From 9d63c5b1f69e5ddc16321a0353c3bbbec3b0976d Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Fri, 20 Feb 2026 00:25:00 +0000
Subject: [PATCH] bug(flytekit): merge nix install+build into single RUN step
 for depot cache resilience

Co-Authored-By: ryan@exa.ai <ryanjwong007@gmail.com>
---
 flytekit/image_spec/default_builder.py | 28 ++++++++++++++------------
 1 file changed, 15 insertions(+), 13 deletions(-)

diff --git a/flytekit/image_spec/default_builder.py b/flytekit/image_spec/default_builder.py
index bac7495d27..6a25ad84ea 100644
--- a/flytekit/image_spec/default_builder.py
+++ b/flytekit/image_spec/default_builder.py
@@ -173,26 +173,28 @@
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# Install Nix using cache mount so it persists across builds
-RUN --mount=type=cache,target=/nix,id=nix-determinate \
-    curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
-        sh -s -- install linux \
-        --determinate \
-        --extra-conf "sandbox = true" \
-        --extra-conf "max-substitution-jobs = 256" \
-        --extra-conf "http-connections = 256" \
-        --extra-conf "download-buffer-size = 1073741824" \
-        --init none \
-        --no-confirm
-
 # Create a working directory for the build
 WORKDIR /build
 
-# Build with cache mount - reuses the same cache across builds
+# Install Nix (if not cached) and build in a single step so the cache mount
+# is guaranteed to be available when sourcing nix-daemon.sh.
+# Two separate RUN steps break on builders (e.g. Depot) that don't share
+# cache-mount contents across steps on different machines.
 RUN --mount=type=bind,source=.,target=/build/ \
     --mount=type=cache,target=/nix,id=nix-determinate \
     --mount=type=cache,target=/root/.cache/nix,id=nix-git-cache \
     --mount=type=cache,target=/var/lib/containers/cache,id=container-cache \
+    if [ ! -f /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh ]; then \
+        curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | \
+            sh -s -- install linux \
+            --determinate \
+            --extra-conf "sandbox = true" \
+            --extra-conf "max-substitution-jobs = 256" \
+            --extra-conf "http-connections = 256" \
+            --extra-conf "download-buffer-size = 1073741824" \
+            --init none \
+            --no-confirm; \
+    fi && \
     . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && \
     nix run .#docker.copyTo -- docker://$IMAGE_NAME --dest-creds "AWS:$ECR_TOKEN" \
     --image-parallel-copies 32 \