Add possibility to install global environments (#221)

Co-authored-by: Pavel Zwerschke <[email protected]>

Author: olivier-lacroix

.github/workflows/build.yml

@@ -47,7 +47,7 @@ jobs:
         run: |
           set -euo pipefail
           latest_version="$(jq -r '.version' package.json)"
-          count_expected=20
+          count_expected=21
           count_actual="$(grep -c "setup-pixi@v$latest_version" README.md || true)"
           if [ "$count_actual" -ne "$count_expected" ]; then
             echo "::error file=README.md::Expected $count_expected mentions of \`setup-pixi@v$latest_version\` in README.md, but found $count_actual."

.github/workflows/test.yml

@@ -47,6 +47,55 @@ jobs:
           pixi run python --version | grep -q 3.11
           pixi run test | grep -q "Hello world"
 
+  global-environments:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Move pixi.toml
+        run: mv test/default/* .
+      - uses: ./
+        with:
+          global-environments: |
+            cowpy
+      - run: |
+          cowpy hello world
+      - run: |
+          set -o pipefail
+          pixi info
+          test -f ${{ matrix.os == 'windows-latest' && './.pixi/envs/default/python.exe' || './.pixi/envs/default/bin/python' }}
+          ${{ matrix.os == 'windows-latest' && './.pixi/envs/default/python.exe' || './.pixi/envs/default/bin/python' }} --version | grep -q 3.11
+        shell: bash
+      - run: |
+          pixi run python --version | grep -q 3.11
+          pixi run test | grep -q "Hello world"
+
+  global-environments-with-project-install:
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: ./
+        with:
+          run-install: false
+          global-environments: |
+            cowpy
+            keyring --with keyrings.google-artifactregistry-auth
+      - run: |
+          set -o pipefail
+          cowpy hello world
+          keyring --list-backends | grep "keyrings.gauth.GooglePythonAuth"
+        shell: bash
+        if: matrix.os != 'windows-latest'
+      - run: |
+          cowpy hello world
+          keyring --list-backends | findstr "keyrings.gauth.GooglePythonAuth"
+        if: matrix.os == 'windows-latest'
+
   no-run-install:
     strategy:
       matrix:

README.md

@@ -23,7 +23,7 @@ GitHub Action to set up the [pixi](https://github.com/prefix-dev/pixi) package m
 ## Usage
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     pixi-version: v0.49.0
 
@@ -35,7 +35,7 @@ GitHub Action to set up the [pixi](https://github.com/prefix-dev/pixi) package m
 
 > [!WARNING]
 > Since pixi is not yet stable, the API of this action may change between minor versions.
-> Please pin the versions of this action to a specific version (i.e., `prefix-dev/[email protected].0`) to avoid breaking changes.
+> Please pin the versions of this action to a specific version (i.e., `prefix-dev/[email protected].1`) to avoid breaking changes.
 > You can automatically update the version of this action by using [Dependabot](https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot).
 >
 > Put the following in your `.github/dependabot.yml` file to enable Dependabot for your GitHub Actions:
@@ -74,7 +74,7 @@ In order to not exceed the [10 GB cache size limit](https://docs.github.com/en/a
 This can be done by setting the `cache-write` argument.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     cache: true
     cache-write: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
@@ -119,7 +119,7 @@ test:
       environment: [py311, py312]
   steps:
     - uses: actions/checkout@v4
-    - uses: prefix-dev/[email protected].0
+    - uses: prefix-dev/[email protected].1
       with:
         environments: ${{ matrix.environment }}
 ```
@@ -129,7 +129,7 @@ test:
 The following example will install both the `py311` and the `py312` environment on the runner.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     # separated by spaces
     environments: >-
@@ -143,14 +143,34 @@ The following example will install both the `py311` and the `py312` environment
 > [!WARNING]
 > If you don't specify any environment, the `default` environment will be installed and cached, even if you use other environments.
 
+### Global Environments
+
+You can specify `pixi global install` commands by setting the `global-environments` input argument.
+This will create one environment per line, and install them.
+This is useful in particular to install executables that are needed for `pixi install` to work properly.
+For instance, the `keyring`, or `gcloud` executables. The following example shows how to install both in separate global environments.
+Note that global environments are not cached.
+
+```yml
+- uses: prefix-dev/[email protected]
+  with:
+    global-environments: |
+      google-cloud-sdk
+      keyring --with keyrings.google-artifactregistry-auth
+- run: |
+    gcloud --version
+    keyring --list-backends
+```
+
 ### Authentication
 
-There are currently three ways to authenticate with pixi:
+There are currently five ways to authenticate with pixi:
 
 - using a token
 - using a username and password
 - using a conda-token
 - using an S3 key pair
+- using keyring for PyPI registries
 
 For more information, see the [pixi documentation](https://prefix.dev/docs/pixi/authentication).
 
@@ -165,7 +185,7 @@ Specify the token using the `auth-token` input argument.
 This form of authentication (bearer token in the request headers) is mainly used at [prefix.dev](https://prefix.dev).
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     auth-host: prefix.dev
     auth-token: ${{ secrets.PREFIX_DEV_TOKEN }}
@@ -177,7 +197,7 @@ Specify the username and password using the `auth-username` and `auth-password`
 This form of authentication (HTTP Basic Auth) is used in some enterprise environments with [artifactory](https://jfrog.com/artifactory) for example.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     auth-host: custom-artifactory.com
     auth-username: ${{ secrets.PIXI_USERNAME }}
@@ -190,7 +210,7 @@ Specify the conda-token using the `auth-conda-token` input argument.
 This form of authentication (token is encoded in URL: `https://my-quetz-instance.com/t/<token>/get/custom-channel`) is used at [anaconda.org](https://anaconda.org) or with [quetz instances](https://github.com/mamba-org/quetz).
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     auth-host: anaconda.org # or my-quetz-instance.com
     auth-conda-token: ${{ secrets.CONDA_TOKEN }}
@@ -202,7 +222,7 @@ Specify the S3 key pair using the `auth-access-key-id` and `auth-secret-access-k
 You can also specify the session token using the `auth-session-token` input argument.
 
 ```yaml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     auth-host: s3://my-s3-bucket
     auth-s3-access-key-id: ${{ secrets.ACCESS_KEY_ID }}
@@ -218,11 +238,13 @@ See the [pixi documentation](https://pixi.sh/latest/advanced/s3) for more inform
 You can specify whether to use keyring to look up credentials for PyPI.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     pypi-keyring-provider: subprocess # one of 'subprocess', 'disabled'
 ```
 
+You can use the [`global-environments`](#global-environments) input to install `keyring` and its backends.
+
 ### Custom shell wrapper
 
 `setup-pixi` allows you to run command inside of the pixi environment by specifying a custom shell wrapper with `shell: pixi run bash -e {0}`.
@@ -284,15 +306,15 @@ To this end, `setup-pixi` adds all environment variables set when executing `pix
 As a result, all installed binaries can be accessed without having to call `pixi run`.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     activate-environment: true
 ```
 
 If you are installing multiple environments, you will need to specify the name of the environment that you want to be activated.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     environments: >-
       py311
@@ -309,7 +331,7 @@ You can specify whether `setup-pixi` should run `pixi install --frozen` or `pixi
 See the [official documentation](https://prefix.dev/docs/pixi/cli#install) for more information about the `--frozen` and `--locked` flags.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     locked: true
     # or
@@ -328,7 +350,7 @@ The first one is the debug logging of the action itself.
 This can be enabled by running the action with the `RUNNER_DEBUG` environment variable set to `true`.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   env:
     RUNNER_DEBUG: true
 ```
@@ -346,7 +368,7 @@ The second type is the debug logging of the pixi executable.
 This can be specified by setting the `log-level` input.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     # one of `q`, `default`, `v`, `vv`, or `vvv`.
     log-level: vvv
@@ -372,7 +394,7 @@ If nothing is specified, `post-cleanup` will default to `true`.
 On self-hosted runners, you also might want to alter the default pixi install location to a temporary location. You can use `pixi-bin-path: ${{ runner.temp }}/bin/pixi` to do this.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     post-cleanup: true
     # ${{ runner.temp }}\Scripts\pixi.exe on Windows
@@ -388,7 +410,7 @@ You can also use a preinstalled local version of pixi on the runner by not setti
 This can be overwritten by setting the `manifest-path` input argument.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     manifest-path: pyproject.toml
 ```
@@ -398,7 +420,7 @@ This can be overwritten by setting the `manifest-path` input argument.
 If you only want to install pixi and not install the current project, you can use the `run-install` option.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     run-install: false
 ```
@@ -409,7 +431,7 @@ You can also download pixi from a custom URL by setting the `pixi-url` input arg
 Optionally, you can combine this with the `pixi-url-headers` input argument to supply additional headers for the download request, such as a bearer token.
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     pixi-url: https://pixi-mirror.example.com/releases/download/v0.48.0/pixi-x86_64-unknown-linux-musl
     pixi-url-headers: '{"Authorization": "Bearer ${{ secrets.PIXI_MIRROR_BEARER_TOKEN }}"}'
@@ -425,7 +447,7 @@ It will be rendered with the following variables:
 By default, `pixi-url` is equivalent to the following template:
 
 ```yml
-- uses: prefix-dev/[email protected].0
+- uses: prefix-dev/[email protected].1
   with:
     pixi-url: |
       {{#if latest~}}

action.yml

@@ -23,6 +23,9 @@ inputs:
   environments:
     description: |
       A space-separated list of environments to install. If not specified, only the default environment is installed.
+  global-environments:
+    description: |
+      A newline-separated list of packages to install globally with `pixi global install`.
   activate-environment:
     description: |
       If the installed environment should be "activated" for the current job, modifying `$GITHUB_ENV` and