From ea6a9e2d5f3dd0d5ff12e80a4669efb21542c00c Mon Sep 17 00:00:00 2001 From: seth Date: Mon, 30 Oct 2023 06:09:38 -0400 Subject: tree-wide: garnix -> gha --- .github/workflows/autobot.yaml | 9 +-- .github/workflows/ci.yaml | 118 ++++++++++++++++++++++++++++++++++ .github/workflows/update-inputs.yaml | 6 +- .github/workflows/update-lock.yaml | 8 ++- .github/workflows/update-nixpkgs.yaml | 6 +- README.md | 3 +- flake.lock | 6 +- flake.nix | 6 +- garnix.yaml | 7 -- modules/shared/nix.nix | 4 +- workflow.nix | 16 +++++ 11 files changed, 159 insertions(+), 30 deletions(-) create mode 100644 .github/workflows/ci.yaml delete mode 100644 garnix.yaml create mode 100644 workflow.nix diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml index 0982f30..9401d45 100644 --- a/.github/workflows/autobot.yaml +++ b/.github/workflows/autobot.yaml @@ -2,13 +2,14 @@ name: auto-merge dependabot on: pull_request -permissions: - contents: write - pull-requests: write - jobs: automerge: runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + if: github.actor == 'dependabot[bot]' steps: - uses: dependabot/fetch-metadata@v1 diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..6a30315 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,118 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + workflow_dispatch: + +jobs: + eval: + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.generate.outputs.matrix }} + + steps: + - uses: actions/checkout@v4 + + - name: install nix + uses: DeterminateSystems/nix-installer-action@v6 + + - name: setup cachix + uses: cachix/cachix-action@master + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + skipAddingSubstituter: 'true' + + - name: generate matrix + id: generate + run: | + set -Eeu + echo "matrix=$(nix eval --accept-flake-config --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" + + build: + needs: eval + + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} + + runs-on: ${{ matrix.os }} + + name: build (${{matrix.attr}}) + + steps: + - uses: actions/checkout@v4 + + - name: setup qemu + if: matrix.arch == 'aarch64' + run: | + sudo apt update -y + sudo apt install -y qemu-user-static + + - name: install nix + if: matrix.arch != 'aarch64' + uses: DeterminateSystems/nix-installer-action@v6 + + - name: install nix (with aarch64) + if: matrix.arch == 'aarch64' + uses: DeterminateSystems/nix-installer-action@v6 + with: + extra-conf: "extra-platforms = aarch64-linux arm-linux" + + - name: setup cachix + uses: cachix/cachix-action@master + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + skipAddingSubstituter: 'true' + + - name: build ${{ matrix.attr }} + run: nix build -L --accept-flake-config --fallback .#${{ matrix.attr }} + + check: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: install nix + uses: DeterminateSystems/nix-installer-action@v6 + + - name: setup cachix + uses: cachix/cachix-action@master + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + skipAddingSubstituter: 'true' + + - name: setup cachix + uses: cachix/cachix-action@v12 + with: + name: getchoo + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + skipAddingSubstituter: 'true' + + - name: run check + run: nix flake check --accept-flake-config --show-trace + + # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 + gate: + needs: [build, check] + runs-on: ubuntu-latest + + if: always() + + steps: + - name: exit with result + run: | + buildResult="${{ needs.build.result }}" + checkResult="${{ needs.check.result }}" + + results=("$buildResult" "$checkResult") + + for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done + + exit 0 diff --git a/.github/workflows/update-inputs.yaml b/.github/workflows/update-inputs.yaml index a18c59d..8d795dc 100644 --- a/.github/workflows/update-inputs.yaml +++ b/.github/workflows/update-inputs.yaml @@ -6,12 +6,10 @@ on: - cron: "0 0 * * 6" workflow_dispatch: -permissions: - contents: write - pull-requests: write - jobs: update: uses: ./.github/workflows/update-lock.yaml with: commit-msg: "flake: update all inputs" + secrets: + token: ${{ secrets.MERGE_TOKEN }} diff --git a/.github/workflows/update-lock.yaml b/.github/workflows/update-lock.yaml index 0bf8b1d..cb70c94 100644 --- a/.github/workflows/update-lock.yaml +++ b/.github/workflows/update-lock.yaml @@ -12,6 +12,10 @@ on: required: false default: "" type: string + secrets: + token: + description: PAT for creating creating/merging the PR + required: true jobs: update: @@ -27,11 +31,11 @@ jobs: commit-msg: ${{ inputs.commit-msg }} inputs: ${{ inputs.inputs }} pr-title: ${{ inputs.commit-msg }} - token: ${{ github.token }} + token: ${{ secrets.token }} - name: enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GITHUB_TOKEN: ${{ github.token }} + GITHUB_TOKEN: ${{ secrets.token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} diff --git a/.github/workflows/update-nixpkgs.yaml b/.github/workflows/update-nixpkgs.yaml index 734bf2a..c8cccdf 100644 --- a/.github/workflows/update-nixpkgs.yaml +++ b/.github/workflows/update-nixpkgs.yaml @@ -6,13 +6,11 @@ on: - cron: "0 0 * * *" workflow_dispatch: -permissions: - contents: write - pull-requests: write - jobs: update: uses: ./.github/workflows/update-lock.yaml with: commit-msg: "flake: update nixpkgs" inputs: "nixpkgs nixpkgs-stable" + secrets: + token: ${{ secrets.MERGE_TOKEN }} diff --git a/README.md b/README.md index 7f07641..21f301c 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![made with neovim](https://img.shields.io/static/v1?label=made%20with&message=neovim&color=00b952&style=flat-square&logo=neovim)](https://neovim.io/) [![nixos unstable](https://img.shields.io/static/v1?label=NixOS&message=unstable&color=5277c3&style=flat-square&logo=nixos)](https://nixos.org/) -[![built with garnix](https://img.shields.io/endpoint?url=https%3A%2F%2Fgarnix.io%2Fapi%2Fbadges%2Fgetchoo%2Fflake%3Fbranch%3Dmain)](https://garnix.io) +![built status](https://github.com/getchoo/flake/actions/workflows/ci.yaml/badge.svg) greasy taco i love @@ -34,7 +34,6 @@ my ampere arm server from oracle, services my miniflux instance. there are some amazing tools i use to make/manage this flake that i would highly recommend checking out: -- [garnix](https://garnix.io) - [home-manager](https://github.com/nix-community/home-manager) - [agenix](https://github.com/ryantm/agenix) - [flake-parts](https://github.com/hercules-ci/flake-parts) diff --git a/flake.lock b/flake.lock index 77f5468..b963c5b 100644 --- a/flake.lock +++ b/flake.lock @@ -160,11 +160,11 @@ ] }, "locked": { - "lastModified": 1699059137, - "narHash": "sha256-jz+O1qyE7rX11LFH0R+Y9Jxo1fY2DZKOM4jXvIaFLnQ=", + "lastModified": 1699210446, + "narHash": "sha256-Srh4ydjVoteLEF9t5PolV2Y9a1Y7QNzvu8YCy5Cy4WI=", "owner": "getchoo", "repo": "nix-exprs", - "rev": "48b17c233c9ecf100d03d6fc8f7ac2eea6f74340", + "rev": "602193a4d8d0c8a886f9bb4f7e2bca2b968771fc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2a1fb35..930f3b5 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,8 @@ description = "getchoo's flake for system configurations"; nixConfig = { - extra-substituters = ["https://cache.garnix.io"]; - extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + extra-substituters = ["https://getchoo.cachix.org"]; + extra-trusted-public-keys = ["getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="]; }; inputs = { @@ -140,12 +140,14 @@ parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.pre-commit.flakeModule + inputs.getchoo.flakeModules.githubWorkflowGenerator ./modules ./overlay ./systems ./users ./dev.nix + ./workflow.nix ]; systems = [ diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index bbc3681..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,7 +0,0 @@ -builds: - exclude: [] - include: - - "checks.x86_64-linux.*" - - "devShells.x86_64-linux.default" - - "nixosConfigurations.*" - - "homeConfigurations.seth" diff --git a/modules/shared/nix.nix b/modules/shared/nix.nix index d496f72..72c3e00 100644 --- a/modules/shared/nix.nix +++ b/modules/shared/nix.nix @@ -19,8 +19,8 @@ auto-optimise-store = pkgs.stdenv.isLinux; experimental-features = lib.mkDefault ["nix-command" "flakes" "auto-allocate-uids" "repl-flake"]; - trusted-substituters = lib.mkDefault ["https://cache.garnix.io"]; - trusted-public-keys = lib.mkDefault ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + trusted-substituters = lib.mkDefault ["https://getchoo.cachix.org"]; + trusted-public-keys = lib.mkDefault ["getchoo.cachix.org-1:ftdbAUJVNaFonM0obRGgR5+nUmdLMM+AOvDOSx0z5tE="]; nix-path = config.nix.nixPath; }; diff --git a/workflow.nix b/workflow.nix new file mode 100644 index 0000000..e9cec5d --- /dev/null +++ b/workflow.nix @@ -0,0 +1,16 @@ +{ + githubWorkflowGenerator = { + outputs = [ + "checks" + "devShells" + "darwinConfigurations" + "nixosConfigurations" + "homeConfigurations" + ]; + + overrides = { + checks.systems = ["x86_64-linux"]; + devShells.systems = ["x86_64-linux" "x86_64-darwin"]; + }; + }; +} -- cgit v1.2.3