duckdns: fallback acme group #1036
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| inputs: | |
| nixpkgs-bump: | |
| description: Set to true if this build was triggered by a nixpkgs bump | |
| required: false | |
| default: false | |
| type: boolean | |
| permissions: | |
| contents: write | |
| # requirements for docs: | |
| pages: write | |
| id-token: write | |
| actions: read | |
| concurrency: | |
| group: nyx-main-build | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: nyxbuilder | |
| timeout-minutes: 1440 | |
| outputs: | |
| pushed: ${{ steps.push.outcome == 'success' }} | |
| steps: | |
| - name: Check if already cached | |
| id: check | |
| if: github.event_name == 'push' | |
| continue-on-error: true | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| try { | |
| const valid = await github.rest.repos.compareCommits({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| base: 'nyxpkgs-unstable', | |
| head: context.sha | |
| }).then((response) => response.data.status == "ahead" && response.data.ahead_by == 1) | |
| // Needs to be ahead by 1 commit exactly, otherwise we don't consider this PR as being potentially cached | |
| if (valid) { | |
| const PARSED_MESSAGE = context.payload.head_commit.message.split('\n')[0].match(/\(#(\d+)\)$/) | |
| const PR_NUMBER = PARSED_MESSAGE ? PARSED_MESSAGE[1] : null | |
| if (PR_NUMBER) { | |
| const response = await github.rest.pulls.get({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| pull_number: PR_NUMBER | |
| }); | |
| const OUTPUT = response.data; | |
| const PR_LABELS = OUTPUT.labels.map((label) => label.name) | |
| const BASE_COMMIT = OUTPUT.base.sha | |
| const MERGE_COMMIT = OUTPUT.merge_commit_sha | |
| if (PR_LABELS.includes('cached') && BASE_COMMIT === context.payload.before && MERGE_COMMIT === context.sha) { | |
| // Exit with a non-zero exit code to skip the rest of the job | |
| console.log("Potentially cached, verifying if cached..."); | |
| // Check if latest non skipped check is successful | |
| const success = await github.rest.checks.listForRef({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| ref: context.payload.before, | |
| check_name: 'build', | |
| per_page: 100 | |
| }).then((response) => { | |
| const latest = response.data.check_runs.find((check) => check.status == "completed" || check.status == "in_progress"); | |
| return latest && latest.conclusion == "success" && latest.status == "completed" | |
| }) | |
| if (success) { | |
| console.log("Previous build and PR build was successful, skipping."); | |
| core.setOutput("cached", true) | |
| } else { | |
| console.log("Not cached, building."); | |
| } | |
| } | |
| } | |
| } | |
| } catch (error) { | |
| console.log("Github rest API error encountered, assuming not cached.") | |
| } | |
| - name: Install Nix | |
| if: (success() && steps.check.outputs.cached != 'true') | |
| uses: cachix/install-nix-action@v26 | |
| with: | |
| extra_nix_config: | | |
| accept-flake-config = true | |
| sandbox-fallback = false | |
| system-features = big-parallel gccarch-x86-64-v3 | |
| install_options: --daemon | |
| install_url: https://releases.nixos.org/nix/nix-2.20.5/install | |
| # Checkout the main branch | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure sandboxing | |
| if: (success() && steps.check.outputs.cached != 'true') | |
| run: | | |
| sed -i -e '/^build-users-group =/d' -e 's/max-jobs =.*/max-jobs = 8/g' /etc/nix/nix.conf | |
| nix eval .#_dev.nixConfig --json | jq -r 'to_entries[] | "\(.key) = \(.value | join(" "))"' >> /etc/nix/nix.conf | |
| - name: Download cache list | |
| if: (success() && steps.check.outputs.cached != 'true') | |
| run: | | |
| curl -vfo "${{ runner.temp }}/prev-cache.json" -H "Authorization: Bearer ${{ secrets.CACHIX_AUTH_TOKEN_SUPREME }}" \ | |
| 'https://app.cachix.org/api/v1/cache/chaotic-nyx/contents' | |
| - name: Build | |
| if: (success() && steps.check.outputs.cached != 'true') | |
| id: build | |
| run: | | |
| nix develop -c chaotic-nyx-build || [ $? -eq 42 ] | |
| failed_builds="$(cat ${{ runner.temp }}/failures.txt | sed 's/^/ <li>/; s/$/<\/li>/')" | |
| failed_builds_count="$(cat ${{ runner.temp }}/failures.txt | wc -l)" | |
| unbuildable_count="$(cat ${{ runner.temp }}/eval-failures.txt | wc -l)" | |
| echo "FAILED_BUILDS_COUNT=$failed_builds_count | |
| UNBUILDABLE_COUNT=$unbuildable_count | |
| FAILED_BUILDS<<EOF | |
| $failed_builds | |
| EOF" >> $GITHUB_OUTPUT | |
| env: | |
| NYX_WD: ${{ runner.temp }} | |
| CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} | |
| - name: Update nyxpkgs-unstable | |
| if: (success() && (steps.check.outputs.cached == 'true' || steps.build.outputs.FAILED_BUILDS_COUNT == 0)) | |
| id: push | |
| run: | | |
| git push origin HEAD:nyxpkgs-unstable --force | |
| if [ "$BUMP" = "true" ]; then | |
| curl -X POST \ | |
| -F token="$GNS_CI_TOKEN" \ | |
| -F "ref=main" \ | |
| -F "variables[UPDATE]=true" \ | |
| https://gitlab.com/api/v4/projects/45677880/trigger/pipeline || true | |
| fi | |
| env: | |
| GNS_CI_TOKEN: ${{ secrets.GNS_CI_TOKEN }} | |
| BUMP: ${{ inputs.nixpkgs-bump }} | |
| - name: Comment on commit | |
| if: (success() && steps.check.outputs.cached != 'true') | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| if (process.env.FAILED_BUILDS_COUNT > 0) { | |
| var extratext = ""; | |
| core.setFailed("Build failures found!") | |
| // Check if github actions triggered the event | |
| if (process.env.ACTOR == "github-actions[bot]") | |
| extratext = `\nNew build failures found! Consider adding failed builds to devshells/failures.nix @chaotic-cx/nyxers` | |
| else | |
| extratext = `\nNew build failures found! Consider adding failed builds to devshells/failures.nix @${process.env.ACTOR}` | |
| github.rest.repos.createCommitComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| commit_sha: context.sha, | |
| body: `Failed to build ${process.env.FAILED_BUILDS_COUNT} packages: | |
| <details> | |
| <summary>${process.env.FAILED_BUILDS_COUNT} packages failed</summary> | |
| <ul> | |
| ${process.env.FAILED_BUILDS} | |
| </ul> | |
| </details>${extratext}` | |
| }) | |
| } else | |
| github.rest.repos.createCommitComment({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| commit_sha: context.sha, | |
| body: `All packages were built and cached successfully! (${process.env.UNBUILDABLE_COUNT} not suitable for building)` | |
| }) | |
| env: | |
| FAILED_BUILDS_COUNT: ${{ steps.build.outputs.FAILED_BUILDS_COUNT }} | |
| UNBUILDABLE_COUNT: ${{ steps.build.outputs.UNBUILDABLE_COUNT }} | |
| FAILED_BUILDS: ${{ steps.build.outputs.FAILED_BUILDS }} | |
| ACTOR: ${{ github.actor }} | |
| - name: Upload logs | |
| if: ((success() || failure()) && steps.build.outcome != 'skipped') | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: logs | |
| path: | | |
| ${{ runner.temp }}/*.txt | |
| ${{ runner.temp }}/*.nix | |
| docs: | |
| needs: build | |
| uses: ./.github/workflows/document.yml | |
| if: needs.build.outputs.pushed == 'true' | |
| flakehub: | |
| needs: docs | |
| uses: ./.github/workflows/flakehub-publish-rolling.yml | |
| if: needs.build.outputs.pushed == 'true' | |
| # flakestry: | |
| # needs: docs | |
| # uses: ./.github/workflows/flakestry-publish-rolling.yml | |
| # if: needs.build.outputs.pushed == 'true' |