Skip to content

Workflow file for this run

name: Build and test flake outputs
on:
push:
workflow_dispatch:
workflow_call:
inputs:
branch:
description: Branch name to build on
default: ""
required: false
type: string
secrets:
CACHIX_ACTIVATE_TOKEN:
CACHIX_AUTH_TOKEN:
required: true
jobs:
nix:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
system:
- aarch64
- x86_64
nix-command:
- fmt -- --check
- eval .#apps.$_system.nixos-shell.program
- eval .#apps.$_system.setup.program
include:
- nix-command: develop .#jdk8 --profile profile
system: x86_64
- nix-command: develop .#jdk11 --profile profile
system: x86_64
- nix-command: develop .#jdk17 --profile profile
system: x86_64
- nix-command: develop .#php74 --profile profile
system: x86_64
- nix-command: develop .#php74-composer1 --profile profile
system: x86_64
- nix-command: develop .#php80 --profile profile
system: x86_64
- nix-command: develop .#php81 --profile profile
system: x86_64
- nix-command: run github:Mic92/nix-fast-build -- --flake .#homeConfigurations."tobias@gamer".activationPackage
system: x86_64
- nix-command: run github:Mic92/nix-fast-build -- --flake .#homeConfigurations."tobhap@M299".activationPackage
system: x86_64
deploy-agent: M299
deploy-args: --async
- nix-command: run github:Mic92/nix-fast-build -- --flake .#nixOnDroidConfigurations.pixel7a.activationPackage --impure
system: aarch64
- nix-command: run github:Mic92/nix-fast-build -- --flake .#nixosConfigurations.argon.config.system.build.toplevel
system: aarch64
deploy-agent: argon
- nix-command: run github:Mic92/nix-fast-build -- --flake .#nixosConfigurations.krypton.config.system.build.toplevel
system: x86_64
deploy-agent: krypton
- nix-command: run github:Mic92/nix-fast-build -- --flake .#nixosConfigurations.neon.config.system.build.toplevel
system: x86_64
deploy-agent: neon
deploy-args: --async
- nix-command: run github:Mic92/nix-fast-build -- --flake .#nixosConfigurations.xenon.config.system.build.toplevel
system: aarch64
deploy-agent: xenon
- nix-command: run github:Mic92/nix-fast-build -- --flake .#packages.$_system.rpi-firmware
system: aarch64
- nix-command: run github:Mic92/nix-fast-build -- --flake .#packages.$_system.rpi-image
system: aarch64
- nix-command: run github:Mic92/nix-fast-build -- --flake .#packages.$_system.installer-image
system: x86_64
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
ref: ${{ inputs.branch }}
- name: Free Disk Space (Ubuntu)
uses: jlumbroso/free-disk-space@main
continue-on-error: true
with:
tool-cache: true
- name: Install nix
uses: cachix/install-nix-action@v23
with:
extra_nix_config: |
keep-going = true
- name: Setup cachix
uses: cachix/cachix-action@v12
with:
name: gerschtli
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
- name: Build command (aarch64)
if: matrix.system == 'aarch64'
# FIXME: use upstream once --tty is removed
#uses: uraimo/run-on-arch-action@v2
uses: Gerschtli/run-on-arch-action@tty
with:
arch: aarch64
distro: alpine_latest
githubToken: ${{ github.token }}
dockerRunArgs: --volume /nix:/nix
install: |
apk --no-cache add curl git xz
adduser --disabled-password ci
env: |
_system: ${{ matrix.system }}-linux
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN || 'no-value' }}
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
set -euo pipefail
mkdir -p /home/ci/.config/nix
cat <<EOF > /home/ci/.config/nix/nix.conf
experimental-features = nix-command flakes
keep-going = true
show-trace = true
access-tokens = github.com=$GITHUB_TOKEN
EOF
chown --recursive ci:ci /nix /home/ci
chgrp --recursive ci "$(pwd)"
chmod -R g+w "$(pwd)"
echo "::group::Install nix"
curl \
--silent \
--show-error \
--output /tmp/install \
--retry 5 \
--retry-all-errors \
--fail \
--location \
"https://nixos.org/nix/install"
su ci -c "sh /tmp/install --no-channel-add --no-daemon"
rm /tmp/install
function run() {
su ci -c ". /home/ci/.nix-profile/etc/profile.d/nix.sh; $*"
}
# FIXME: setting build-hook is needed because default hook `nix __build-remote` is not available
function build_hook() {
local nix_path="$(run which nix)"
echo "${nix_path/bin\/nix/libexec/nix/build-remote}"
}
run echo "build-hook = $(build_hook)" >> /home/ci/.config/nix/nix.conf
echo "::group::Setup cachix"
run nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
run cachix --version
run cachix use gerschtli
run cachix use nix-on-droid
echo "::group::Build command"
run git config --global --add safe.directory "$(pwd)"
run nix ${{ matrix.nix-command }}
${{ github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent &&
format(
'
echo "::group::Build spec"
spec="$(run nix build --print-out-paths ".#cachix-deploy-spec-{0}")"
echo "::group::Upload spec"
run cachix push gerschtli "$spec"
echo "::group::Activate deployment"
run cachix deploy activate --agent "{0}" {1} "$spec"
',
matrix.deploy-agent,
matrix.deploy-args
)
|| 'echo "::group::Skip spec deploy"'
}}
- name: Build command (x86_64)
if: matrix.system == 'x86_64'
env:
_system: ${{ matrix.system }}-linux
run: nix ${{ matrix.nix-command }}
- name: Deploy cachix-agent spec (x86_64)
if: matrix.system == 'x86_64' && github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent
env:
CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
run: |
echo "::group::Build spec"
spec="$(nix build --print-out-paths ".#cachix-deploy-spec-${{ matrix.deploy-agent }}")"
echo "::group::Upload spec"
cachix push gerschtli "$spec"
echo "::group::Activate deployment"
cachix deploy activate --agent "${{ matrix.deploy-agent }}" ${{ matrix.deploy-args }} "$spec"
# vim: set sw=2: