i #499

Workflow file for this run

	name: Build and test flake outputs
	on:
	push:
	workflow_dispatch:
	workflow_call:
	inputs:
	branch:
	description: Branch name to build on
	default: ""
	required: false
	type: string
	secrets:
	CACHIX_ACTIVATE_TOKEN:
	CACHIX_AUTH_TOKEN:
	required: true

	jobs:
	nix:
	runs-on: ubuntu-latest
	strategy:
	fail-fast: false
	matrix:
	system:
	- aarch64
	- x86_64
	nix-command:
	- fmt -- --check
	- eval .#apps.$_system.nixos-shell.program
	- eval .#apps.$_system.setup.program

	include:
	- nix-command: develop .#jdk8 --profile profile
	system: x86_64
	- nix-command: develop .#jdk11 --profile profile
	system: x86_64
	- nix-command: develop .#jdk17 --profile profile
	system: x86_64
	- nix-command: develop .#php74 --profile profile
	system: x86_64
	- nix-command: develop .#php74-composer1 --profile profile
	system: x86_64
	- nix-command: develop .#php80 --profile profile
	system: x86_64
	- nix-command: develop .#php81 --profile profile
	system: x86_64

	- nix-command: build .#homeConfigurations."tobias@gamer".activationPackage
	system: x86_64
	- nix-command: build .#homeConfigurations."tobhap@M386".activationPackage
	system: x86_64
	deploy-agent: M386
	deploy-args: --async

	- nix-command: build .#nixOnDroidConfigurations.oneplus5.activationPackage --impure
	system: aarch64

	- nix-command: build .#nixosConfigurations.argon.config.system.build.toplevel
	system: aarch64
	deploy-agent: argon
	- nix-command: build .#nixosConfigurations.krypton.config.system.build.toplevel
	system: x86_64
	deploy-agent: krypton
	- nix-command: build .#nixosConfigurations.neon.config.system.build.toplevel
	system: x86_64
	deploy-agent: neon
	deploy-args: --async
	- nix-command: build .#nixosConfigurations.xenon.config.system.build.toplevel
	system: aarch64
	deploy-agent: xenon

	- nix-command: build .#packages.$_system.rpi-firmware
	system: aarch64
	- nix-command: build .#packages.$_system.rpi-image
	system: aarch64
	- nix-command: build .#packages.$_system.installer-image
	system: x86_64

	steps:
	- name: Checkout repository
	uses: actions/checkout@v3
	with:
	ref: ${{ inputs.branch }}

	- name: Install nix
	uses: cachix/install-nix-action@v21
	with:
	extra_nix_config: \|
	keep-going = true
	show-trace = true

	- name: Setup cachix
	uses: cachix/cachix-action@v12
	with:
	name: gerschtli
	authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}

	- name: Build command (aarch64)
	if: matrix.system == 'aarch64'
	# FIXME: use upstream once --tty is removed
	#uses: uraimo/run-on-arch-action@v2
	uses: Gerschtli/run-on-arch-action@tty
	with:
	arch: aarch64
	distro: alpine_latest
	githubToken: ${{ github.token }}
	dockerRunArgs: --volume /nix:/nix
	install: \|
	apk --no-cache add curl git xz
	adduser --disabled-password ci
	env: \|
	_system: ${{ matrix.system }}-linux
	CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN \|\| 'no-value' }}
	CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }}
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	set -euo pipefail

	mkdir -p /home/ci/.config/nix

	cat <<EOF > /home/ci/.config/nix/nix.conf
	experimental-features = nix-command flakes
	keep-going = true
	show-trace = true
	access-tokens = github.com=$GITHUB_TOKEN
	EOF

	chown --recursive ci:ci /nix /home/ci
	chgrp --recursive ci "$(pwd)"
	chmod -R g+w "$(pwd)"

	echo "::group::Install nix"

	curl \
	--silent \
	--show-error \
	--output /tmp/install \
	--retry 5 \
	--retry-all-errors \
	--fail \
	--location \
	"https://nixos.org/nix/install"

	su ci -c "sh /tmp/install --no-channel-add --no-daemon"
	rm /tmp/install

	function run() {
	su ci -c ". /home/ci/.nix-profile/etc/profile.d/nix.sh; $*"
	}

	# FIXME: setting build-hook is needed because default hook `nix __build-remote` is not available
	function build_hook() {
	local nix_path="$(run which nix)"
	echo "${nix_path/bin\/nix/libexec/nix/build-remote}"
	}
	run echo "build-hook = $(build_hook)" >> /home/ci/.config/nix/nix.conf


	echo "::group::Setup cachix"
	run nix-env --quiet -j8 -iA cachix -f https://cachix.org/api/v1/install
	run cachix --version
	run cachix use gerschtli
	run cachix use nix-on-droid


	echo "::group::Build command"
	run git config --global --add safe.directory "$(pwd)"

	run nix ${{ matrix.nix-command }}


	${{ github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent &&
	format(
	'
	echo "::group::Build spec"
	spec="$(run nix build --print-out-paths ".#cachix-deploy-spec-{0}")"

	echo "::group::Upload spec"
	run cachix push gerschtli "$spec"

	echo "::group::Activate deployment"
	run cachix deploy activate --agent "{0}" {1} "$spec"
	',
	matrix.deploy-agent,
	matrix.deploy-args
	)
	\|\| 'echo "::group::Skip spec deploy"'
	}}

	- name: Build command (x86_64)
	if: matrix.system == 'x86_64'
	env:
	_system: ${{ matrix.system }}-linux
	run: nix ${{ matrix.nix-command }}

	- name: Deploy cachix-agent spec (x86_64)
	if: matrix.system == 'x86_64' && github.ref == 'refs/heads/master' && inputs.branch == '' && matrix.deploy-agent
	env:
	CACHIX_ACTIVATE_TOKEN: ${{ secrets.CACHIX_ACTIVATE_TOKEN }}
	run: \|
	echo "::group::Build spec"
	spec="$(nix build --print-out-paths ".#cachix-deploy-spec-${{ matrix.deploy-agent }}")"

	echo "::group::Upload spec"
	cachix push gerschtli "$spec"

	echo "::group::Activate deployment"
	cachix deploy activate --agent "${{ matrix.deploy-agent }}" ${{ matrix.deploy-args }} "$spec"

	# vim: set sw=2:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

i #499

Workflow file

i #499

Jobs

Run details

Workflow file for this run