flake: migrate to crane, unpin Nixpkgs, use static builds on Darwin (… #447
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Branch | |
concurrency: | |
group: release | |
on: | |
push: | |
branches: | |
# NOTE: make sure any branches here are also valid directory names, | |
# otherwise creating the directory and uploading to s3 will fail | |
- "main" | |
permissions: | |
id-token: "write" | |
contents: "read" | |
jobs: | |
build-x86_64-linux: | |
uses: ./.github/workflows/build-x86_64-linux.yml | |
with: | |
cache-key: release-x86_64-linux-artifacts-${{ github.sha }} | |
build-aarch64-linux: | |
uses: ./.github/workflows/build-aarch64-linux.yml | |
with: | |
cache-key: release-aarch64-linux-artifacts-${{ github.sha }} | |
build-x86_64-darwin: | |
uses: ./.github/workflows/build-x86_64-darwin.yml | |
with: | |
cache-key: release-x86_64-darwin-artifacts-${{ github.sha }} | |
build-aarch64-darwin: | |
uses: ./.github/workflows/build-aarch64-darwin.yml | |
with: | |
cache-key: release-aarch64-darwin-artifacts-${{ github.sha }} | |
release: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write # In order to request a JWT for AWS auth | |
needs: | |
- build-x86_64-linux | |
- build-aarch64-linux | |
- build-x86_64-darwin | |
- build-aarch64-darwin | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Create artifacts directory | |
run: mkdir -p ./artifacts | |
- name: Fetch cached x86_64-linux binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-x86_64-linux-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-x86_64-linux | |
- name: Fetch cached aarch64-linux binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-aarch64-linux-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-aarch64-linux | |
- name: Fetch cached x86_64-darwin binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-x86_64-darwin-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-x86_64-darwin | |
- name: Fetch cached aarch64-darwin binary | |
uses: actions/cache/restore@v3 | |
with: | |
path: nix-installer | |
key: release-aarch64-darwin-artifacts-${{ github.sha }} | |
- name: Move artifact to artifacts directory | |
run: mv ./nix-installer ./artifacts/nix-installer-aarch64-darwin | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v2 | |
with: | |
role-to-assume: ${{ secrets.AWS_S3_UPLOAD_ROLE }} | |
aws-region: us-east-2 | |
- name: Publish Release (Branch) | |
env: | |
AWS_BUCKET: ${{ secrets.AWS_S3_UPLOAD_BUCKET }} | |
run: | | |
BRANCH="branch_${{ github.ref_name }}" | |
GIT_ISH="$GITHUB_SHA" | |
./upload_s3.sh "$BRANCH" "$GIT_ISH" "https://install.determinate.systems/nix/rev/$GIT_ISH" | |
- name: Install Instructions (Branch) | |
run: | | |
cat <<EOF | |
This commit can be installed by running the following command: | |
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/rev/$GITHUB_SHA | sh -s -- install | |
The latest commit from this branch can be installed by running the following command: | |
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix/branch/${{ github.ref_name }} | sh -s -- install | |
EOF |