Only generating collaterals when scripts are called #685
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: CI | |
on: | |
push: | |
branches: | |
- main | |
tags: | |
- '*' | |
pull_request: | |
jobs: | |
cache-minimal-nix-dependencies: | |
name: Cache minimal Nix dependencies | |
runs-on: ubuntu-latest | |
needs: [] | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
## Access token to avoid triggering GitHub's rate limiting. | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Nix caches | |
uses: cachix/cachix-action@v15 | |
with: | |
name: tweag-cooked-validators | |
## This auth token will give write access to the cache, meaning that | |
## everything that happens in CI will be pushed at the end of the job. | |
authToken: '${{ secrets.CACHIX_TWEAG_COOKED_VALIDATORS_AUTH_TOKEN }}' | |
- name: Build Nix CI environment | |
run: | | |
nix develop .#ci --command true | |
cache-all-nix-dependencies: | |
name: Cache all Nix dependencies | |
runs-on: ubuntu-latest | |
needs: cache-minimal-nix-dependencies | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
## Access token to avoid triggering GitHub's rate limiting. | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Nix caches | |
uses: cachix/cachix-action@v15 | |
with: | |
name: tweag-cooked-validators | |
## This auth token will give write access to the cache, meaning that | |
## everything that happens in CI will be pushed at the end of the job. | |
authToken: '${{ secrets.CACHIX_TWEAG_COOKED_VALIDATORS_AUTH_TOKEN }}' | |
- name: Build all Nix environments | |
run: | | |
## REVIEW: There might be a way to just build all the devShells? Also, | |
## we might want to consider building all the package dependencies? | |
nix develop .#ci --command true | |
nix develop --command true | |
build-and-test: | |
name: Build and run tests | |
runs-on: ubuntu-latest | |
needs: cache-minimal-nix-dependencies | |
steps: | |
- name: Check out repository code (from PR). | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
## Access token to avoid triggering GitHub's rate limiting. | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Nix caches | |
uses: cachix/cachix-action@v15 | |
with: | |
name: tweag-cooked-validators | |
## No auth token: read only cache. | |
## Example from | |
## https://github.com/actions/cache/blob/ac25611caef967612169ab7e95533cf932c32270/examples.md#haskell---cabal | |
- name: Accessing the Cabal cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cabal/packages | |
~/.cabal/store | |
dist-newstyle | |
key: ${{ runner.os }}-${{ hashFiles('**/*.cabal', '**/cabal.project', '**/cabal.project.freeze', 'flake.nix', 'flake.lock') }}-build-and-test | |
## Steps below run a certain program and creates two files: | |
## `${proj}-${step}.res` and `${proj}-${step}.out`. The former contains a | |
## string encoding the return code of the tool whereas the latter contains | |
## a human-readable description of what happened. | |
## | |
## The point of this is that we will execute these steps but we "succeed" | |
## iff the build is ok. Another job will then check the resulting files | |
## for their exit codes. This is ugly but it ensures that the `cabal | |
## build` gets cached even if tests fail, which means we save a lot of | |
## time (and CI runner money) in the long run. | |
## | |
- name: Build and run tests | |
run: | | |
nix develop .#ci --command bash -c ' | |
## NOTE: `-u` is here to help us avoid making mistakes. | |
## `-x` is here to help with debugging. | |
## | |
## NOTE: `-o pipefail` is important for the semantics of this | |
## script, because with pipe the result of `cabal build` and `cabal | |
## run tests` through `tee`. Without `-o pipefail`, this succeeds if | |
## and only if the `tee` command succeeds, while with `-o pipefail` | |
## this succeeds if and only if all the commands succeed, which is | |
## what we want. | |
set -xuo pipefail | |
cabal_build_ok=true | |
cabal update | |
echo "Running \`cabal build\`" | |
cabal_res=0 | |
cabal build | tee cabal-build.out | |
cabal_res=$? | |
echo "cabal_build:$cabal_res" > cabal-build.res | |
if [ $cabal_res -ne 0 ]; then | |
cabal_build_ok=false | |
fi | |
echo "Running \`cabal run tests\`" | |
cabal_res=0 | |
cabal run tests | tee cabal-test.out | |
cabal_res=$? | |
echo "run_cabal_test:$cabal_res" > cabal-test.res | |
if ! $cabal_build_ok; then | |
exit 1 | |
fi | |
' | |
- name: Upload build and test outputs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cooked-validators-checks | |
path: | | |
./*.out | |
./*.res | |
check-result: | |
name: Check tests output | |
runs-on: ubuntu-latest | |
needs: build-and-test | |
steps: | |
- name: Access build and test outputs | |
uses: actions/download-artifact@v4 | |
with: | |
name: cooked-validators-checks | |
- name: Check tests output | |
run: | | |
is_ok=true | |
for step in cabal-build cabal-test; do | |
echo "!! output from $step" | |
cat $step.out | |
res=$(cat $step.res | cut -d':' -f2) | |
if [ "$res" -ne 0 ]; then | |
is_ok=false | |
fi | |
done | |
## Because there will be a lot of tests, we print a summary of the | |
## results | |
echo "Summary of results (1 is failure)" | |
cat cabal-build.res cabal-test.res | |
if $is_ok; then | |
exit 0 | |
else | |
exit 1 | |
fi | |
build-and-deploy-documentation: | |
name: Build and deploy documentation | |
runs-on: ubuntu-latest | |
needs: cache-minimal-nix-dependencies | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
## Access token to avoid triggering GitHub's rate limiting. | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Nix caches | |
uses: cachix/cachix-action@v15 | |
with: | |
name: tweag-cooked-validators | |
## No auth token: read only cache. | |
## Example from | |
## https://github.com/actions/cache/blob/ac25611caef967612169ab7e95533cf932c32270/examples.md#haskell---cabal | |
- name: Accessing the Cabal cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cabal/packages | |
~/.cabal/store | |
dist-newstyle | |
key: ${{ runner.os }}-${{ hashFiles('**/*.cabal', '**/cabal.project', '**/cabal.project.freeze', 'flake.nix', 'flake.lock') }}-haddock | |
- name: Build documentation | |
run: | | |
nix develop .#ci --command bash -c ' | |
## NOTE: `-e` and `-u` are here to help us avoid making mistakes. | |
## `-x` is here to help with debugging. | |
set -eux | |
cabal update | |
cabal haddock \ | |
--haddock-hyperlink-source \ | |
--haddock-quickjump \ | |
--haddock-html-location='https://hackage.haskell.org/package/$pkg-$version/docs' \ | |
cooked-validators | |
mkdir -p docs | |
cp --force --recursive dist-newstyle/build/*/ghc-*/cooked-validators-*/doc/html/cooked-validators/* docs | |
' | |
- name: Upload documentation as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: documentation | |
path: ./docs | |
- name: Deploy | |
uses: peaceiris/actions-gh-pages@v4 | |
if: ${{ github.ref == 'refs/heads/main' }} | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
publish_dir: ./docs | |
run-and-cache-flake-checks: | |
name: Run and cache flake checks | |
runs-on: ubuntu-latest | |
needs: [] | |
steps: | |
- name: Check out repository code | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@V27 | |
with: | |
extra_nix_config: | | |
## Access token to avoid triggering GitHub's rate limiting. | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Nix caches | |
uses: cachix/cachix-action@v15 | |
with: | |
name: tweag-cooked-validators | |
## This auth token will give write access to the cache, meaning that | |
## everything that happens in CI will be pushed at the end of the job. | |
authToken: '${{ secrets.CACHIX_TWEAG_COOKED_VALIDATORS_AUTH_TOKEN }}' | |
- name: Run flake checks | |
run: nix flake check --print-build-logs |