Skip to content

basil-tools-docker: tweaks to support use in Basil #653

basil-tools-docker: tweaks to support use in Basil

basil-tools-docker: tweaks to support use in Basil #653

Workflow file for this run

name: "build Nix packages"
on:
pull_request:
push:
branches: [main]
workflow_dispatch:
inputs:
push: { type: boolean, default: false }
patches-b64: { type: string, required: false }
workflow_call:
inputs:
push: { type: boolean, default: false, required: false }
patches-b64: { type: string, required: false }
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
update-check:
if: ${{ ! inputs.patches-b64 }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25
- run: nix build .#update
- run: nix run .#update -- check
build:
if: always()
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
# end-user packages to ci build for cache
pkg:
[aslp, bap-aslp, bap-primus, basil,
retdec-uq-pac, asl-translator,
gtirb-semantics, ddisasm,
retdec5, remill, alive2-aslp, alive2-regehr,
aslp_web, godbolt
]
runs-on: ${{ matrix.os }}
defaults:
run: { shell: "bash -ex -o pipefail {0}" }
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25
- uses: cachix/cachix-action@v14
with: { name: pac-nix, authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}', skipPush: "${{ github.ref != 'refs/heads/main' }}" }
- name: Apply staged patch commits
if: ${{ inputs.patches-b64 }}
run: |
shopt -s nullglob
set -x
cat <<EOF | base64 -d > patches.tar.zst
${{ inputs.patches-b64 }}
EOF
mkdir prev-patches
tar xaf patches.tar.zst -C prev-patches
git config user.name 'github-actions[bot]'
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
for f in prev-patches/*; do git am "$f"; done
- name: Check for meta.broken
run: |
broken="$(nix eval --json .#${{ matrix.pkg }}.meta.broken)"
echo "bool=$broken" > "$GITHUB_OUTPUT"
echo NIXPKGS_ALLOW_BROKEN="$("$broken" && echo 1 || echo 0)" > "$GITHUB_ENV"
id: broken
- run: ./nix-cached.sh build --impure -L .#${{matrix.pkg}}
id: build
continue-on-error: ${{ fromJSON(steps.broken.outputs.bool) }}
- name: Run nix build .#${{matrix.pkg}}.tests
id: test
run: |
for test in $(nix eval --impure .#${{matrix.pkg}}.tests --json | jq -r keys[]); do
t=.#${{matrix.pkg}}.tests.$test
./nix-cached.sh build --impure -L "$t" --no-link
done
continue-on-error: ${{ fromJSON(steps.broken.outputs.bool) }}
if: steps.build.outcome == 'success'
- name: Report status of broken packages
run: |
echo '::warning title=${{ matrix.pkg }}::broken package has status build=${{steps.build.outcome}}, test=${{steps.test.outcome}}'
if: ${{ fromJSON(steps.broken.outputs.bool) }}
- run: ls -l
result:
if: ${{ always() }}
runs-on: ubuntu-latest
needs: [ build ]
steps:
- name: Aggregate matrix results
run: |
set -x
result="${{ needs.build.result }}"
[[ $result == success || $result == skipped ]]
push:
if: ${{ inputs.push }}
runs-on: ubuntu-latest
needs: [ result ]
steps:
- uses: actions/checkout@v4
- name: Apply staged patch commits
if: ${{ inputs.patches-b64 }}
run: |
shopt -s nullglob
set -x
cat <<EOF | base64 -d > patches.tar.zst
${{ inputs.patches-b64 }}
EOF
mkdir prev-patches
tar xaf patches.tar.zst -C prev-patches
git config user.name 'github-actions[bot]'
git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
for f in prev-patches/*; do git am "$f"; done
- run: git push