Samsung/WSL2 #721
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and test flake outputs | |
on: | |
push: | |
workflow_dispatch: | |
workflow_call: | |
inputs: | |
branch: | |
description: Branch name to build on | |
default: "" | |
required: false | |
type: string | |
secrets: | |
CACHIX_ACTIVATE_TOKEN: | |
CACHIX_AUTH_TOKEN: | |
required: true | |
jobs: | |
nix: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
system: | |
- aarch64 | |
- x86_64 | |
nix-command: | |
- fmt -- --check | |
- eval .#apps.$_system.nixos-shell.program | |
- eval .#apps.$_system.setup.program | |
- develop .#ruby --impure | |
- develop .#deno --impure | |
- develop .#jvmlanguages-devenv --impure | |
- develop .#ocaml --impure | |
- develop .#rust --impure | |
- develop .#haskell --impure | |
- develop .#playwright --impure | |
- develop .#machnix --impure | |
- develop .#jupyenv --impure | |
- develop .#nixd | |
- eval .#apps.$_system.jupyenv-app.program | |
include: | |
- nix-command: build .#homeConfigurations."dani@maiziedemacchiato".activationPackage | |
system: x86_64 | |
deploy-agent: maiziedemacchiato | |
deploy-args: --async | |
- nix-command: build .#nixOnDroidConfigurations.sams9.activationPackage --impure --print-build-logs --log-lines 9999 | |
system: aarch64 | |
deploy-agent: sams9 | |
deploy-args: --async | |
- nix-command: build .#nixosConfigurations.DANIELKNB1.config.system.build.toplevel | |
system: x86_64 | |
deploy-agent: DANIELKNB1 | |
deploy-args: --async | |
- nix-command: build .#packages.$_system.installer-image | |
system: x86_64 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ inputs.branch }} | |
- name: Install nix | |
uses: cachix/install-nix-action@v22 | |
with: | |
extra_nix_config: | | |
keep-going = true | |
show-trace = true | |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} | |
- name: Setup cachix | |
uses: cachix/cachix-action@v12 | |
with: | |
name: 573-bc | |
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
- name: Build command (aarch64) | |
if: matrix.system == 'aarch64' | |
# FIXME: use upstream once --tty is removed | |
#uses: uraimo/run-on-arch-action@v2 | |
uses: Gerschtli/run-on-arch-action@tty | |
with: | |
arch: aarch64 | |
distro: alpine_latest | |
dockerRunArgs: --volume /nix:/nix | |
install: | | |
apk --no-cache add curl git xz | |
adduser --disabled-password ci | |
env: | | |
_system: ${{ matrix.system }}-linux | |
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN || 'no-value' }} | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
run: | | |
set -euo pipefail | |
mkdir -p /home/ci/.config/nix | |
cat <<EOF > /home/ci/.config/nix/nix.conf | |
experimental-features = nix-command flakes | |
extra-experimental-features = flakes | |
accept-flake-config = true | |
keep-going = true | |
show-trace = true | |
EOF | |
chown --recursive ci:ci /nix /home/ci | |
chgrp --recursive ci "$(pwd)" | |
chmod -R g+w "$(pwd)" | |
echo "::group::Install nix" | |
curl \ | |
--silent \ | |
--show-error \ | |
--output /tmp/install \ | |
--retry 5 \ | |
--retry-all-errors \ | |
--fail \ | |
--location \ | |
"https://nixos.org/nix/install" | |
# "https://releases.nixos.org/nix/nix-2.14.1/install" | |
su ci -c "sh /tmp/install --no-channel-add --no-daemon" | |
rm /tmp/install | |
function run() { | |
su ci -c ". /home/ci/.nix-profile/etc/profile.d/nix.sh; $*" | |
} | |
# FIXME: setting build-hook is needed because default hook `nix __build-remote` is not available - NixOS/nix#7217 | |
function build_hook() { | |
local nix_path="$(run which nix)" | |
echo "${nix_path/bin\/nix/libexec/nix/build-remote}" | |
} | |
run echo "build-hook = $(build_hook)" >> /home/ci/.config/nix/nix.conf | |
echo "::group::Setup cachix" | |
run nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install | |
run cachix --version | |
run cachix use gerschtli | |
run cachix use nix-on-droid | |
run cachix use 573-bc | |
run cachix use nix-community | |
run cachix use tweag-jupyter | |
run cachix use coq | |
run cachix use nixpkgs-ruby | |
echo "::group::Build command" | |
run git config --global --add safe.directory "$(pwd)" | |
run nix ${{ matrix.nix-command }} | |
# FIXME I left the inputs.branch == '' clause off on purpose to test what's its' semantics | |
${{ github.ref == 'refs/heads/wsl2' && matrix.deploy-agent && | |
format( | |
' | |
echo "::group::Build spec" | |
spec="$(run nix build --print-out-paths ".#cachix-deploy-spec-{0}" --impure)" | |
echo "::group::Upload spec" | |
run cachix push 573-bc "$spec" | |
', | |
matrix.deploy-agent, | |
matrix.deploy-args | |
) | |
|| 'echo "::group::Skip spec deploy"' | |
}} | |
- name: Build command (x86_64) | |
if: matrix.system == 'x86_64' | |
env: | |
_system: ${{ matrix.system }}-linux | |
run: | | |
cachix use gerschtli | |
cachix use nix-on-droid | |
cachix use 573-bc | |
cachix use nix-community | |
cachix use tweag-jupyter | |
cachix use coq | |
cachix use nixpkgs-ruby | |
echo "::group::Build command" | |
nix ${{ matrix.nix-command }} | |
- name: Deploy cachix-agent spec (x86_64) | |
if: matrix.system == 'x86_64' && github.ref == 'refs/heads/wsl2' && inputs.branch == '' && matrix.deploy-agent | |
env: | |
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }} | |
run: | | |
echo "::group::Build spec" | |
spec="$(nix build --print-out-paths ".#cachix-deploy-spec-${{ matrix.deploy-agent }}")" | |
echo "::group::Upload spec" | |
cachix push 573-bc "$spec" | |
# vim: set sw=2: |