diff options
| -rw-r--r-- | .github/workflows/ci.yaml | 113 | ||||
| -rw-r--r-- | .github/workflows/docker.yaml | 60 | ||||
| -rw-r--r-- | .github/workflows/update-flake.yaml | 8 | ||||
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | flake.lock | 21 | ||||
| -rw-r--r-- | flake.nix | 14 | ||||
| -rw-r--r-- | garnix.yaml | 6 | ||||
| -rw-r--r-- | nix/ci.nix | 25 | ||||
| -rw-r--r-- | nix/deployment.nix | 4 | ||||
| -rw-r--r-- | nix/workflow.nix | 15 |
10 files changed, 89 insertions, 179 deletions
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 98e3af4..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,113 +0,0 @@ -name: CI - -on: - push: - branches: [main] - pull_request: - workflow_dispatch: - -jobs: - eval: - name: Evaluate flake - runs-on: ubuntu-latest - - outputs: - matrix: ${{ steps.evaluate.outputs.matrix }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Evaluate matrix - id: evaluate - run: | - set -eu - echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" - - build: - needs: eval - - strategy: - fail-fast: false - matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} - - name: Build (${{ matrix.attr }}) - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} - skip-push: ${{ github.event_name == 'pull_request' }} - - - name: Run build - run: | - nix build -L --accept-flake-config .#${{ matrix.attr }} - - check: - name: Check flake - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} - skip-push: ${{ github.event_name == 'pull_request' }} - - - name: Run check - run: nix flake check --show-trace --accept-flake-config - - # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 - gate: - needs: [build, check] - - name: CI Gate - runs-on: ubuntu-latest - - if: always() - - steps: - - name: Exit with result - run: | - build_result="${{ needs.build.result }}" - check_result="${{ needs.check.result }}" - - results=("$build_result" "$check_result") - - for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done - - exit 0 - - docker: - needs: gate - - permissions: - packages: write - - name: Push to image registry - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/docker.yaml diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a2873ed..6654e6a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,12 +1,53 @@ name: Push to image registry on: - workflow_call: + check_suite: + types: [completed] workflow_dispatch: jobs: + build: + name: Build image + + runs-on: ubuntu-latest + strategy: + matrix: + arch: [x86_64, aarch64] + + # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667 + if: github.event.check_suite.app.name == 'Garnix CI' + && github.event.check_suite.conclusion == 'success' + && github.event.check_suite.latest_check_runs_count >= 8 + && github.event.check_suite.head_branch == 'main' + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Build Docker image + id: build + run: | + nix build -L --accept-flake-config .#container-${{ matrix.arch }} + [ ! -L result ] && exit 1 + echo "path=$(realpath result)" >> "$GITHUB_OUTPUT" + + - name: Upload image + uses: actions/upload-artifact@v3 + with: + name: container-${{ matrix.arch }} + path: ${{ steps.build.outputs.path }} + if-no-files-found: error + retention-days: 1 + push: name: Push image + + needs: build runs-on: ubuntu-latest permissions: @@ -23,15 +64,10 @@ jobs: - uses: actions/checkout@v4 - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 + - name: Download images + uses: actions/download-artifact@v3 with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} + path: images - name: Login to registry uses: docker/login-action@v3 @@ -48,11 +84,9 @@ jobs: architectures=("x86_64" "aarch64") for arch in "${architectures[@]}"; do - nix build -L --accept-flake-config .#container-"$arch" - docker load < result - docker tag ${{ env.IMAGE_NAME }}:latest-"$arch" ${{ env.TAG }}-"$arch" + docker load < images/container-"$arch"/*.tar.gz + docker tag teawiebot:latest-"$arch" ${{ env.TAG }}-"$arch" docker push ${{ env.TAG }}-"$arch" - rm result done docker manifest create ${{ env.TAG }} \ diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index f87726f..b4ae88c 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -10,6 +10,10 @@ jobs: update: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v4 @@ -22,11 +26,11 @@ jobs: with: commit-msg: "flake: update inputs" pr-title: "flake: update inputs" - token: ${{ secrets.MERGE_TOKEN }} + token: ${{ github.token }} - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GH_TOKEN: ${{ secrets.MERGE_TOKEN }} + GH_TOKEN: ${{ github.token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} @@ -1,6 +1,6 @@ # teawie bot 🦀🦀🦀 -[](https://github.com/getchoo/teawiebot/actions/workflows/ci.yaml) +[](https://garnix.io) okay so like basically, it's just a discord bot named "teawie" (so cool!! and now in rust!!!)🚀🚀 @@ -111,26 +111,6 @@ "type": "github" } }, - "nix2workflow": { - "inputs": { - "nixpkgs-lib": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1699416125, - "narHash": "sha256-IQHjxELWK6DBWbqYwggO4Q9gJbOm0XS3aCgMRzQWwZU=", - "owner": "getchoo", - "repo": "nix2workflow", - "rev": "f1de38cfea711e9a788794b5a658298b4062defb", - "type": "github" - }, - "original": { - "owner": "getchoo", - "repo": "nix2workflow", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1702539185, @@ -213,7 +193,6 @@ "fenix": "fenix", "flake-root": "flake-root", "naersk": "naersk", - "nix2workflow": "nix2workflow", "nixpkgs": "nixpkgs", "parts": "parts", "pre-commit": "pre-commit", @@ -2,8 +2,8 @@ description = "teawie moment"; nixConfig = { - extra-substituters = ["https://cache.mydadleft.me/teawiebot"]; - extra-trusted-public-keys = ["teawiebot:vp7AaQ042O/3326DMMtLF4MOUa5/kCBAq+YApy5GWXA="]; + extra-substituters = ["https://cache.garnix.io"]; + extra-trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; }; inputs = { @@ -27,11 +27,6 @@ proc-flake.url = "github:srid/proc-flake"; flake-root.url = "github:srid/flake-root"; - nix2workflow = { - url = "github:getchoo/nix2workflow"; - inputs.nixpkgs-lib.follows = "nixpkgs"; - }; - pre-commit = { url = "github:cachix/pre-commit-hooks.nix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -43,16 +38,13 @@ parts.lib.mkFlake {inherit inputs;} { imports = [ inputs.pre-commit.flakeModule - inputs.proc-flake.flakeModule inputs.flake-root.flakeModule - inputs.nix2workflow.flakeModule - + ./nix/ci.nix ./nix/deployment.nix ./nix/dev.nix ./nix/packages.nix - ./nix/workflow.nix ]; systems = [ diff --git a/garnix.yaml b/garnix.yaml new file mode 100644 index 0000000..64bee81 --- /dev/null +++ b/garnix.yaml @@ -0,0 +1,6 @@ +builds: + exclude: [] + include: + - "checks.x86_64-linux.*" + - "packages.x86_64-linux.*" + - "devShells.x86_64-linux.default" diff --git a/nix/ci.nix b/nix/ci.nix new file mode 100644 index 0000000..38293ce --- /dev/null +++ b/nix/ci.nix @@ -0,0 +1,25 @@ +{ + perSystem = { + pkgs, + lib, + config, + ... + }: { + /* + require packages, checks, and devShells for ci to be considered a success + + also thanks DetSys for showing me i don't need to use runCommand, symlinkJoin, or linkFarm! + https://determinate.systems/posts/hydra-deployment-source-of-truth + */ + + packages.ciGate = pkgs.writeText "ci-gate" '' + ${ + lib.concatMapStringsSep "\n" (s: toString (builtins.attrValues s)) [ + config.checks + config.devShells + (builtins.removeAttrs config.packages ["default" "ciGate"]) + ] + } + ''; + }; +} diff --git a/nix/deployment.nix b/nix/deployment.nix index 9fb754e..57bc67a 100644 --- a/nix/deployment.nix +++ b/nix/deployment.nix @@ -13,8 +13,6 @@ inputs', ... }: let - name = "getchoo/teawiebot"; - crossPkgsFor = lib.fix (finalAttrs: { "x86_64-linux" = { "x86_64" = pkgs.pkgsStatic; @@ -70,7 +68,7 @@ containerFor = arch: pkgs.dockerTools.buildLayeredImage { - inherit name; + name = "teawiebot"; tag = "latest-${arch}"; contents = [pkgs.dockerTools.caCertificates]; config.Cmd = [(wieFor arch)]; diff --git a/nix/workflow.nix b/nix/workflow.nix deleted file mode 100644 index 600a1bb..0000000 --- a/nix/workflow.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - githubWorkflowGenerator = { - outputs = [ - "checks" - "devShells" - "packages" - ]; - - overrides = { - checks.systems = ["x86_64-linux"]; - devShells.systems = ["x86_64-linux"]; - packages.systems = ["x86_64-linux"]; - }; - }; -} |