Skip to content

fix(image_spec): re-install nix in build step if cache mount was cleared#37

Open
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1771434308-fix-nix-cache-resilience
Open

fix(image_spec): re-install nix in build step if cache mount was cleared#37
devin-ai-integration[bot] wants to merge 1 commit intomasterfrom
devin/1771434308-fix-nix-cache-resilience

Conversation

@devin-ai-integration
Copy link

@devin-ai-integration devin-ai-integration bot commented Feb 18, 2026

Why are the changes needed?

When using Depot for nix-based container builds, there are two independent caching layers:

  1. Docker layer cache — tracks whether a RUN instruction needs re-execution based on instruction text + context hash
  2. BuildKit cache mounts (--mount=type=cache) — persistent storage shared across builds

If the cache mount at /nix is cleared independently (e.g., manual cache nuke on Depot), but the Docker layer cache still considers the nix install step (#9) as CACHED, that step is skipped entirely. The subsequent build step (#12) then fails because /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh doesn't exist:

#9 [stage-0 3/5] RUN --mount=type=cache,target=/nix ...
#9 CACHED

#12 [stage-0 5/5] RUN --mount=type=bind ...
#12 0.169 /bin/sh: 1: .: cannot open /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh: No such file

This was causing all depot build CI jobs to fail on monorepo PR #17697.

What changes were proposed in this pull request?

  • Extract the nix install command into a reusable NIX_INSTALL_SCRIPT constant
  • Add a conditional guard in the build RUN step: if nix-daemon.sh is missing, re-run the nix installer before proceeding
  • The dedicated install RUN step is kept as-is for the happy path (warm cache mount = fast no-op)

How was this patch tested?

This will be validated by re-running the failing CI jobs on monorepo PR #17697 after bumping the flytekit dependency to this commit.

Human review checklist

  • Verify that NIX_INSTALL_SCRIPT (which uses Python \ line continuations to become a single-line string) produces valid shell when substituted into both the standalone install RUN and the if block in the build RUN
  • Confirm the Determinate Nix installer is safe to re-run when /nix is partially populated (not just fully empty)
  • Check that $NIX_INSTALL_CMD doesn't collide with any string.Template $-prefixed shell variables in the Dockerfile template

Check all the applicable boxes

  • I updated the documentation accordingly.
  • All new and existing tests passed.
  • All commits are signed-off.

Related PRs

Link to Devin run: https://app.devin.ai/sessions/1b5b4648b3d64e4fbc22d634a5c1afe1
Requested by: @lakeesiv

@devin-ai-integration @lakeesiv
fix(image_spec): re-install nix in build step if cache mount was cleared
4743e47 
When depot's Docker layer cache marks the nix install step as CACHED
but the /nix cache mount has been independently cleared, the build step
fails because nix-daemon.sh doesn't exist. This adds a conditional
check in the build step to re-install nix if the cache mount is empty.

Co-Authored-By: Lakee Sivaraya <lakeesivaraya@gmail.com>
@devin-ai-integration
Copy link
Author

devin-ai-integration bot commented Feb 18, 2026

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

  • Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
  • Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

  • Disable automatic comment and CI monitoring

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants