1 files changed, 118 insertions, 0 deletions

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..6a30315
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,118 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  eval:
+    runs-on: ubuntu-latest
+
+    outputs:
+      matrix: ${{ steps.generate.outputs.matrix }}
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: install nix
+        uses: DeterminateSystems/nix-installer-action@v6
+
+      - name: setup cachix
+        uses: cachix/cachix-action@master
+        with:
+          name: getchoo
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          skipAddingSubstituter: 'true'
+
+      - name: generate matrix
+        id: generate
+        run: |
+          set -Eeu
+          echo "matrix=$(nix eval --accept-flake-config --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT"
+
+  build:
+    needs: eval
+
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJSON(needs.eval.outputs.matrix) }}
+
+    runs-on: ${{ matrix.os }}
+
+    name: build (${{matrix.attr}})
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: setup qemu
+        if: matrix.arch == 'aarch64'
+        run: |
+          sudo apt update -y
+          sudo apt install -y qemu-user-static
+
+      - name: install nix
+        if: matrix.arch != 'aarch64'
+        uses: DeterminateSystems/nix-installer-action@v6
+
+      - name: install nix (with aarch64)
+        if: matrix.arch == 'aarch64'
+        uses: DeterminateSystems/nix-installer-action@v6
+        with:
+          extra-conf: "extra-platforms = aarch64-linux arm-linux"
+
+      - name: setup cachix
+        uses: cachix/cachix-action@master
+        with:
+          name: getchoo
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          skipAddingSubstituter: 'true'
+
+      - name: build ${{ matrix.attr }}
+        run: nix build -L --accept-flake-config --fallback .#${{ matrix.attr }}
+
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: install nix
+        uses: DeterminateSystems/nix-installer-action@v6
+
+      - name: setup cachix
+        uses: cachix/cachix-action@master
+        with:
+          name: getchoo
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          skipAddingSubstituter: 'true'
+
+      - name: setup cachix
+        uses: cachix/cachix-action@v12
+        with:
+          name: getchoo
+          authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
+          skipAddingSubstituter: 'true'
+
+      - name: run check
+        run: nix flake check --accept-flake-config --show-trace
+
+  # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
+  gate:
+    needs: [build, check]
+    runs-on: ubuntu-latest
+
+    if: always()
+
+    steps:
+      - name: exit with result
+        run: |
+          buildResult="${{ needs.build.result }}"
+          checkResult="${{ needs.check.result }}"
+
+          results=("$buildResult" "$checkResult")
+
+          for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done
+
+          exit 0