Pass --accept-flake-config
only during flake-related commands
#1413
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI" | |
on: | |
push: | |
branches: | |
- "main" | |
- "ci/**" | |
pull_request: | |
jobs: | |
website: | |
if: github.ref == 'refs/heads/main' | |
needs: main | |
uses: ./.github/workflows/website.yaml | |
with: | |
static-site-path: ${{ needs.main.outputs.OMWEBSITE }} | |
secrets: inherit | |
main: | |
runs-on: ${{ matrix.system }} | |
permissions: | |
contents: read | |
outputs: | |
# It is important to match the matrix.system here | |
# With that of website.yaml | |
OMWEBSITE: ${{ steps.omci.outputs.OMWEBSITE_x86_64-linux }} | |
strategy: | |
matrix: | |
system: [x86_64-linux, aarch64-linux, aarch64-darwin, x86_64-darwin] | |
isMain: | |
- ${{ contains(github.ref, 'main') }} | |
# Excluded emulated builds on PRs | |
exclude: | |
- system: aarch64-linux | |
isMain: false | |
- system: x86_64-darwin | |
isMain: false | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: cachix/cachix-action@v14 | |
if: github.ref == 'refs/heads/main' | |
with: | |
name: om | |
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
skipPush: true | |
# Build omnix first, so we can use it to build the rest of the flake outputs. | |
# This also separates the CI log for both these obviously distinct steps. | |
- name: Build Omnix package | |
run: nix build --no-link --print-out-paths | |
# Build flake outputs | |
# Run omnix using self. | |
- name: Omnix CI | |
run: | | |
nix run . -- ci \ | |
--extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \ | |
run \ | |
--systems "${{ matrix.system }}" \ | |
--results=$HOME/omci.json | |
- name: Omnix results | |
id: omci | |
run: | | |
cat $HOME/omci.json | jq | |
# Retrieve the store path for the given package out of the given subflake. | |
get_output() { | |
subflake=$1 name=$2 \ | |
jq -r '.result.[$ENV.subflake].build.byName.[$ENV.name]' < $HOME/omci.json | |
} | |
echo "OMCIJSON_PATH=$HOME/omci.json" >> "$GITHUB_OUTPUT" | |
echo "OMCIJSON=$(cat $HOME/omci.json)" >> "$GITHUB_OUTPUT" | |
echo "OMPACKAGE=$(get_output omnix omnix-cli)" >> "$GITHUB_OUTPUT" | |
echo "OMWEBSITE_${{ matrix.system }}=$(get_output doc omnix-mdbook-site)" >> "$GITHUB_OUTPUT" | |
- name: "Omnix: Upload results" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: omci-${{ matrix.system }}.json | |
path: ${{ steps.omci.outputs.OMCIJSON_PATH }} | |
if-no-files-found: error | |
# Upload static binary for the next job. | |
# TODO: This should ideally be in a separate workflow file, running parallel to the main job. | |
- name: "static-binary: Upload" | |
if: matrix.system != 'x86_64-darwin' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: om-${{ matrix.system }} | |
path: ${{ steps.omci.outputs.OMPACKAGE }}/bin/om | |
if-no-files-found: error | |
# Push the Nix cache | |
- name: Push to cachix | |
env: | |
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
if: env.BRANCH_NAME == 'main' | |
run: | | |
nix run github:juspay/cachix-push -- \ | |
--subflake omnix \ | |
--prefix "${BRANCH_NAME}" \ | |
--cache om \ | |
< $HOME/omci.json | |
static-binary-check: | |
needs: main | |
runs-on: ${{ matrix.system }} | |
strategy: | |
matrix: | |
system: [ubuntu-latest, macos-latest] | |
steps: | |
- name: Donwload om static binary | |
uses: actions/download-artifact@v4 | |
with: | |
name: om-${{ matrix.system == 'ubuntu-latest' && 'x86_64-linux' || matrix.system == 'macos-latest' && 'aarch64-darwin' || matrix.system }} | |
- name: Check nix installation | |
run: | | |
if which nix; then | |
echo "nix is installed, exiting" | |
exit 1 | |
elif test -d /nix; then | |
echo "/nix is present, exiting" | |
exit 1 | |
else | |
echo "nix is not installed" | |
fi | |
- name: Run om static binary | |
# By default, the shell will exit if any command fails. We want to | |
# ignore the failure of the om binary using `set +e`. | |
run: | | |
set +e | |
chmod +x ./om | |
./om health | |
if [[ $? -ne 0 ]]; then | |
echo "om binary failed due to lack of nix installation, as expected." | |
exit 0 | |
fi |