From a91371ff382718189ebe4d998b0e8abf13035e66 Mon Sep 17 00:00:00 2001
From: A1ca7raz <7345998+A1ca7raz@users.noreply.github.com>
Date: Wed, 24 Apr 2024 14:46:23 +0800
Subject: [PATCH] CI: revive cachix

---
 .github/push_cache.sh        |  6 ++--
 .github/push_cache_attic.sh  | 63 ++++++++++++++++++++++++++++++++++++
 .github/workflows/build.yml  | 41 +++++++++++++++--------
 .github/workflows/update.yml | 33 ++++++++++---------
 4 files changed, 110 insertions(+), 33 deletions(-)
 create mode 100755 .github/push_cache_attic.sh

diff --git a/.github/push_cache.sh b/.github/push_cache.sh
index 9dff556..da1273b 100755
--- a/.github/push_cache.sh
+++ b/.github/push_cache.sh
@@ -1,8 +1,7 @@
 #!/usr/bin/env bash
 
 # Variables
-extra_args=${ATTIC_PUSH_ARGS:--j8}
-cache=${ATTIC_CACHE:-test}
+cache=${CACHIX_CACHE:-test}
 retry_times=${ATTIC_PUSH_RETRY:-10}
 arch=${ARCH:-x86_64-linux}
 [[ $CI_MODE ]] && dryrun="" || dryrun=echo
@@ -10,7 +9,8 @@ arch=${ARCH:-x86_64-linux}
 # Functions
 push_with_retry() {
   for n in $(seq 1 ${retry_times}); do
-    $dryrun attic push ${extra_args} ${cache} $1 && return 0
+    echo $1 | $dryrun cachix push ${cache}
+    [[ $? == 0 ]] && return 0
   done
   false
 }
diff --git a/.github/push_cache_attic.sh b/.github/push_cache_attic.sh
new file mode 100755
index 0000000..9dff556
--- /dev/null
+++ b/.github/push_cache_attic.sh
@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+
+# Variables
+extra_args=${ATTIC_PUSH_ARGS:--j8}
+cache=${ATTIC_CACHE:-test}
+retry_times=${ATTIC_PUSH_RETRY:-10}
+arch=${ARCH:-x86_64-linux}
+[[ $CI_MODE ]] && dryrun="" || dryrun=echo
+
+# Functions
+push_with_retry() {
+  for n in $(seq 1 ${retry_times}); do
+    $dryrun attic push ${extra_args} ${cache} $1 && return 0
+  done
+  false
+}
+
+# Parse opts
+pkgs=()
+groups=()
+for i in $*; do
+  if [[ $(nix eval --raw .#packageBundles.${arch}.${i}.type --impure 2> /dev/null) = "derivation" ]]; then
+    pkgs+=(${i})
+  else
+    groups+=(${i})
+  fi
+done
+
+# Calc store
+pkglist=
+if [[ $groups ]]; then
+  filter_expr="{ inherit (x) ${groups[@]}; }"
+  apply_expr="x: with builtins; let pkglist = ${filter_expr}; in map (x: map (y: y.outPath) (attrValues x)) (attrValues pkglist)"
+  pkglist+=($(nix eval .#packageBundles.${arch} --apply "$apply_expr" --impure | sed -e 's/"//g' -e 's/\[//g' -e 's/\]//g' -e 's/ /\n/g'))
+fi
+
+[[ $pkgs || $groups ]] && filter_expr="{ inherit (x) ${pkgs[@]}; }" || filter_expr="x"
+apply_expr="x: with builtins; let pkglist = ${filter_expr}; in map (x: x.outPath) (attrValues pkglist)"
+pkglist+=($(nix eval .#packages.${arch} --apply "$apply_expr" --impure | sed -e 's/"//g' -e 's/ /\n/g' | sed -e '1d' -e '$d'))
+
+# Show package information
+echo -en "\e[35m==>\e[0m Total \e[35m${#pkglist[*]}\e[0m package"
+[[ ${#pkglist[*]} -gt 1 ]] && echo 's' || echo
+
+[[ ${#pkglist[*]} == 0 ]] && echo -e "\e[31mERROR:\e[0m No package or wrong packages given." && exit 1
+echo '>>>>>>>>>> Package Store >>>>>>>>>>'
+for i in ${pkglist[*]}; do echo ${i}; done
+echo '<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<'
+
+# Start push
+fail=1
+for i in ${pkglist[*]}; do
+  echo
+  echo -e " \e[32m=====>> $i\e[0m"
+  if push_with_retry $i; then
+    echo -en " \e[32m"
+  else
+    echo -en " \e[31m"; fail=;
+  fi
+  echo -e "<<=====\e[0m"
+done
+
+[[ $fail ]] && true || false
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index dc1a5e8..3a86dd8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -40,9 +40,11 @@ jobs:
     env:
       CI_MODE: 1
       NIXPKGS_ALLOW_UNFREE: 1
-      ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
-      ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
-      ATTIC_ACCESS_TOKEN: ${{ secrets.ATTIC_ACCESS_TOKEN }}
+      CACHIX_CACHE: ${{ secrets.CACHIX_CACHE }}
+      CACHIX_ACCESS_TOKEN: ${{ secrets.CACHIX_ACCESS_TOKEN }}
+      # ATTIC_SERVER: ${{ secrets.ATTIC_SERVER }}
+      # ATTIC_CACHE: ${{ secrets.ATTIC_CACHE }}
+      # ATTIC_ACCESS_TOKEN: ${{ secrets.ATTIC_ACCESS_TOKEN }}
 
     steps:
     - name: 0-1. Maximize space
@@ -68,17 +70,28 @@ jobs:
         extra_nix_config: |
           experimental-features = nix-command flakes repl-flake
           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/ https://cache.garnix.io
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=
 
-    - name: 0-4. Setup Attic
-      run: |
-        # curl -LO https://raw.githubusercontent.com/zhaofengli/attic/main/.github/install-attic-ci.sh
-        curl -LO https://raw.githubusercontent.com/icewind1991/attic-action/master/dist/main/install-attic-ci.sh
-        bash install-attic-ci.sh
+    - uses: 0.4. DeterminateSystems/magic-nix-cache-action@v2
+
+    - name: 0-5. Setup Cachix
+      uses: cachix/cachix-action@v14
+      with:
+        name: '${{ secrets.CACHIX_CACHE }}'
+        authToken: '${{ secrets.CACHIX_ACCESS_TOKEN }}'
+        skipPush: true
 
-        # https://github.com/zhaofengli/attic/blob/main/.github/workflows/build.yml#L30
-        export PATH=$HOME/.nix-profile/bin:$PATH
-        attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_ACCESS_TOKEN"
-        attic use "$ATTIC_CACHE"
+    # - name: 0-6. Setup Attic
+    #   run: |
+    #     # curl -LO https://raw.githubusercontent.com/zhaofengli/attic/main/.github/install-attic-ci.sh
+    #     curl -LO https://raw.githubusercontent.com/icewind1991/attic-action/master/dist/main/install-attic-ci.sh
+    #     bash install-attic-ci.sh
+    #
+    #     # https://github.com/zhaofengli/attic/blob/main/.github/workflows/build.yml#L30
+    #     export PATH=$HOME/.nix-profile/bin:$PATH
+    #     attic login --set-default ci "$ATTIC_SERVER" "$ATTIC_ACCESS_TOKEN"
+    #     attic use "$ATTIC_CACHE"
 
     - name: 1-1. Update package sources
       if: ${{ inputs.update_source == true }}
@@ -114,6 +127,6 @@ jobs:
         commit_message: "Update: sources"
         file_pattern: "pkgs/_sources"
 
-    - name: 3-2. Push cache to Attic
+    - name: 3-2. Push cache to Cachix
       if: ${{ inputs.push_cache == true }}
-      run: bash ./.github/push_cache.sh ${{ inputs.packages }}
\ No newline at end of file
+      run: bash ./.github/push_cache.sh ${{ inputs.packages }}
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 812b120..771c377 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -42,6 +42,8 @@ jobs:
         extra_nix_config: |
           experimental-features = nix-command flakes
           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
+          substituters = https://cache.nixos.org/ https://cache.garnix.io
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=
 
     - name: 1-1. Update flake.lock
       if: ${{ inputs.update_lock == true || github.event_name != 'workflow_dispatch' }}
@@ -88,19 +90,18 @@ jobs:
         commit_message: "Update: flake.lock&sources"
         file_pattern: "flake.lock pkgs/_sources"
 
-  # build_bundles:
-  #   needs: bump_lock
-  #   secrets: inherit
-  #   permissions:
-  #     contents: write
-  #   strategy:
-  #     matrix:
-  #       bundles:
-  #         - ciPackages
-  #         - unfreePackages
-  #         - JetBrainsPackages
-  #         - uncategorized
-  #         - authentikPackages
-  #   uses: ./.github/workflows/build.yml
-  #   with:
-  #     packages: ${{ matrix.bundles }}
+  build_bundles:
+    needs: bump_lock
+    secrets: inherit
+    permissions:
+      contents: write
+    strategy:
+      matrix:
+        bundles:
+          - ciPackages
+          - unfreePackages
+          # - JetBrainsPackages
+          - uncategorized
+    uses: ./.github/workflows/build.yml
+    with:
+      packages: ${{ matrix.bundles }}