Skip to content

Improving our balancing mechanism #535

Improving our balancing mechanism

Improving our balancing mechanism #535

Workflow file for this run

---
name: CI
on:
push:
branches:
- main
tags:
- '*'
pull_request:
jobs:
cache-minimal-nix-dependencies:
name: Cache minimal Nix dependencies
runs-on: ubuntu-latest
needs: []
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@V27
with:
extra_nix_config: |
## Access token to avoid triggering GitHub's rate limiting.
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Setup Nix caches
uses: cachix/cachix-action@v15
with:
name: tweag-cooked-validators
## This auth token will give write access to the cache, meaning that
## everything that happens in CI will be pushed at the end of the job.
authToken: '${{ secrets.CACHIX_TWEAG_COOKED_VALIDATORS_AUTH_TOKEN }}'
- name: Build Nix CI environment
run: |
nix develop .#ci --command true
cache-all-nix-dependencies:
name: Cache all Nix dependencies
runs-on: ubuntu-latest
needs: cache-minimal-nix-dependencies
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@V27
with:
extra_nix_config: |
## Access token to avoid triggering GitHub's rate limiting.
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Setup Nix caches
uses: cachix/cachix-action@v15
with:
name: tweag-cooked-validators
## This auth token will give write access to the cache, meaning that
## everything that happens in CI will be pushed at the end of the job.
authToken: '${{ secrets.CACHIX_TWEAG_COOKED_VALIDATORS_AUTH_TOKEN }}'
- name: Build all Nix environments
run: |
## REVIEW: There might be a way to just build all the devShells? Also,
## we might want to consider building all the package dependencies?
nix develop .#ci --command true
nix develop --command true
build-and-test:
name: Build and run tests
runs-on: ubuntu-latest
needs: cache-minimal-nix-dependencies
steps:
- name: Check out repository code (from PR).
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@V27
with:
extra_nix_config: |
## Access token to avoid triggering GitHub's rate limiting.
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Setup Nix caches
uses: cachix/cachix-action@v15
with:
name: tweag-cooked-validators
## No auth token: read only cache.
## Example from
## https://github.com/actions/cache/blob/ac25611caef967612169ab7e95533cf932c32270/examples.md#haskell---cabal
- name: Accessing the Cabal cache
uses: actions/cache@v4
with:
path: |
~/.cabal/packages
~/.cabal/store
dist-newstyle
key: ${{ runner.os }}-${{ hashFiles('**/*.cabal', '**/cabal.project', '**/cabal.project.freeze', 'flake.nix', 'flake.lock') }}-build-and-test
## Steps below run a certain program and creates two files:
## `${proj}-${step}.res` and `${proj}-${step}.out`. The former contains a
## string encoding the return code of the tool whereas the latter contains
## a human-readable description of what happened.
##
## The point of this is that we will execute these steps but we "succeed"
## iff the build is ok. Another job will then check the resulting files
## for their exit codes. This is ugly but it ensures that the `cabal
## build` gets cached even if tests fail, which means we save a lot of
## time (and CI runner money) in the long run.
##
- name: Build and run tests
run: |
nix develop .#ci --command bash -c '
## NOTE: `-u` is here to help us avoid making mistakes.
## `-x` is here to help with debugging.
##
## NOTE: `-o pipefail` is important for the semantics of this
## script, because with pipe the result of `cabal build` and `cabal
## run tests` through `tee`. Without `-o pipefail`, this succeeds if
## and only if the `tee` command succeeds, while with `-o pipefail`
## this succeeds if and only if all the commands succeed, which is
## what we want.
set -xuo pipefail
cabal_build_ok=true
cabal update
echo "Running \`cabal build\`"
cabal_res=0
cabal build | tee cabal-build.out
cabal_res=$?
echo "cabal_build:$cabal_res" > cabal-build.res
if [ $cabal_res -ne 0 ]; then
cabal_build_ok=false
fi
echo "Running \`cabal run tests\`"
cabal_res=0
cabal run tests | tee cabal-test.out
cabal_res=$?
echo "run_cabal_test:$cabal_res" > cabal-test.res
if ! $cabal_build_ok; then
exit 1
fi
'
- name: Upload build and test outputs
uses: actions/upload-artifact@v4
with:
name: cooked-validators-checks
path: |
./*.out
./*.res
check-result:
name: Check tests output
runs-on: ubuntu-latest
needs: build-and-test
steps:
- name: Access build and test outputs
uses: actions/download-artifact@v4
with:
name: cooked-validators-checks
- name: Check tests output
run: |
is_ok=true
for step in cabal-build cabal-test; do
echo "!! output from $step"
cat $step.out
res=$(cat $step.res | cut -d':' -f2)
if [ "$res" -ne 0 ]; then
is_ok=false
fi
done
## Because there will be a lot of tests, we print a summary of the
## results
echo "Summary of results (1 is failure)"
cat cabal-build.res cabal-test.res
if $is_ok; then
exit 0
else
exit 1
fi
build-and-deploy-documentation:
name: Build and deploy documentation
runs-on: ubuntu-latest
needs: cache-minimal-nix-dependencies
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@V27
with:
extra_nix_config: |
## Access token to avoid triggering GitHub's rate limiting.
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Setup Nix caches
uses: cachix/cachix-action@v15
with:
name: tweag-cooked-validators
## No auth token: read only cache.
## Example from
## https://github.com/actions/cache/blob/ac25611caef967612169ab7e95533cf932c32270/examples.md#haskell---cabal
- name: Accessing the Cabal cache
uses: actions/cache@v4
with:
path: |
~/.cabal/packages
~/.cabal/store
dist-newstyle
key: ${{ runner.os }}-${{ hashFiles('**/*.cabal', '**/cabal.project', '**/cabal.project.freeze', 'flake.nix', 'flake.lock') }}-haddock
- name: Build documentation
run: |
nix develop .#ci --command bash -c '
## NOTE: `-e` and `-u` are here to help us avoid making mistakes.
## `-x` is here to help with debugging.
set -eux
cabal update
cabal haddock \
--haddock-hyperlink-source \
--haddock-quickjump \
--haddock-html-location='https://hackage.haskell.org/package/$pkg-$version/docs' \
cooked-validators
mkdir -p docs
cp --force --recursive dist-newstyle/build/*/ghc-*/cooked-validators-*/doc/html/cooked-validators/* docs
'
- name: Upload documentation as artifact
uses: actions/upload-artifact@v4
with:
name: documentation
path: ./docs
- name: Deploy
uses: peaceiris/actions-gh-pages@v4
if: ${{ github.ref == 'refs/heads/main' }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./docs
run-and-cache-flake-checks:
name: Run and cache flake checks
runs-on: ubuntu-latest
needs: []
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@V27
with:
extra_nix_config: |
## Access token to avoid triggering GitHub's rate limiting.
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- name: Setup Nix caches
uses: cachix/cachix-action@v15
with:
name: tweag-cooked-validators
## This auth token will give write access to the cache, meaning that
## everything that happens in CI will be pushed at the end of the job.
authToken: '${{ secrets.CACHIX_TWEAG_COOKED_VALIDATORS_AUTH_TOKEN }}'
- name: Run flake checks
run: nix flake check --print-build-logs