diff options
| author | seth <[email protected]> | 2023-12-15 02:38:39 -0500 |
|---|---|---|
| committer | seth <[email protected]> | 2023-12-15 16:41:13 -0500 |
| commit | 03223e6e6d061a18b66a69092c59e6a0cb6d1d3f (patch) | |
| tree | 87d1d7aa8edd58790a078b36ceebf0e702570a09 | |
| parent | 2ee6985ee62036afe8c1adc76849ffaf42a08bb8 (diff) | |
ci: garnix -> gha + attic
| -rw-r--r-- | .github/workflows/ci.yaml | 113 | ||||
| -rw-r--r-- | .github/workflows/docker.yaml | 64 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml | 12 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | flake.lock | 34 | ||||
| -rw-r--r-- | flake.nix | 17 | ||||
| -rw-r--r-- | garnix.yaml | 6 | ||||
| -rw-r--r-- | parts/dev.nix | 32 | ||||
| -rw-r--r-- | parts/workflow.nix | 15 |
9 files changed, 191 insertions, 104 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..98e3af4 --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,113 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + workflow_dispatch: + +jobs: + eval: + name: Evaluate flake + runs-on: ubuntu-latest + + outputs: + matrix: ${{ steps.evaluate.outputs.matrix }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Evaluate matrix + id: evaluate + run: | + set -eu + echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" + + build: + needs: eval + + strategy: + fail-fast: false + matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} + + name: Build (${{ matrix.attr }}) + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup local Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: https://cache.mydadleft.me + cache: teawiebot + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: ${{ github.event_name == 'pull_request' }} + + - name: Run build + run: | + nix build -L --accept-flake-config .#${{ matrix.attr }} + + check: + name: Check flake + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup local Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 + with: + endpoint: https://cache.mydadleft.me + cache: teawiebot + token: ${{ secrets.ATTIC_TOKEN }} + skip-push: ${{ github.event_name == 'pull_request' }} + + - name: Run check + run: nix flake check --show-trace --accept-flake-config + + # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 + gate: + needs: [build, check] + + name: CI Gate + runs-on: ubuntu-latest + + if: always() + + steps: + - name: Exit with result + run: | + build_result="${{ needs.build.result }}" + check_result="${{ needs.check.result }}" + + results=("$build_result" "$check_result") + + for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done + + exit 0 + + docker: + needs: gate + + permissions: + packages: write + + name: Push to image registry + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + uses: ./.github/workflows/docker.yaml diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 0009b4d..a2873ed 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,53 +1,12 @@ name: Push to image registry on: - check_suite: - types: ["completed"] + workflow_call: workflow_dispatch: jobs: - build: - name: Build image - - runs-on: ubuntu-latest - strategy: - matrix: - arch: [x86_64, aarch64] - - # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667 - if: github.event.check_suite.app.name == 'Garnix CI' - && github.event.check_suite.conclusion == 'success' - && github.event.check_suite.latest_check_runs_count >= 8 - && github.event.check_suite.head_branch == 'main' - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Build Docker image - id: build - run: | - nix build -L --accept-flake-config .#container-${{ matrix.arch }} - [ ! -L result ] && exit 1 - echo "path=$(realpath result)" >> "$GITHUB_OUTPUT" - - - name: Upload image - uses: actions/upload-artifact@v3 - with: - name: container-${{ matrix.arch }} - path: ${{ steps.build.outputs.path }} - if-no-files-found: error - retention-days: 1 - push: name: Push image - - needs: build runs-on: ubuntu-latest permissions: @@ -57,12 +16,6 @@ jobs: REGISTRY: ghcr.io USERNAME: getchoo - # ditto - if: github.event.check_suite.app.name == 'Garnix CI' - && github.event.check_suite.conclusion == 'success' - && github.event.check_suite.latest_check_runs_count >= 8 - && github.event.check_suite.head_branch == 'main' - steps: - name: Set image name run: | @@ -70,10 +23,15 @@ jobs: - uses: actions/checkout@v4 - - name: Download images - uses: actions/download-artifact@v3 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Attic cache + uses: ryanccn/attic-action@v0 with: - path: images + endpoint: https://cache.mydadleft.me + cache: teawiebot + token: ${{ secrets.ATTIC_TOKEN }} - name: Login to registry uses: docker/login-action@v3 @@ -90,9 +48,11 @@ jobs: architectures=("x86_64" "aarch64") for arch in "${architectures[@]}"; do - docker load < images/container-"$arch"/*.tar.gz + nix build -L --accept-flake-config .#container-"$arch" + docker load < result docker tag ${{ env.IMAGE_NAME }}:latest-"$arch" ${{ env.TAG }}-"$arch" docker push ${{ env.TAG }}-"$arch" + rm result done docker manifest create ${{ env.TAG }} \ diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index f27539f..f87726f 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -10,27 +10,23 @@ jobs: update: runs-on: ubuntu-latest - permissions: - contents: write - pull-requests: write - steps: - uses: actions/checkout@v4 - name: Install Nix - uses: nixbuild/nix-quick-install-action@v26 + uses: DeterminateSystems/nix-installer-action@v9 - - name: Update and create PR + - name: Update lockfile & make PR uses: DeterminateSystems/update-flake-lock@v20 id: update with: commit-msg: "flake: update inputs" pr-title: "flake: update inputs" - token: ${{ github.token }} + token: ${{ secrets.MERGE_TOKEN }} - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GH_TOKEN: ${{ github.token }} + GH_TOKEN: ${{ secrets.MERGE_TOKEN }} PR_ID: ${{ steps.update.outputs.pull-request-number }} @@ -1,5 +1,7 @@ # teawie bot 🦀🦀🦀 +[](https://github.com/getchoo/teawiebot/actions/workflows/ci.yaml) + okay so like basically, it's just a discord bot named "teawie" (so cool!! and now in rust!!!)🚀🚀 @@ -111,6 +111,24 @@ "type": "github" } }, + "nix2workflow": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1699416125, + "narHash": "sha256-IQHjxELWK6DBWbqYwggO4Q9gJbOm0XS3aCgMRzQWwZU=", + "owner": "getchoo", + "repo": "nix2workflow", + "rev": "f1de38cfea711e9a788794b5a658298b4062defb", + "type": "github" + }, + "original": { + "owner": "getchoo", + "repo": "nix2workflow", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1701693815, @@ -127,6 +145,21 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1699145078, + "narHash": "sha256-OO1b3jiMUGjafD2ErkbTPVgUlhmyWo2Z5i0k2kD1ViU=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "174d7dc67189bc4a53f1bffb4fb9d0f13b79cd3c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "parts": { "inputs": { "nixpkgs-lib": [ @@ -193,6 +226,7 @@ "fenix": "fenix", "flake-root": "flake-root", "naersk": "naersk", + "nix2workflow": "nix2workflow", "nixpkgs": "nixpkgs", "parts": "parts", "pre-commit": "pre-commit", @@ -2,12 +2,8 @@ description = "teawie moment"; nixConfig = { - extra-substituters = [ - "https://cache.garnix.io" - ]; - extra-trusted-public-keys = [ - "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" - ]; + extra-substituters = ["https://cache.mydadleft.me/teawiebot"]; + extra-trusted-public-keys = ["teawiebot:vp7AaQ042O/3326DMMtLF4MOUa5/kCBAq+YApy5GWXA="]; }; inputs = { @@ -31,6 +27,11 @@ proc-flake.url = "github:srid/proc-flake"; flake-root.url = "github:srid/flake-root"; + nix2workflow = { + url = "github:getchoo/nix2workflow"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + pre-commit = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -42,12 +43,16 @@ parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.pre-commit.flakeModule + inputs.proc-flake.flakeModule inputs.flake-root.flakeModule + inputs.nix2workflow.flakeModule + ./parts/deployment.nix ./parts/dev.nix ./parts/packages.nix + ./parts/workflow.nix ]; systems = [ diff --git a/garnix.yaml b/garnix.yaml deleted file mode 100644 index 64bee81..0000000 --- a/garnix.yaml +++ /dev/null @@ -1,6 +0,0 @@ -builds: - exclude: [] - include: - - "checks.x86_64-linux.*" - - "packages.x86_64-linux.*" - - "devShells.x86_64-linux.default" diff --git a/parts/dev.nix b/parts/dev.nix index 5628e33..a796912 100644 --- a/parts/dev.nix +++ b/parts/dev.nix @@ -2,7 +2,6 @@ perSystem = { lib, pkgs, - system, config, ... }: { @@ -18,37 +17,6 @@ }; }; - # a linkFarm of expected outputs for ci - checks = { - ciGate = let - /* - require self.checks for all systems - require self.packages for x86_64-linux - */ - required = builtins.concatMap builtins.attrValues ( - [(builtins.removeAttrs config.checks ["ciGate"])] - ++ lib.optionals (system == "x86_64-linux") [(builtins.removeAttrs config.packages ["default"])] - ); - - paths = - builtins.foldl' - ( - acc: deriv: let - name = deriv.pname or deriv.name; - pathName = - # if im not sure why `acc?name` doesn't work here - if (builtins.elem name (builtins.attrNames acc)) - then "${name}-1" - else name; - in - acc // {"${pathName}" = deriv.path or deriv.outPath;} - ) - {} - required; - in - pkgs.linkFarm "ci-gate" paths; - }; - proc.groups.daemons.processes = { redis.command = lib.getExe' pkgs.redis "redis-server"; }; diff --git a/parts/workflow.nix b/parts/workflow.nix new file mode 100644 index 0000000..600a1bb --- /dev/null +++ b/parts/workflow.nix @@ -0,0 +1,15 @@ +{ + githubWorkflowGenerator = { + outputs = [ + "checks" + "devShells" + "packages" + ]; + + overrides = { + checks.systems = ["x86_64-linux"]; + devShells.systems = ["x86_64-linux"]; + packages.systems = ["x86_64-linux"]; + }; + }; +} |