Skip to content

chore(flake/sops-nix): 5dc08f9c -> c9c88f08 #48662

chore(flake/sops-nix): 5dc08f9c -> c9c88f08

chore(flake/sops-nix): 5dc08f9c -> c9c88f08 #48662

Workflow file for this run

name: ci
on:
push:
branches:
- master
- try
pull_request:
permissions: {}
env:
flake: github:${{ github.repository }}/${{ github.sha }}
nix-conf: |-
accept-flake-config = true
always-allow-substitutes = true
builders-use-substitutes = true
max-jobs = auto
cachix-install: nix profile install 'github:${{ github.repository }}/${{ github.sha }}#cachix'
jobs:
flake-check:
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v15
with:
name: bbigras-nix-config
signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: nix-flake-check
run: nix flake check '${{ env.flake }}'
flake-show:
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v15
with:
name: bbigras-nix-config
signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: nix-flake-show
run: nix flake show '${{ env.flake }}' --option allow-import-from-derivation true
get-attrs:
runs-on: ubuntu-latest
outputs:
build: ${{ steps.get-attrs.outputs.build }}
eval: ${{ steps.get-attrs.outputs.eval }}
steps:
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: ${{ env.nix-conf }}
- uses: DeterminateSystems/magic-nix-cache-action@v8
- id: install-jq
run: nix profile install '${{ env.flake }}#jq'
- id: get-attrs
run: |
function summary() {
printf '%s\n' "${*}" >> "$GITHUB_STEP_SUMMARY"
}
summary "# CI"
TMP="$(mktemp -d)"
# host packages
nix eval --json '${{ env.flake }}#hosts' | jq -c '
to_entries
| map({
name: .key,
evalOnly: false,
hostPlatform: .value.hostPlatform,
large: .value.large,
attr: "packages.\(.value.hostPlatform).\(.key)"
})
| map(
if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest"
elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest"
elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-13"
elif .hostPlatform == "aarch64-darwin" then .runsOn="macos-14"
else .evalOnly=true | .runsOn="ubuntu-latest"
end
)
| map(if .large then .evalOnly=true end)
' >"$TMP/hostAttrs.json"
# dev shells
jq -c '
unique_by(.hostPlatform)
| sort_by(.runsOn)
| map(
.attr = "devShells.\(.hostPlatform).default.inputDerivation"
| .name = "devShell-\(.hostPlatform)"
)
' "$TMP/hostAttrs.json" >"$TMP/shellAttrs.json"
# join shell and host attrs
jq -c -s add "$TMP/hostAttrs.json" "$TMP/shellAttrs.json" >"$TMP/attrs.json"
# warn about eval-only attrs
read -r -a evalOnlyAttrs < \
<(jq -c -r 'map(select(.evalOnly) | .name) | @sh' "$TMP/attrs.json" | tr -d \')
if [[ "${#evalOnlyAttrs[@]}" -ne 0 ]]; then
printf -v attrs "\`%s\`, " "${evalOnlyAttrs[@]}"
summary \
"- ⚠️ The following attributes will only be evaluated: ${attrs%, }"
fi
# add all to-build attrs to the summary
read -r -a buildAttrs < \
<(jq -c -r 'map(select(.evalOnly | not) | .name) | @sh' "$TMP/attrs.json" | tr -d \')
if [[ "${#buildAttrs[@]}" -ne 0 ]]; then
printf -v attrs "\`%s\`, " "${buildAttrs[@]}"
summary \
"- ✅ The following attributes will be built: ${attrs%, }"
fi
# check for dupes
duplicate_count="$(jq -r '
group_by([.name, .attr]) | map(select(length>1)) | length
' "$TMP/attrs.json")"
if [[ "$duplicate_count" -ne 0 ]]; then
summary \
"- ‼️ Duplicate entries in \`attrs.json\`: \`$(cat "$TMP/attrs.json")\`"
exit 1
fi
# split build and evalOnly attrs
jq -c 'map(select(.evalOnly))' <"$TMP/attrs.json" >"$TMP/eval.json"
jq -c 'map(select(.evalOnly | not))' <"$TMP/attrs.json" >"$TMP/build.json"
echo "build=$(<"$TMP/build.json")" >>"$GITHUB_OUTPUT"
echo "eval=$(<"$TMP/eval.json")" >>"$GITHUB_OUTPUT"
eval:
name: eval ${{ matrix.attrs.name }}
runs-on: ${{ matrix.attrs.runsOn }}
if: needs.get-attrs.outputs.eval != '[]'
needs: [get-attrs]
strategy:
fail-fast: false
matrix:
attrs: ${{ fromJson(needs.get-attrs.outputs.eval) }}
env:
system: ${{ matrix.attrs.hostPlatform }}
steps:
- uses: docker/setup-qemu-action@v3
if: ${{ matrix.attrs.hostPlatform == 'aarch64-linux' }}
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v15
with:
name: bbigras-nix-config
signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: eval
if: ${{ matrix.attrs.evalOnly }}
run: |
nix eval --raw '${{ env.flake }}#${{ matrix.attrs.attr }}'
build:
name: build ${{ matrix.attrs.name }}
runs-on: ${{ matrix.attrs.runsOn }}
needs: [get-attrs]
strategy:
fail-fast: false
matrix:
attrs: ${{ fromJson(needs.get-attrs.outputs.build) }}
env:
system: ${{ matrix.attrs.hostPlatform }}
steps:
- uses: docker/setup-qemu-action@v3
if: ${{ env.system == 'aarch64-linux' }}
- name: "Make more space"
run: "sudo rm -rf /opt /usr/local || true &"
- uses: DeterminateSystems/nix-installer-action@v16
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v15
with:
name: bbigras-nix-config
signingKey: ${{ secrets.CACHIX_SIGNING_KEY }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: nix-fast-build
run: |
declare -a args=(
'--no-nom'
'--skip-cached'
'--max-jobs=2'
'--eval-workers=2'
'--systems=${{ env.system }}'
'--option' 'accept-flake-config' 'true'
'--retries=3'
'--option' 'pure-eval' 'false'
)
[[ '${{ env.system }}' == 'aarch64-linux' ]] && args+=('--option' 'extra-platforms' 'aarch64-linux')
args+=('--flake=${{ env.flake }}#${{ matrix.attrs.attr }}')
nix run '${{ env.flake }}#nix-fast-build' -- "${args[@]}"
- name: nix-build
if: ${{ env.system == 'aarch64-darwin' }}
run: |
nix build --keep-going '${{ env.flake }}#${{ matrix.attrs.attr }}'
check:
runs-on: ubuntu-latest
needs: [flake-check, flake-show, build, eval]
if: always()
steps:
- uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
allowed-skips: eval