ci: back to garnix

author: seth <[email protected]> 2023-12-16 00:34:10 -0500
committer: seth <[email protected]> 2023-12-16 11:29:01 -0500
commit: 51c97f77ae11d4eb8e5c38a9f5d0b5ca9d8e3da4 (patch)
tree: 7a7e32f0ff01549252fb205886c602f919c8b211 /.github/workflows
parent: bd2966db8f3660c03039a0f6ab03e850f0e17d45 (diff)
3 files changed, 53 insertions, 128 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
deleted file mode 100644
index 98e3af4..0000000
--- a/.github/workflows/ci.yaml
+++ /dev/null
@@ -1,113 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [main]
-  pull_request:
-  workflow_dispatch:
-
-jobs:
-  eval:
-    name: Evaluate flake
-    runs-on: ubuntu-latest
-
-    outputs:
-      matrix: ${{ steps.evaluate.outputs.matrix }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v9
-
-      - name: Evaluate matrix
-        id: evaluate
-        run: |
-          set -eu
-          echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT"
-
-  build:
-    needs: eval
-
-    strategy:
-      fail-fast: false
-      matrix: ${{ fromJSON(needs.eval.outputs.matrix) }}
-
-    name: Build (${{ matrix.attr }})
-    runs-on: ${{ matrix.os }}
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v9
-
-      - name: Setup local Nix cache
-        uses: DeterminateSystems/magic-nix-cache-action@v2
-
-      - name: Setup Attic cache
-        uses: ryanccn/attic-action@v0
-        with:
-          endpoint: https://cache.mydadleft.me
-          cache: teawiebot
-          token: ${{ secrets.ATTIC_TOKEN }}
-          skip-push: ${{ github.event_name == 'pull_request' }}
-
-      - name: Run build
-        run: |
-          nix build -L --accept-flake-config .#${{ matrix.attr }}
-
-  check:
-    name: Check flake
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v9
-
-      - name: Setup local Nix cache
-        uses: DeterminateSystems/magic-nix-cache-action@v2
-
-      - name: Setup Attic cache
-        uses: ryanccn/attic-action@v0
-        with:
-          endpoint: https://cache.mydadleft.me
-          cache: teawiebot
-          token: ${{ secrets.ATTIC_TOKEN }}
-          skip-push: ${{ github.event_name == 'pull_request' }}
-
-      - name: Run check
-        run: nix flake check --show-trace --accept-flake-config
-
-  # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794
-  gate:
-    needs: [build, check]
-
-    name: CI Gate
-    runs-on: ubuntu-latest
-
-    if: always()
-
-    steps:
-      - name: Exit with result
-        run: |
-          build_result="${{ needs.build.result }}"
-          check_result="${{ needs.check.result }}"
-
-          results=("$build_result" "$check_result")
-
-          for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done
-
-          exit 0
-
-  docker:
-    needs: gate
-
-    permissions:
-      packages: write
-
-    name: Push to image registry
-    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
-    uses: ./.github/workflows/docker.yaml
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index a2873ed..6654e6a 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -1,12 +1,53 @@
 name: Push to image registry
 
 on:
-  workflow_call:
+  check_suite:
+    types: [completed]
   workflow_dispatch:
 
 jobs:
+  build:
+    name: Build image
+
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        arch: [x86_64, aarch64]
+
+    # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667
+    if: github.event.check_suite.app.name == 'Garnix CI'
+      && github.event.check_suite.conclusion == 'success'
+      && github.event.check_suite.latest_check_runs_count >= 8
+      && github.event.check_suite.head_branch == 'main'
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: DeterminateSystems/nix-installer-action@v9
+
+      - name: Setup Nix cache
+        uses: DeterminateSystems/magic-nix-cache-action@v2
+
+      - name: Build Docker image
+        id: build
+        run: |
+          nix build -L --accept-flake-config .#container-${{ matrix.arch }}
+          [ ! -L result ] && exit 1
+          echo "path=$(realpath result)" >> "$GITHUB_OUTPUT"
+
+      - name: Upload image
+        uses: actions/upload-artifact@v3
+        with:
+          name: container-${{ matrix.arch }}
+          path: ${{ steps.build.outputs.path }}
+          if-no-files-found: error
+          retention-days: 1
+
   push:
     name: Push image
+
+    needs: build
     runs-on: ubuntu-latest
 
     permissions:
@@ -23,15 +64,10 @@ jobs:
 
       - uses: actions/checkout@v4
 
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v9
-
-      - name: Setup Attic cache
-        uses: ryanccn/attic-action@v0
+      - name: Download images
+        uses: actions/download-artifact@v3
         with:
-          endpoint: https://cache.mydadleft.me
-          cache: teawiebot
-          token: ${{ secrets.ATTIC_TOKEN }}
+          path: images
 
       - name: Login to registry
         uses: docker/login-action@v3
@@ -48,11 +84,9 @@ jobs:
 
           architectures=("x86_64" "aarch64")
           for arch in "${architectures[@]}"; do
-            nix build -L --accept-flake-config .#container-"$arch"
-            docker load < result
-            docker tag ${{ env.IMAGE_NAME }}:latest-"$arch" ${{ env.TAG }}-"$arch"
+            docker load < images/container-"$arch"/*.tar.gz
+            docker tag teawiebot:latest-"$arch" ${{ env.TAG }}-"$arch"
             docker push ${{ env.TAG }}-"$arch"
-            rm result
           done
 
           docker manifest create ${{ env.TAG }} \
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
index f87726f..b4ae88c 100644
--- a/.github/workflows/update-flake.yaml
+++ b/.github/workflows/update-flake.yaml
@@ -10,6 +10,10 @@ jobs:
   update:
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: write
+      pull-requests: write
+
     steps:
       - uses: actions/checkout@v4
 
@@ -22,11 +26,11 @@ jobs:
         with:
           commit-msg: "flake: update inputs"
           pr-title: "flake: update inputs"
-          token: ${{ secrets.MERGE_TOKEN }}
+          token: ${{ github.token }}
 
       - name: Enable auto-merge
         shell: bash
         run: gh pr merge --auto --rebase "$PR_ID"
         env:
-          GH_TOKEN: ${{ secrets.MERGE_TOKEN }}
+          GH_TOKEN: ${{ github.token }}
           PR_ID: ${{ steps.update.outputs.pull-request-number }}
author	seth <[email protected]>	2023-12-16 00:34:10 -0500
committer	seth <[email protected]>	2023-12-16 11:29:01 -0500
commit	51c97f77ae11d4eb8e5c38a9f5d0b5ca9d8e3da4 (patch)
tree	7a7e32f0ff01549252fb205886c602f919c8b211 /.github/workflows
parent	bd2966db8f3660c03039a0f6ab03e850f0e17d45 (diff)