chore(flake/disko): 639d1520
-> da52cf40
#12321
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- master | |
- try | |
pull_request: | |
permissions: {} | |
env: | |
flake: github:${{ github.repository }}/${{ github.sha }} | |
nix-conf: |- | |
accept-flake-config = true | |
always-allow-substitutes = true | |
builders-use-substitutes = true | |
max-jobs = auto | |
cachix-install: nix profile install 'github:${{ github.repository }}/${{ github.sha }}#cachix' | |
aarch64-host: aarch64.nixos.community | |
aarch64-ssh-config: |- | |
Host aarch64.nixos.community 147.28.143.250 | |
User lovesegfault | |
IdentitiesOnly yes | |
IdentityFile ~/.ssh/aarch64-builder-ed25519 | |
aarch64-ssh-known-host: |- | |
aarch64-build-box,aarch64.nixos.community,147.75.77.190 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds | |
aarch64-machine-config: |- | |
ssh-ng://lovesegfault@aarch64.nixos.community aarch64-linux /etc/nix/ssh/aarch64-builder-ed25519 64 1 big-parallel - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU1VVHo1aTl1NUgyRkhOQW1aSnlvSmZJR3lVbS9IZkdoZnduYzE0MkwzZHMgcm9vdEBuaXhvcwo= | |
jobs: | |
flake-check: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: DeterminateSystems/nix-installer-action@v16 | |
with: | |
extra-conf: ${{ env.nix-conf }} | |
- uses: cachix/cachix-action@v15 | |
with: | |
name: nix-config | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: vim-config,nix-community | |
installCommand: ${{ env.cachix-install }} | |
- name: nix-flake-check | |
run: nix flake check '${{ env.flake }}' | |
flake-show: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: DeterminateSystems/nix-installer-action@v16 | |
with: | |
extra-conf: ${{ env.nix-conf }} | |
- uses: cachix/cachix-action@v15 | |
with: | |
name: nix-config | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: vim-config,nix-community | |
installCommand: ${{ env.cachix-install }} | |
- name: nix-flake-show | |
run: nix flake show '${{ env.flake }}' | |
get-attrs: | |
runs-on: ubuntu-latest | |
outputs: | |
build: ${{ steps.get-attrs.outputs.build }} | |
eval: ${{ steps.get-attrs.outputs.eval }} | |
env: | |
has_aarch64_ssh_key: ${{ secrets.AARCH64_BUILDER_KEY != '' }} | |
steps: | |
- uses: DeterminateSystems/nix-installer-action@v16 | |
with: | |
extra-conf: ${{ env.nix-conf }} | |
- id: install-jq | |
run: nix profile install '${{ env.flake }}#jq' | |
- id: get-attrs | |
run: | | |
function summary() { | |
printf '%s\n' "${*}" >> "$GITHUB_STEP_SUMMARY" | |
} | |
summary "# CI" | |
TMP="$(mktemp -d)" | |
# host packages | |
nix eval --json '${{ env.flake }}#hosts' | jq -c ' | |
to_entries | |
| map({ | |
name: .key, | |
evalOnly: false, | |
hostPlatform: .value.hostPlatform, | |
large: .value.large, | |
attr: "packages.\(.value.hostPlatform).\(.key)" | |
}) | |
| map( | |
if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest" | |
elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest" | |
elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-13" | |
elif .hostPlatform == "aarch64-darwin" then .runsOn="macos-14" | |
else .evalOnly=true | .runsOn="ubuntu-latest" | |
end | |
) | |
| map(if .large then .evalOnly=true end) | |
' >"$TMP/hostAttrs.json" | |
# handle not being able to build aarch64-linux attrs when the ssh key | |
# is missing | |
if [[ "${has_aarch64_ssh_key}" != 'true' ]]; then | |
summary \ | |
"- ⚠️ AArch64 builder SSH key is unavailable, all \`aarch64-linux\` attrs will be eval-only" | |
old_host_attrs="$(<"$TMP/hostAttrs.json")" | |
jq -c \ | |
'map(if .hostPlatform == "aarch64-linux" then .evalOnly=true end)' \ | |
<<<"$old_host_attrs" >"$TMP/hostAttrs.json" | |
fi | |
# dev shells | |
jq -c ' | |
unique_by(.hostPlatform) | |
| sort_by(.runsOn) | |
| map( | |
.attr = "devShells.\(.hostPlatform).default.inputDerivation" | |
| .name = "devShell-\(.hostPlatform)" | |
) | |
' "$TMP/hostAttrs.json" >"$TMP/shellAttrs.json" | |
# join shell and host attrs | |
jq -c -s add "$TMP/hostAttrs.json" "$TMP/shellAttrs.json" >"$TMP/attrs.json" | |
# warn about eval-only attrs | |
read -r -a evalOnlyAttrs < \ | |
<(jq -c -r 'map(select(.evalOnly) | .name) | @sh' "$TMP/attrs.json" | tr -d \') | |
if [[ "${#evalOnlyAttrs[@]}" -ne 0 ]]; then | |
printf -v attrs "\`%s\`, " "${evalOnlyAttrs[@]}" | |
summary \ | |
"- ⚠️ The following attributes will only be evaluated: ${attrs%, }" | |
fi | |
# add all to-build attrs to the summary | |
read -r -a buildAttrs < \ | |
<(jq -c -r 'map(select(.evalOnly | not) | .name) | @sh' "$TMP/attrs.json" | tr -d \') | |
if [[ "${#buildAttrs[@]}" -ne 0 ]]; then | |
printf -v attrs "\`%s\`, " "${buildAttrs[@]}" | |
summary \ | |
"- ✅ The following attributes will be built: ${attrs%, }" | |
fi | |
# check for dupes | |
duplicate_count="$(jq -r ' | |
group_by([.name, .attr]) | map(select(length>1)) | length | |
' "$TMP/attrs.json")" | |
if [[ "$duplicate_count" -ne 0 ]]; then | |
summary \ | |
"- ‼️ Duplicate entries in \`attrs.json\`: \`$(cat "$TMP/attrs.json")\`" | |
exit 1 | |
fi | |
# split build and evalOnly attrs | |
jq -c 'map(select(.evalOnly))' <"$TMP/attrs.json" >"$TMP/eval.json" | |
jq -c 'map(select(.evalOnly | not))' <"$TMP/attrs.json" >"$TMP/build.json" | |
echo "build=$(<"$TMP/build.json")" >>"$GITHUB_OUTPUT" | |
echo "eval=$(<"$TMP/eval.json")" >>"$GITHUB_OUTPUT" | |
eval: | |
name: eval ${{ matrix.attrs.name }} | |
runs-on: ${{ matrix.attrs.runsOn }} | |
needs: [ get-attrs ] | |
strategy: | |
fail-fast: false | |
matrix: | |
attrs: ${{ fromJson(needs.get-attrs.outputs.eval) }} | |
env: | |
system: ${{ matrix.attrs.hostPlatform }} | |
steps: | |
- uses: DeterminateSystems/nix-installer-action@v16 | |
with: | |
extra-conf: ${{ env.nix-conf }} | |
- uses: cachix/cachix-action@v15 | |
with: | |
name: nix-config | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: vim-config,nix-community | |
installCommand: ${{ env.cachix-install }} | |
- name: eval | |
if: ${{ matrix.attrs.evalOnly }} | |
run: | | |
nix eval --raw '${{ env.flake }}#${{ matrix.attrs.attr }}' | |
build: | |
name: build ${{ matrix.attrs.name }} | |
runs-on: ${{ matrix.attrs.runsOn }} | |
needs: [ get-attrs ] | |
strategy: | |
fail-fast: false | |
matrix: | |
attrs: ${{ fromJson(needs.get-attrs.outputs.build) }} | |
env: | |
aarch64-ssh-key: ${{ secrets.AARCH64_BUILDER_KEY }} | |
system: ${{ matrix.attrs.hostPlatform }} | |
steps: | |
- uses: DeterminateSystems/nix-installer-action@v16 | |
with: | |
extra-conf: ${{ env.nix-conf }} | |
- uses: cachix/cachix-action@v15 | |
with: | |
name: nix-config | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
extraPullNames: vim-config,nix-community | |
installCommand: ${{ env.cachix-install }} | |
- name: setup-aarch64-ssh | |
if: ${{ env.system == 'aarch64-linux' || env.system == 'aarch64-darwin' }} | |
run: | | |
mkdir -p ~/.ssh | |
sudo mkdir -p /etc/nix/ssh | |
echo '${{ env.aarch64-ssh-config }}' | tee ~/.ssh/config | sudo tee /etc/nix/ssh/config | |
echo '${{ env.aarch64-ssh-known-host }}' | tee -a ~/.ssh/known_hosts | sudo tee -a /etc/nix/ssh/known_hosts | |
echo '${{ env.aarch64-ssh-key }}' > ~/.ssh/aarch64-builder-ed25519 | |
echo '${{ env.aarch64-ssh-key }}' | sudo tee /etc/nix/ssh/aarch64-builder-ed25519 >> /dev/null | |
chmod 0600 ~/.ssh/* | |
sudo chmod 0600 /etc/nix/ssh/* | |
echo '${{ env.aarch64-machine-config }}' | sudo tee -a /etc/nix/machines | |
- name: nix-fast-build | |
run: | | |
declare -a args=( | |
'--no-nom' | |
'--skip-cached' | |
'--systems=${{ env.system }}' | |
'--option' 'accept-flake-config' 'true' | |
'--retries=3' | |
) | |
# Add the remote builder for aarch64-linux builds | |
[[ '${{ env.system }}' == 'aarch64-linux' ]] && args+=('--remote=${{ env.aarch64-host }}') | |
args+=('--flake=${{ env.flake }}#${{ matrix.attrs.attr }}') | |
nix run '${{ env.flake }}#nix-fast-build' -- "${args[@]}" | |
check: | |
runs-on: ubuntu-latest | |
needs: [ flake-check, flake-show, build, eval ] | |
if: always() | |
steps: | |
- uses: re-actors/alls-green@release/v1 | |
with: | |
jobs: ${{ toJSON(needs) }} | |
allowed-skips: eval |