CI #5388
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CI" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| merge_group: | |
| concurrency: | |
| group: "${{ github.workflow }}-${{ github.head_ref || github.sha }}" | |
| cancel-in-progress: true | |
| jobs: | |
| changes: | |
| runs-on: ubuntu-latest | |
| # Required permissions | |
| permissions: | |
| pull-requests: read | |
| # Set job outputs to values from filter step | |
| outputs: | |
| pkgdb: ${{ steps.filter.outputs.pkgdb }} | |
| steps: | |
| # For pull requests it's not necessary to checkout the code | |
| - uses: "actions/checkout@v4" | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| base: ${{ github.event.merge_group.base_ref || 'main' }} | |
| ref: ${{ github.event.merge_group.head_ref || github.ref }} | |
| filters: | | |
| pkgdb: | |
| - ".github/workflows/ci.yml" | |
| - "pkgdb/**" | |
| - "pkgs/**" | |
| - "Justfile" | |
| - "flake.nix" | |
| - "flake.lock" | |
| - "shells/**" | |
| pkgdb-dev: | |
| name: "Pkgdb" | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 60 | |
| if: ${{ github.event_name == 'workflow_dispatch' || needs.changes.outputs.pkgdb == 'true' }} | |
| needs: | |
| - "changes" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - "ubuntu-22.04-8core" | |
| - "macos-latest-xl" | |
| # Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages | |
| permissions: | |
| contents: read | |
| pages: write | |
| id-token: write | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref || github.ref }} | |
| - name: "Setup" | |
| uses: "./.github/actions/common-setup" | |
| with: | |
| GITHUB_ACCESS_TOKEN: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" | |
| SUBSTITUTER: "${{ vars.MANAGED_CACHE_PUBLIC_S3_BUCKET }}" | |
| SUBSTITUTER_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_SECRET_KEY }}" | |
| AWS_ACCESS_KEY_ID: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_SECRET_ACCESS_KEY }}" | |
| SSH_KEY: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}" | |
| - name: "Build" | |
| run: nix develop -L --no-update-lock-file --command just build-pkgdb | |
| - name: "Test" | |
| run: nix develop -L --no-update-lock-file --command just test-pkgdb | |
| - name: "Build Docs" | |
| run: | | |
| nix develop -L \ | |
| --no-update-lock-file \ | |
| --command make -C pkgdb docs; | |
| chmod -c -R +rX "pkgdb/docs/"|while read line; do | |
| echo "::warning title=Invalid file permissions fixed::$line"; | |
| done | |
| - name: "Upload artifact" | |
| uses: "actions/upload-pages-artifact@v3" | |
| if: ${{ matrix.os == 'ubuntu-22.04-8core' }} | |
| with: | |
| path: "pkgdb/docs" | |
| - name: "Deploy to GitHub Pages" | |
| if: ${{ matrix.os == 'ubuntu-22.04-8core' }} | |
| id: "deployment" | |
| uses: "actions/deploy-pages@v4" | |
| cli-dev: | |
| name: "Flox CLI Tests" | |
| runs-on: ${{ matrix.os }} | |
| timeout-minutes: 120 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - "ubuntu-22.04-8core" | |
| - "macos-latest-xl" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref || github.ref }} | |
| - name: "Setup" | |
| uses: "./.github/actions/common-setup" | |
| with: | |
| GITHUB_ACCESS_TOKEN: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" | |
| SUBSTITUTER: "${{ vars.MANAGED_CACHE_PUBLIC_S3_BUCKET }}" | |
| SUBSTITUTER_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_SECRET_KEY }}" | |
| AWS_ACCESS_KEY_ID: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_SECRET_ACCESS_KEY }}" | |
| SSH_KEY: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}" | |
| - name: "Cache Cargo" | |
| uses: "actions/cache@v4" | |
| with: | |
| path: | | |
| ~/.cargo/bin/ | |
| ~/.cargo/registry/index/ | |
| ~/.cargo/registry/cache/ | |
| ~/.cargo/git/db/ | |
| target/ | |
| key: "cargo-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}" | |
| restore-keys: "cargo-${{ runner.os }}-" | |
| - name: "Build" | |
| run: nix develop -L --no-update-lock-file --command just build-cli | |
| - name: "CLI Unit Tests" | |
| env: | |
| RUST_BACKTRACE: 1 | |
| run: nix develop -L --no-update-lock-file --command just impure-tests | |
| - name: "CLI Integration Tests" | |
| env: | |
| RUST_BACKTRACE: 1 | |
| run: nix develop -L --no-update-lock-file --command just integ-tests | |
| - name: "Functional Tests" | |
| if: ${{ github.event_name == 'merge_group' || github.event_name == 'workflow_dispatch' }} | |
| env: | |
| RUST_BACKTRACE: 1 | |
| AUTH0_FLOX_DEV_CLIENT_SECRET: "${{ secrets.MANAGED_AUTH0_FLOX_DEV_CLIENT_SECRET }}" | |
| TESTING_FLOX_CATALOG_URL: "${{ secrets.MANAGED_TESTING_FLOX_CATALOG_URL }}" | |
| run: nix develop -L --no-update-lock-file --command just functional-tests | |
| nix-build: | |
| name: "Nix build" | |
| runs-on: "ubuntu-latest" | |
| timeout-minutes: 120 | |
| outputs: | |
| closure-size: ${{ steps.closure.outputs.closure-size }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: | |
| - "x86_64-linux" | |
| - "x86_64-darwin" | |
| - "aarch64-linux" | |
| - "aarch64-darwin" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref || github.ref }} | |
| - name: "Setup" | |
| uses: "./.github/actions/common-setup" | |
| with: | |
| GITHUB_ACCESS_TOKEN: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" | |
| SUBSTITUTER: "${{ vars.MANAGED_CACHE_PUBLIC_S3_BUCKET }}" | |
| SUBSTITUTER_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_SECRET_KEY }}" | |
| AWS_ACCESS_KEY_ID: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_SECRET_ACCESS_KEY }}" | |
| SSH_KEY: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}" | |
| TAILSCALE_URL: "${{ vars.MANAGED_TAILSCALE_URL }}" | |
| TAILSCALE_AUTH_KEY: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}" | |
| REMOTE_BUILDERS: "${{ vars.MANAGED_REMOTE_BUILDERS }}" | |
| - name: "Build" | |
| id: "build" | |
| run: | | |
| for package in '.#packages.${{ matrix.system }}.flox-pkgdb' '.#packages.${{ matrix.system }}.flox-cli' '.#packages.${{ matrix.system }}.flox' ; do | |
| echo "Building $package ..." | |
| git clean -xfd . | |
| if nix path-info \ | |
| --store "$FLOX_SUBSTITUTER" \ | |
| --eval-store auto \ | |
| --builders '' \ | |
| -j0 \ | |
| "$package".outPath ; then | |
| echo " -> Paths for $package already exists in the substituter"; | |
| else | |
| nix build -L \ | |
| --no-update-lock-file \ | |
| --print-out-paths \ | |
| "$package"; | |
| fi | |
| done | |
| - name: "Get closure size (x86_64-linux)" | |
| if: ${{ matrix.system == 'x86_64-linux' }} | |
| id: "closure" | |
| run: | | |
| git clean -xfd . | |
| nix build --no-update-lock-file '.#flox' | |
| CLOSURE_SIZE=$(nix path-info -r --json '.#flox' | jq '[.[].narSize]|add') | |
| echo "closure-size=$CLOSURE_SIZE" >> "$GITHUB_OUTPUT" | |
| trigger-flox-installers-workflow: | |
| name: "Build installers" | |
| if: ${{ github.ref == 'refs/heads/main' && github.event_name == 'push' }} | |
| runs-on: "ubuntu-latest" | |
| timeout-minutes: 120 | |
| needs: | |
| - "nix-build" | |
| steps: | |
| - name: "Trigger flox-installers workflow" | |
| id: "trigger-workflow" | |
| uses: "convictional/trigger-workflow-and-wait@v1.6.5" | |
| with: | |
| owner: "flox" | |
| repo: "flox-installers" | |
| github_token: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" | |
| github_user: "floxbot" | |
| workflow_file_name: "ci.yml" | |
| ref: "main" | |
| wait_interval: 10 | |
| client_payload: '{"FLOX_SRC":"github:flox/flox/${{ github.event.pull_request.head.sha || github.sha }}"}' | |
| propagate_failure: true | |
| trigger_workflow: true | |
| wait_workflow: true | |
| - name: "Create shipit artifact" | |
| if: ${{ success() || failure() }} | |
| run: | | |
| jq -n \ | |
| --arg "flox_installers_workflow_id" "${{ steps.trigger-workflow.outputs.workflow_id }}" \ | |
| --arg "flox_closure_size" "${{ needs.nix-build.outputs.closure-size }}" \ | |
| '$ARGS.named' > shipit.json | |
| cat shipit.json | jq | |
| - name: "Upload artifact" | |
| uses: "actions/upload-artifact@v4" | |
| if: ${{ success() || failure() }} | |
| with: | |
| name: "shipit" | |
| path: "shipit.json" | |
| report-failure: | |
| name: "Report Failure" | |
| runs-on: "ubuntu-latest" | |
| if: ${{ failure() && github.ref == 'refs/heads/main' && github.event_name == 'push' }} | |
| needs: | |
| - "nix-build" | |
| - "pkgdb-dev" | |
| - "cli-dev" | |
| # TODO: enable these when deemed reliable - "nix-build-bats-tests" | |
| steps: | |
| - name: "Slack Notification" | |
| uses: "rtCamp/action-slack-notify@v2" | |
| env: | |
| SLACK_TITLE: "Something broke CI for flox/flox on main" | |
| SLACK_FOOTER: "Thank you for caring" | |
| SLACK_WEBHOOK: "${{ secrets.MANAGED_SLACK_WEBHOOK }}" | |
| SLACK_USERNAME: "GitHub" | |
| SLACK_ICON_EMOJI: ":poop:" | |
| SLACK_COLOR: "#ff2800" # ferrari red -> https://encycolorpedia.com/ff2800 | |
| SLACK_LINK_NAMES: true | |
| nix-build-bats-tests: | |
| name: "Flox Bats Tests" | |
| runs-on: "ubuntu-latest" | |
| needs: | |
| - "nix-build" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| system: | |
| - "x86_64-linux" | |
| - "x86_64-darwin" | |
| - "aarch64-linux" | |
| - "aarch64-darwin" | |
| steps: | |
| - name: "Checkout" | |
| uses: "actions/checkout@v4" | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref || github.ref }} | |
| - name: "Setup" | |
| uses: "./.github/actions/common-setup" | |
| with: | |
| GITHUB_ACCESS_TOKEN: "${{ secrets.MANAGED_FLOXBOT_GITHUB_ACCESS_TOKEN_REPO_SCOPE }}" | |
| SUBSTITUTER: "${{ vars.MANAGED_CACHE_PUBLIC_S3_BUCKET }}" | |
| SUBSTITUTER_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_SECRET_KEY }}" | |
| AWS_ACCESS_KEY_ID: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.MANAGED_CACHE_PUBLIC_AWS_SECRET_ACCESS_KEY }}" | |
| SSH_KEY: "${{ secrets.MANAGED_FLOXBOT_SSH_KEY }}" | |
| TAILSCALE_URL: "${{ vars.MANAGED_TAILSCALE_URL }}" | |
| TAILSCALE_AUTH_KEY: "${{ secrets.MANAGED_TAILSCALE_AUTH_KEY }}" | |
| REMOTE_BUILDERS: "${{ vars.MANAGED_REMOTE_BUILDERS }}" | |
| SYSTEM: "${{ matrix.system }}" | |
| - name: "Build flox" | |
| run: | | |
| git clean -xfd | |
| nix build -L \ | |
| --accept-flake-config \ | |
| --no-update-lock-file \ | |
| --print-out-paths \ | |
| '.#packages.${{ matrix.system }}.flox' | |
| # We run bats tests later on against the `FLOX_CLI' env | |
| echo "FLOX_CLI=$(readlink -f ./result; )/bin/flox" >> "$GITHUB_ENV" | |
| rm ./result | |
| - name: "Build Bats Tests (./#flox-tests)" | |
| run: | | |
| git clean -xfd | |
| nix build -L \ | |
| --no-update-lock-file \ | |
| --print-out-paths \ | |
| '.#packages.${{ matrix.system }}.flox-cli-tests' | |
| nix copy --to "$FLOX_SUBSTITUTER" ./result | |
| - name: "Run Bats Tests (./#flox-cli-tests)" | |
| run: | | |
| git clean -xfd | |
| ssh github@$REMOTE_SERVER \ | |
| -oUserKnownHostsFile=$REMOTE_SERVER_USER_KNOWN_HOSTS_FILE \ | |
| nix run \ | |
| --accept-flake-config \ | |
| --extra-experimental-features '"nix-command flakes"' \ | |
| 'github:flox/flox/${{ github.sha }}#packages.${{ matrix.system }}.flox-cli-tests' |