Skip to content

Pass --accept-flake-config only during flake-related commands #1410

Pass --accept-flake-config only during flake-related commands

Pass --accept-flake-config only during flake-related commands #1410

Workflow file for this run

name: "CI"
on:
push:
branches:
- "main"
- "ci/**"
pull_request:
jobs:
website:
if: github.ref == 'refs/heads/main'
needs: main
uses: ./.github/workflows/website.yaml
with:
static-site-path: ${{ needs.main.outputs.OMWEBSITE }}
secrets: inherit
main:
runs-on: ${{ matrix.system }}
permissions:
contents: read
outputs:
# It is important to match the matrix.system here
# With that of website.yaml
OMWEBSITE: ${{ steps.omci.outputs.OMWEBSITE_x86_64-linux }}
strategy:
matrix:
system: [x86_64-linux, aarch64-linux, aarch64-darwin, x86_64-darwin]
isMain:
- ${{ contains(github.ref, 'main') }}
# Excluded emulated builds on PRs
exclude:
- system: aarch64-linux
isMain: false
- system: x86_64-darwin
isMain: false
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: cachix/cachix-action@v14
if: github.ref == 'refs/heads/main'
with:
name: om
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
skipPush: true
# Build omnix first, so we can use it to build the rest of the flake outputs.
# This also separates the CI log for both these obviously distinct steps.
- name: Build Omnix package
run: nix build --no-link --print-out-paths
# Build flake outputs
# Run omnix using self.
- name: Omnix CI
run: |
nix run . -- ci \
--extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \
run \
--systems "${{ matrix.system }}" \
--results=$HOME/omci.json
- name: Omnix results
id: omci
run: |
cat $HOME/omci.json | jq
# Retrieve the store path for the given package out of the given subflake.
get_output() {
subflake=$1 name=$2 \
jq -r '.result.[$ENV.subflake].build.byName.[$ENV.name]' < $HOME/omci.json
}
echo "OMCIJSON_PATH=$HOME/omci.json" >> "$GITHUB_OUTPUT"
echo "OMCIJSON=$(cat $HOME/omci.json)" >> "$GITHUB_OUTPUT"
echo "OMPACKAGE=$(get_output omnix omnix-cli)" >> "$GITHUB_OUTPUT"
echo "OMWEBSITE_${{ matrix.system }}=$(get_output doc omnix-mdbook-site)" >> "$GITHUB_OUTPUT"
- name: "Omnix: Upload results"
uses: actions/upload-artifact@v4
with:
name: omci-${{ matrix.system }}.json
path: ${{ steps.omci.outputs.OMCIJSON_PATH }}
if-no-files-found: error
# Upload static binary for the next job.
# TODO: This should ideally be in a separate workflow file, running parallel to the main job.
- name: "static-binary: Upload"
if: matrix.system != 'x86_64-darwin'
uses: actions/upload-artifact@v4
with:
name: om-${{ matrix.system }}
path: ${{ steps.omci.outputs.OMPACKAGE }}/bin/om
if-no-files-found: error
# Push the Nix cache
- name: Push to cachix
env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
if: env.BRANCH_NAME == 'main'
run: |
nix run github:juspay/cachix-push -- \
--subflake omnix \
--prefix "${BRANCH_NAME}" \
--cache om \
< $HOME/omci.json
static-binary-check:
needs: main
runs-on: ${{ matrix.system }}
strategy:
matrix:
system: [ubuntu-latest, macos-latest]
steps:
- name: Donwload om static binary
uses: actions/download-artifact@v4
with:
name: om-${{ matrix.system == 'ubuntu-latest' && 'x86_64-linux' || matrix.system == 'macos-latest' && 'aarch64-darwin' || matrix.system }}
- name: Check nix installation
run: |
if which nix; then
echo "nix is installed, exiting"
exit 1
elif test -d /nix; then
echo "/nix is present, exiting"
exit 1
else
echo "nix is not installed"
fi
- name: Run om static binary
# By default, the shell will exit if any command fails. We want to
# ignore the failure of the om binary using `set +e`.
run: |
set +e
chmod +x ./om
./om health
if [[ $? -ne 0 ]]; then
echo "om binary failed due to lack of nix installation, as expected."
exit 0
fi