diff options
| author | seth <[email protected]> | 2023-12-14 04:38:36 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-14 18:03:17 -0500 |
| commit | 63498970aa68db136ac73150edcb1e547ed4a3e2 (patch) | |
| tree | 6da61b801dfc0aa220b8a471f4660c8e48417889 | |
| parent | b51e2fec599bbd859b17e10071985e5b3d77ec55 (diff) | |
ci: garnix -> gha + attic
| -rw-r--r-- | .github/workflows/autobot.yaml | 4 | ||||
| -rw-r--r-- | .github/workflows/ci.yaml | 121 | ||||
| -rw-r--r-- | .github/workflows/flakehub-publish.yaml | 9 | ||||
| -rw-r--r-- | .github/workflows/staging-automerge.yaml | 33 | ||||
| -rw-r--r-- | .github/workflows/update-lock.yaml | 16 | ||||
| -rw-r--r-- | README.md | 14 | ||||
| -rw-r--r-- | flake.nix | 64 | ||||
| -rw-r--r-- | garnix.yaml | 9 |
8 files changed, 195 insertions, 75 deletions
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index ddc70d4..d18cda6 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -1,4 +1,4 @@ -name: auto-merge dependabot +name: Auto-merge Dependabot on: pull_request @@ -18,7 +18,7 @@ jobs: with: github-token: ${{ github.token }} - - name: enable auto-merge + - name: Enable auto-merge if: steps.metadata.outputs.update-type == 'version-update:semver-patch' run: gh pr merge --auto --rebase "$PR" env: diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..bfc7cf4 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,121 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + workflow_dispatch: + +jobs: + eval: + name: Evaluate flake + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.evaluate.outputs.matrix }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Evaluate matrix + id: evaluate + run: | + set -eu + echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" + + build: + needs: eval + + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} + + name: Build (${{ matrix.attr }}) + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v4 + + - name: Setup QEMU + if: matrix.arch == 'aarch64' + uses: docker/setup-qemu-action@v3 + with: + platforms: "arm64" + + - name: Install Nix + if: matrix.arch != 'aarch64' + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Install Nix (with aarch64) + if: matrix.arch == 'aarch64' + uses: DeterminateSystems/nix-installer-action@v9 + with: + extra-conf: "extra-platforms = aarch64-linux arm-linux" + + - name: Setup local Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: https://cache.mydadleft.me + cache: nix-exprs + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: ${{ github.event_name == 'pull_request' }} + + - name: Run build + run: | + nix build -L --accept-flake-config .#${{ matrix.attr }} + + check: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest] + + name: Check flake (${{ matrix.os }}) + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup local Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: https://cache.mydadleft.me + cache: nix-exprs + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: ${{ github.event_name == 'pull_request' }} + + - name: Run check + run: nix flake check --show-trace --accept-flake-config + + # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 + gate: + needs: [build, check] + + name: CI Gate + runs-on: ubuntu-latest + + if: always() + + steps: + - name: Exit with result + run: | + build_result="${{ needs.build.result }}" + check_result="${{ needs.check.result }}" + + results=("$build_result" "$check_result") + + for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done + + exit 0 diff --git a/.github/workflows/flakehub-publish.yaml b/.github/workflows/flakehub-publish.yaml index 89a82d2..7ceaefd 100644 --- a/.github/workflows/flakehub-publish.yaml +++ b/.github/workflows/flakehub-publish.yaml @@ -1,4 +1,4 @@ -name: flakehub publish +name: Flakehub publish on: push: @@ -7,6 +7,7 @@ on: jobs: publish: runs-on: ubuntu-latest + permissions: id-token: write contents: read @@ -14,10 +15,10 @@ jobs: steps: - uses: actions/checkout@v4 - - name: install nix - uses: nixbuild/nix-quick-install-action@v26 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 - - name: push to flakehub + - name: Push to Flakehub uses: DeterminateSystems/flakehub-push@v3 with: visibility: "public" diff --git a/.github/workflows/staging-automerge.yaml b/.github/workflows/staging-automerge.yaml index 2dd3502..9998584 100644 --- a/.github/workflows/staging-automerge.yaml +++ b/.github/workflows/staging-automerge.yaml @@ -1,4 +1,4 @@ -name: auto-merge staging +name: Auto-merge staging on: push: @@ -7,25 +7,22 @@ on: jobs: automerge: + name: Auto-merge runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - - name: check if pr exists + - name: Check if PR exists id: check run: | - prs=$(gh pr list \ - --repo ${{ github.repository }} \ - --head staging \ - --json state \ - --jq 'map(select(.state == "OPEN")) | length') + prs=$(gh pr list \ + --repo ${{ github.repository }} \ + --head staging \ + --json state \ + --jq 'map(select(.state == "OPEN")) | length') - if (( prs > 0 )); then - echo "skip=true" >> "$GITHUB_OUTPUT" - fi + if (( prs > 0 )); then + echo "skip=true" >> "$GITHUB_OUTPUT" + fi env: GH_TOKEN: ${{ github.token }} @@ -35,7 +32,7 @@ jobs: with: fetch-depth: 0 - - name: create pr + - name: Create PR if: ${{ !steps.check.outputs.skip }} run: | gh pr create \ @@ -44,10 +41,10 @@ jobs: --title "auto-merge: ${{ github.ref_name }} -> main" \ --fill env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.MERGE_TOKEN }} - - name: enable auto-merge + - name: Enable auto-merge if: ${{ !steps.check.outputs.skip }} run: gh pr merge --auto --rebase --match-head-commit ${{ github.sha }} env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.MERGE_TOKEN }} diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml index e735b81..98af4ef 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-lock.yaml @@ -10,27 +10,23 @@ jobs: update: runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - uses: actions/checkout@v4 - - name: install nix - uses: nixbuild/nix-quick-install-action@v26 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 - - name: update lockfile + - name: Update lockfile & make PR uses: DeterminateSystems/update-flake-lock@v20 id: update with: commit-msg: "flake: update inputs" pr-title: "flake: update inputs" - token: ${{ github.token }} + token: ${{ secrets.MERGE_TOKEN }} - - name: enable auto-merge + - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.MERGE_TOKEN }} PR_ID: ${{ steps.update.outputs.pull-request-number }} @@ -1,14 +1,15 @@ # nix-exprs -[](https://garnix.io) +[](https://github.com/getchoo/nix-exprs/actions/workflows/ci.yaml) ## how to use ### enabling the binary cache -all packages are built with [garnix](https://garnix.io/), and cached on their servers. you can use this -yourself by following the instructions [here](https://garnix.io/docs/caching). i would also recommend -[donating](https://opencollective.com/garnix_io) if you can! +all packages are cached in my own [attic](https://github.com/zhaofengli/attic) instance. you can use this +yourself by following the instructions [here](https://docs.attic.rs/user-guide/index.html), with the endpoint +being `https://cache.mydadleft.me` and no token required. the binary cache endpoint `https://cache.mydadleft.me/nix-exprs` +may also be used in the `nixConfig` attribute of flakes or a system configuration. <details> <summary>example</summary> @@ -16,9 +17,8 @@ yourself by following the instructions [here](https://garnix.io/docs/caching). i ```nix {pkgs, ...}: { nix.settings = { - trusted-substituters = ["https://cache.garnix.io"]; - - trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + trusted-substituters = ["https://cache.mydadleft.me/nix-exprs"]; + trusted-public-keys = ["nix-exprs:mLifiLXlGVkkuFpIbqcrCWkIxKn2GyCkrxOuE7fwLxQ="]; }; } ``` @@ -2,8 +2,8 @@ description = "getchoo's nix expressions"; nixConfig = { - extra-substituters = ["https://cache.garnix.io"]; - extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + extra-substituters = ["https://cache.mydadleft.me/nix-exprs"]; + extra-trusted-public-keys = ["nix-exprs:mLifiLXlGVkkuFpIbqcrCWkIxKn2GyCkrxOuE7fwLxQ="]; }; inputs.nixpkgs.url = "nixpkgs/nixos-unstable"; @@ -24,29 +24,6 @@ forAllSystems = fn: lib.genAttrs systems (sys: fn nixpkgs.legacyPackages.${sys}); in { - checks = forAllSystems (pkgs: { - ciGate = let - inherit (pkgs) system; - pkgs' = self.packages.${system}; - requirements = { - # all packages on linux are built - "x86_64-linux" = lib.mapAttrsToList (_: v: v.pname or v.name) pkgs'; - "aarch64-linux" = requirements."x86_64-linux"; - - # but not for macos - "aarch64-darwin" = []; - - # garnix also doesn't support intel macs :( - "x86_64-darwin" = []; - }; - in - pkgs.runCommand "ci-gate" { - nativeBuildInputs = - builtins.filter (v: builtins.elem (v.pname or v.name) requirements.${system}) - (builtins.attrValues pkgs'); - } "touch $out"; - }); - packages = forAllSystems ( pkgs: let overlay = lib.fix (final: self.overlays.default final pkgs); @@ -84,5 +61,42 @@ full = "big template for complex flakes (using flake-parts)"; nixos = "minimal boilerplate for flake-based nixos configuration"; }; + + githubWorkflow.matrix = let + ciSystems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + ]; + + platforms = { + "x86_64-linux" = { + arch = "x64"; + os = "ubuntu-latest"; + }; + + "aarch64-linux" = { + arch = "aarch64"; + os = "ubuntu-latest"; + }; + + "x86_64-darwin" = { + arch = "x64"; + os = "macos-latest"; + }; + }; + in { + include = lib.pipe ciSystems [ + (systems: lib.getAttrs systems self.packages) + + (lib.mapAttrsToList (system: + lib.mapAttrsToList (attr: _: { + inherit (platforms.${system}) os arch; + attr = "packages.${system}.${attr}"; + }))) + + lib.flatten + ]; + }; }; } diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index f4b963e..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,9 +0,0 @@ -builds: - exclude: - - "*.x86_64-darwin.*" - include: - - "checks.*.*" - - "packages.x86_64-linux.*" - - "packages.aarch64-linux.*" - - "packages.aarch64-darwin.modrinth-app" - - "packages.aarch64-darwin.modrinth-app-unwrapped" |