-
Notifications
You must be signed in to change notification settings - Fork 16
139 lines (133 loc) · 4.26 KB
/
ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: CI
on:
merge_group:
pull_request:
push:
branches: [main]
jobs:
build:
name: Build
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Check shell scripts
run: |
nix develop --command shellcheck ./.github/workflows/cache-test.sh
- uses: DeterminateSystems/nix-installer-action@main
- name: Install pnpm dependencies
run: nix develop --command pnpm install
- name: Check formatting
run: nix develop --command pnpm run check-fmt
- name: Lint
run: nix develop --command pnpm run lint
- name: Build
run: nix develop --command pnpm run build
- name: Package
run: nix develop --command pnpm run package
- run: git status --porcelain=v1
- run: git diff --exit-code
test-no-nix:
needs: build
name: "Test: Nix not installed"
runs-on: ubuntu-22.04
permissions:
id-token: "write"
contents: "read"
env:
ACTIONS_STEP_DEBUG: true
steps:
- uses: actions/checkout@v4
- name: Cache the store
uses: ./
with:
_internal-strict-mode: true
run-x86_64-linux-untrusted:
needs: build
name: Run x86_64-linux, Untrusted
runs-on: ubuntu-22.04
permissions:
id-token: "write"
contents: "read"
env:
ACTIONS_STEP_DEBUG: true
steps:
- uses: actions/checkout@v4
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
with:
flakehub: true
extra-conf: |
narinfo-cache-negative-ttl = 0
trusted-users = root
- name: Cache the store
uses: ./
with:
_internal-strict-mode: true
run-systems:
if: github.event_name == 'merge_group'
needs: build
name: "Test: ${{ matrix.systems.nix-system }} gha:${{matrix.use-gha-cache}},fhc:${{matrix.use-flakehub}},id:${{matrix.id-token}},determinate:${{matrix.determinate}}"
runs-on: "${{ matrix.systems.runner }}"
permissions:
id-token: "write"
contents: "read"
env:
ACTIONS_STEP_DEBUG: true
strategy:
fail-fast: false
matrix:
determinate: [true, false]
use-gha-cache: ["disabled", "no-preference", "enabled"]
use-flakehub: ["disabled", "no-preference", "enabled"]
id-token: ["write", "none"]
systems:
- nix-system: "aarch64-darwin"
runner: "macos-latest"
- nix-system: "x86_64-darwin"
runner: "macos-13"
- nix-system: "aarch64-linux"
runner: "namespace-profile-default-arm64"
- nix-system: "x86_64-linux"
runner: "ubuntu-22.04"
steps:
- uses: actions/checkout@v4
- name: Install Nix on ${{ matrix.systems.nix-system }} system
uses: DeterminateSystems/nix-installer-action@main
with:
_internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }}
determinate: ${{ matrix.determinate }}
extra-conf: |
narinfo-cache-negative-ttl = 0
- name: Cache the store
uses: ./
with:
_internal-strict-mode: true
_internal-obliterate-actions-id-token-request-variables: ${{ matrix.id-token == 'none' }}
use-gha-cache: ${{ matrix.use-gha-cache }}
use-flakehub: ${{ matrix.use-flakehub }}
- name: Check the cache for liveness
env:
EXPECT_FLAKEHUB: ${{ toJson(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write') }}
EXPECT_GITHUB_CACHE: ${{ toJson(
(matrix.use-gha-cache != 'disabled')
&& (
(!(matrix.use-flakehub != 'disabled' && matrix.id-token == 'write'))
|| (matrix.use-gha-cache == 'enabled')
)
) }}
run: |
.github/workflows/cache-test.sh
success:
runs-on: ubuntu-latest
needs: run-systems
steps:
- run: "true"
- run: |
echo "A dependent in the build matrix failed."
exit 1
if: |
contains(needs.*.result, 'failure') ||
contains(needs.*.result, 'cancelled')