul 2020 01:13:38 -0500
Subject: [PATCH] add temp CI job to test syspolicy impact (#127)

Starting in Catalina, macOS runs a syspolicyd "assessment" that hits the network for each binary/script executable. It does cache these results, but Nix tends to introduce many "new" executables per build. (You can read more about this at https://github.com/NixOS/nix/issues/3789).

This PR adds a temporary, redundant macOS job with these assessments disabled. I'm hoping you can adopt it for a few weeks to help me collect more data on how this affects real projects.
---
 .github/workflows/nix-build.yml | 34 +++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml
index 92d6f8722..dca88b1fd 100644
--- a/.github/workflows/nix-build.yml
+++ b/.github/workflows/nix-build.yml
@@ -42,3 +42,37 @@ jobs:
         name: smos
         signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
     - run: nix-build default.nix
+  macos_perf_test:
+    name: macos_perf_test / Nix
+    runs-on: macos-latest
+    steps:
+    - name: Disable syspolicy assessments
+      run: |
+        spctl --status
+        sudo spctl --master-disable
+    - uses: actions/checkout@v2
+    - uses: cachix/install-nix-action@v8
+    - name: free disk space
+      run: |
+        if [[ "${{matrix.os}}" == "ubuntu-latest" ]]
+        then
+          sudo rm -rf /opt
+        fi
+    - uses: cachix/cachix-action@v6
+      with:
+        name: validity
+    - uses: cachix/cachix-action@v6
+      with:
+        name: cursor
+    - uses: cachix/cachix-action@v6
+      with:
+        name: mergeful
+    - uses: cachix/cachix-action@v6
+      with:
+        name: yamlparse
+    - uses: cachix/cachix-action@v6
+      with:
+        name: smos
+        signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}'
+    - run: nix-build default.nix
+