diff options
| author | seth <[email protected]> | 2023-12-22 21:16:49 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-23 03:09:13 +0000 |
| commit | 0405273d9330d881ca73b0f232d7bc4a81a1b998 (patch) | |
| tree | 3f42b219351314f41f589809128908b18925aa04 /.github/workflows | |
| parent | 4cc4e1fec5775a15663eb4d91d171276aa04ecf4 (diff) | |
actions: use nix-eval-jobs for ci
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/ci.yaml | 113 | ||||
| -rw-r--r-- | .github/workflows/deploy.yaml | 18 |
2 files changed, 122 insertions, 9 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..c4fc11e --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,113 @@ +name: CI + +on: + pull_request: + workflow_call: + secrets: + CACHIX_AUTH_TOKEN: + description: "auth token for cachi" + workflow_dispatch: + +jobs: + eval: + name: Evaluate flake + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.eval.outputs.matrix }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Cachix + uses: cachix/cachix-action@v13 + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + + - name: Evaluate jobs + id: eval + run: | + nix shell --inputs-from . \ + nixpkgs#{bash,coreutils,jq,nix-eval-jobs} \ + --command bash ./.github/eval-flake.sh + + build: + needs: eval + + strategy: + matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} + + name: Build (${{ matrix.attr }}) + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Cachix + uses: cachix/cachix-action@v13 + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + + - name: Check if cached + if: ${{ matrix.isCached }} + run: | + echo ${{ matrix.attr }} is already built! + + - name: Run build + if: ${{ !matrix.isCached }} + run: | + nix build --print-build-logs --fallback \ + .#hydraJobs.${{ matrix.attr }} + + check: + strategy: + matrix: + os: [ubuntu-latest, macos-latest] + + name: Check flake (${{ matrix.os }}) + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Cachix + uses: cachix/cachix-action@v13 + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + + - name: Run check + run: | + nix flake check \ + --print-build-logs \ + --fallback \ + --show-trace \ + --option allow-import-from-derivation true + + gate: + needs: [build, check] + + name: CI Gate + runs-on: ubuntu-latest + + if: always() + + steps: + - name: Exit with result + run: | + build_result="${{ needs.build.result }}" + check_result="${{ needs.check.result }}" + results=("$build_result" "$check_result") + for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done + exit 0 diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml index 695d63c..98b3b1d 100644 --- a/.github/workflows/deploy.yaml +++ b/.github/workflows/deploy.yaml @@ -1,21 +1,21 @@ name: Deploy infrastructure on: - check_suite: - types: [completed] + push: + branches: [main] workflow_dispatch: jobs: + ci: + uses: ./.github/workflows/ci.yaml + secrets: inherit + nixos: + needs: ci + name: Deploy NixOS systems runs-on: ubuntu-latest - # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667 - if: github.event.check_suite.app.name == 'Garnix CI' - && github.event.check_suite.conclusion == 'success' - && github.event.check_suite.latest_check_runs_count >= 10 - && github.event.check_suite.head_branch == 'main' - concurrency: group: deploy cancel-in-progress: true @@ -49,9 +49,9 @@ jobs: --command deploy opentofu: - name: Apply OpenTofu plan needs: nixos + name: Apply OpenTofu plan runs-on: ubuntu-latest concurrency: |