-
Notifications
You must be signed in to change notification settings - Fork 11
155 lines (143 loc) · 4.88 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
name: "CI"
on:
push:
branches:
- "main"
- "ci/**"
pull_request:
jobs:
website:
if: github.ref == 'refs/heads/main'
needs: main
uses: ./.github/workflows/website.yaml
with:
static-site-path: ${{ needs.main.outputs.OMWEBSITE }}
secrets: inherit
main:
runs-on: ${{ matrix.system }}
permissions:
contents: read
outputs:
# It is important to match the matrix.system here
# With that of website.yaml
OMWEBSITE: ${{ steps.omci.outputs.OMWEBSITE_x86_64-linux }}
strategy:
matrix:
system: [x86_64-linux, aarch64-linux, aarch64-darwin, x86_64-darwin]
isMain:
- ${{ contains(github.ref, 'main') }}
# Excluded emulated builds on PRs
exclude:
- system: aarch64-linux
isMain: false
- system: x86_64-darwin
isMain: false
fail-fast: false
steps:
- uses: actions/checkout@v4
- uses: cachix/cachix-action@v14
if: github.ref == 'refs/heads/main'
with:
name: om
authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
skipPush: true
# Build omnix first, so we can use it to build the rest of the flake outputs.
# This also separates the CI log for both these obviously distinct steps.
- name: Build Omnix package
run: nix build --no-link --print-out-paths
# Build flake outputs
# Run omnix using self.
- name: Omnix CI
run: |
nix run . -- ci \
--extra-access-tokens ${{ secrets.GITHUB_TOKEN }} \
run \
--systems "${{ matrix.system }}" \
--results=$HOME/omci.json
- name: Omnix results
id: omci
run: |
cat $HOME/omci.json | jq
# Retrieve the store path for the given package out of the given subflake.
get_output() {
subflake=$1 name=$2 \
jq -r '.result.[$ENV.subflake].build.byName.[$ENV.name]' < $HOME/omci.json
}
echo "OMCIJSON_PATH=$HOME/omci.json" >> "$GITHUB_OUTPUT"
echo "OMCIJSON=$(cat $HOME/omci.json)" >> "$GITHUB_OUTPUT"
echo "OMPACKAGE=$(get_output omnix omnix-cli)" >> "$GITHUB_OUTPUT"
echo "OMWEBSITE_${{ matrix.system }}=$(get_output doc omnix-mdbook-site)" >> "$GITHUB_OUTPUT"
- name: "Omnix: Upload results"
uses: actions/upload-artifact@v4
with:
name: omci-${{ matrix.system }}.json
path: ${{ steps.omci.outputs.OMCIJSON_PATH }}
if-no-files-found: error
# Upload static binary for the next job.
# TODO: This should ideally be in a separate workflow file, running parallel to the main job.
- name: "static-binary: Upload"
if: matrix.system != 'x86_64-darwin'
uses: actions/upload-artifact@v4
with:
name: om-${{ matrix.system }}
path: ${{ steps.omci.outputs.OMPACKAGE }}/bin/om
if-no-files-found: error
# Push the Nix cache
- name: Push to cachix
env:
CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
if: env.BRANCH_NAME == 'main'
run: |
nix run github:juspay/cachix-push -- \
--subflake omnix \
--prefix "${BRANCH_NAME}" \
--cache om \
< $HOME/omci.json
static-binary-check:
needs: main
runs-on: ${{ matrix.system }}
strategy:
matrix:
system: [ubuntu-latest, macos-latest]
steps:
- name: Donwload om static binary
uses: actions/download-artifact@v4
with:
name: om-${{ matrix.system == 'ubuntu-latest' && 'x86_64-linux' || matrix.system == 'macos-latest' && 'aarch64-darwin' || matrix.system }}
- name: Check nix installation
run: |
if which nix; then
echo "nix is installed, exiting"
exit 1
elif test -d /nix; then
echo "/nix is present, exiting"
exit 1
else
echo "nix is not installed"
fi
- name: Run om static binary
# By default, the shell will exit if any command fails. We want to
# ignore the failure of the om binary using `set +e`.
run: |
set +e
chmod +x ./om
./om health
if [[ $? -ne 0 ]]; then
echo "om binary failed due to lack of nix installation, as expected."
exit 0
fi
# Does omnix run on standard github runners?
github-actions-runners:
needs: main
runs-on: ${{ matrix.system }}
strategy:
matrix:
system: [ubuntu-latest, macos-latest]
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- name: Run omnix
run: |
nix --accept-flake-config run . -- health
nix --accept-flake-config run . -- ci run