-
Notifications
You must be signed in to change notification settings - Fork 6
/
action.yaml
134 lines (122 loc) · 4.52 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: "Standard Action Runner"
description: "Build a target and run its action."
inputs:
discovery_json:
description: "JSON describing the action matrix, found in the discovery phase."
required: true
nix_signing_key:
description: "Signing key used by Nix for package signing."
required: false
nix_cache:
description: "Nix cache to optionally cache (potentially signed) build results."
default: auto # auto refers to the local nix store, so nothing is uploaded by default
required: false
extra_nix_config:
description: "Configuration to append to the nix.conf."
required: false
# Authentication c/o Nix for additional private repositories
nix_access_tokens:
description: "Access Tokens to allow Nix to fetch private repositories."
required: false
default: github.com=${{ github.token }}
# Discovery runner & builder host
discovery_host:
description: "SSH host URI for a persistent discovery runner."
default: none
required: false
builder_host:
description: "Nix store URI of a remote builder."
default: auto
required: false
runs:
using: "composite"
steps:
- name: Emplace Nix Key
shell: bash
env:
NIX_KEY_PATH: ${{ runner.temp }}/.nix-key
run: |
# handle 🔑 material
if [[ -n '${{ inputs.nix_signing_key }}' ]]; then
echo "${{ inputs.nix_signing_key }}" >"$NIX_KEY_PATH"
chmod 0600 "$NIX_KEY_PATH"
echo "NIX_KEY_PATH=$NIX_KEY_PATH" >> "$GITHUB_ENV"
else
echo "NIX_KEY_PATH=" >> "$GITHUB_ENV"
fi
- name: Restore Cache & Discovery Results
id: restore-cache
if: inputs.discovery_host == 'none' && runner.os != 'macOS'
uses: divnix/nix-cache-action@v3.0.11-nix
with:
path: |
/nix
~/.cache/nix
~root/.cache/nix
key: discovery-${{ runner.os }}-${{ runner.arch }}-${{ github.ref }}-${{ github.sha }}
- name: Install Nix
uses: nixbuild/nix-quick-install-action@v21
with:
nix_conf: |
experimental-features = nix-command flakes
accept-flake-config = true
trusted-users = runner
access-tokens = ${{ inputs.nix_access_tokens }}
secret-key-files = ${{ env.NIX_KEY_PATH }}
${{ inputs.extra_nix_config }}
- name: Restore Cache & Discovery Results
id: restore-cache-mac
if: inputs.discovery_host == 'none' && runner.os == 'macOS'
uses: divnix/nix-cache-action@v3.0.11-nix
with:
path: |
/nix
~/.cache/nix
~root/.cache/nix
key: discovery-${{ runner.os }}-${{ runner.arch }}-${{ github.ref }}-${{ github.sha }}
- name: Pull Derivations from Persistent Discovery Runner
if: inputs.discovery_host != 'none'
env:
PERSISTENT_DISCOVERY_HOST: ${{ inputs.discovery_host }}
run: |
# pull 🦌 from persistent discovery runner
ssh "$PERSISTENT_DISCOVERY_HOST" -- \
'nix-store --export \
$(nix-store --query --requisites \
${{ fromJSON(inputs.discovery_json).actionDrv }}) \
| zstd' \
| unzstd \
| nix-store --import &>/dev/null
shell: bash
- name: Build ${{ fromJSON(inputs.discovery_json).name }}
id: build
env:
BUILDER: ${{ inputs.builder_host }}
JSON: ${{ inputs.discovery_json }}
OS: ${{ runner.os }}
SCRIPT: ${{ github.action_path }}/_build.sh
UNCACHED_FILE: ${{ runner.temp }}/uncached
run: ${{ github.action_path }}/build.sh
shell: bash
- name: ${{ fromJSON(inputs.discovery_json).action }} ${{ fromJSON(inputs.discovery_json).name }}
if: fromJSON(inputs.discovery_json).action != 'build'
env:
UNCACHED_FILE: ${{ runner.temp }}/uncached
BUILDER: ${{ inputs.builder_host }}
JSON: ${{ inputs.discovery_json }}
PRJ_ROOT: ${{ github.workspace }}
PRJ_DATA_DIR: ${{ github.workspace }}/.std
OS: ${{ runner.os }}
SCRIPT: ${{ github.action_path }}/_run.sh
run: ${{ github.action_path }}/run.sh
shell: bash
- name: Populate Cache
env:
CACHE: ${{ inputs.nix_cache }}
BUILDER: ${{ inputs.builder_host }}
UNCACHED_FILE: ${{ runner.temp }}/uncached
OS: ${{ runner.os }}
SCRIPT: ${{ github.action_path }}/_cache.sh
if: always() && env.CACHE != 'auto' && steps.build.outputs.has_uncached == 'true' && steps.build.conclusion == 'success'
run: ${{ github.action_path }}/cache.sh
shell: bash