From 51c97f77ae11d4eb8e5c38a9f5d0b5ca9d8e3da4 Mon Sep 17 00:00:00 2001 From: seth Date: Sat, 16 Dec 2023 00:34:10 -0500 Subject: ci: back to garnix --- .github/workflows/ci.yaml | 113 ------------------------------------ .github/workflows/docker.yaml | 60 ++++++++++++++----- .github/workflows/update-flake.yaml | 8 ++- 3 files changed, 53 insertions(+), 128 deletions(-) delete mode 100644 .github/workflows/ci.yaml (limited to '.github/workflows') diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml deleted file mode 100644 index 98e3af4..0000000 --- a/.github/workflows/ci.yaml +++ /dev/null @@ -1,113 +0,0 @@ -name: CI - -on: - push: - branches: [main] - pull_request: - workflow_dispatch: - -jobs: - eval: - name: Evaluate flake - runs-on: ubuntu-latest - - outputs: - matrix: ${{ steps.evaluate.outputs.matrix }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Evaluate matrix - id: evaluate - run: | - set -eu - echo "matrix=$(nix eval --show-trace --json .#githubWorkflow.matrix)" >> "$GITHUB_OUTPUT" - - build: - needs: eval - - strategy: - fail-fast: false - matrix: ${{ fromJSON(needs.eval.outputs.matrix) }} - - name: Build (${{ matrix.attr }}) - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} - skip-push: ${{ github.event_name == 'pull_request' }} - - - name: Run build - run: | - nix build -L --accept-flake-config .#${{ matrix.attr }} - - check: - name: Check flake - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup local Nix cache - uses: DeterminateSystems/magic-nix-cache-action@v2 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 - with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} - skip-push: ${{ github.event_name == 'pull_request' }} - - - name: Run check - run: nix flake check --show-trace --accept-flake-config - - # https://github.com/orgs/community/discussions/26822#discussioncomment-3305794 - gate: - needs: [build, check] - - name: CI Gate - runs-on: ubuntu-latest - - if: always() - - steps: - - name: Exit with result - run: | - build_result="${{ needs.build.result }}" - check_result="${{ needs.check.result }}" - - results=("$build_result" "$check_result") - - for result in "${results[@]}"; do [ "$result" != "success" ] && exit 1; done - - exit 0 - - docker: - needs: gate - - permissions: - packages: write - - name: Push to image registry - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' - uses: ./.github/workflows/docker.yaml diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index a2873ed..6654e6a 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -1,12 +1,53 @@ name: Push to image registry on: - workflow_call: + check_suite: + types: [completed] workflow_dispatch: jobs: + build: + name: Build image + + runs-on: ubuntu-latest + strategy: + matrix: + arch: [x86_64, aarch64] + + # https://github.com/sellout/bash-strict-mode/commit/9bf1d65c2f786a9887facfcb81e06d8b8b5f4667 + if: github.event.check_suite.app.name == 'Garnix CI' + && github.event.check_suite.conclusion == 'success' + && github.event.check_suite.latest_check_runs_count >= 8 + && github.event.check_suite.head_branch == 'main' + + steps: + - uses: actions/checkout@v4 + + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v9 + + - name: Setup Nix cache + uses: DeterminateSystems/magic-nix-cache-action@v2 + + - name: Build Docker image + id: build + run: | + nix build -L --accept-flake-config .#container-${{ matrix.arch }} + [ ! -L result ] && exit 1 + echo "path=$(realpath result)" >> "$GITHUB_OUTPUT" + + - name: Upload image + uses: actions/upload-artifact@v3 + with: + name: container-${{ matrix.arch }} + path: ${{ steps.build.outputs.path }} + if-no-files-found: error + retention-days: 1 + push: name: Push image + + needs: build runs-on: ubuntu-latest permissions: @@ -23,15 +64,10 @@ jobs: - uses: actions/checkout@v4 - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v9 - - - name: Setup Attic cache - uses: ryanccn/attic-action@v0 + - name: Download images + uses: actions/download-artifact@v3 with: - endpoint: https://cache.mydadleft.me - cache: teawiebot - token: ${{ secrets.ATTIC_TOKEN }} + path: images - name: Login to registry uses: docker/login-action@v3 @@ -48,11 +84,9 @@ jobs: architectures=("x86_64" "aarch64") for arch in "${architectures[@]}"; do - nix build -L --accept-flake-config .#container-"$arch" - docker load < result - docker tag ${{ env.IMAGE_NAME }}:latest-"$arch" ${{ env.TAG }}-"$arch" + docker load < images/container-"$arch"/*.tar.gz + docker tag teawiebot:latest-"$arch" ${{ env.TAG }}-"$arch" docker push ${{ env.TAG }}-"$arch" - rm result done docker manifest create ${{ env.TAG }} \ diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml index f87726f..b4ae88c 100644 --- a/.github/workflows/update-flake.yaml +++ b/.github/workflows/update-flake.yaml @@ -10,6 +10,10 @@ jobs: update: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: - uses: actions/checkout@v4 @@ -22,11 +26,11 @@ jobs: with: commit-msg: "flake: update inputs" pr-title: "flake: update inputs" - token: ${{ secrets.MERGE_TOKEN }} + token: ${{ github.token }} - name: Enable auto-merge shell: bash run: gh pr merge --auto --rebase "$PR_ID" env: - GH_TOKEN: ${{ secrets.MERGE_TOKEN }} + GH_TOKEN: ${{ github.token }} PR_ID: ${{ steps.update.outputs.pull-request-number }} -- cgit v1.2.3