Solve a "full disk" GA issue by rather rely on a matrix of jobs

.github/workflows/main.yml

@@ -16,7 +16,13 @@ on:
 jobs:
   # This workflow contains a single job called "build"
   build:
-    runs-on: ubuntu-latest
+    strategy:
+      # fail-fast: false # TODO: @angerman do we want that?
+      matrix:
+        devshell: ['ghc8107', 'ghc902', 'ghc925', 'ghc8107-minimal', 'ghc902-minimal', 'ghc925-minimal', 'ghc8107-static-minimal', 'ghc902-static-minimal', 'ghc925-static-minimal']
+        os: [ubuntu-latest, macOS-latest]
+    # The type of runner that the job will run on
+    runs-on: ${{ matrix.os }}
     steps:
       - name: Install Nix with good defaults
         uses: cachix/install-nix-action@v17
@@ -35,4 +41,6 @@ jobs:
           AWS_ACCESS_KEY_ID: ${{ secrets.KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.SECRET }}
           NIX_STORE_SECRET_KEY: ${{ secrets.SECRET_KEY }}
+          FLAKE_DEV_SHELL: ${{ matrix.devshell }}
+          GA_HOST_OS: ${{ matrix.os }}
         run: ./extra/s3-uploads.sh

extra/s3-uploads.sh

@@ -2,20 +2,12 @@
 #! nix-shell -i bash -p awscli zstd
 set -euo pipefail
 
-DEV_SHELLS=(
-    "ghc8107"
-    "ghc902"
-    "ghc925"
-    "ghc8107-minimal"
-    "ghc902-minimal"
-    "ghc925-minimal"
-    "ghc8107-static-minimal"
-    "ghc902-static-minimal"
-    "ghc925-static-minimal"
-)
-
-# TODO: darwin builds need to run non-sandboxed ...
-SYSTEMS=("x86_64-linux") # ("aarch64-darwin" "aarch64-linux" "x86_64-darwin")
+if [ "$GA_HOST_OS" == "ubuntu-latest" ]; then
+    SYSTEMS=("x86_64-linux") # TODO: aarch64-linux
+fi
+if [ "$GA_HOST_OS" == "macOS-latest" ]; then
+    SYSTEMS=("x86_64-darwin") # TODO: aarch64-darwin
+fi
 
 # `awscli` doesn't seems to provide a stateless mode :')
 aws configure set aws_access_key_id "${AWS_ACCESS_KEY_ID}"
@@ -25,18 +17,16 @@ aws configure set aws_secret_access_key "${AWS_SECRET_ACCESS_KEY}"
 echo "${NIX_STORE_SECRET_KEY}" > ./secret-key
 
 for system in "${SYSTEMS[@]}"; do
-    for devShell in "${DEV_SHELLS[@]}"; do
-        DEV_SHELL="${system}.${devShell}"
-        FLAKE=".#devShells.${DEV_SHELL} --no-write-lock-file --refresh --system ${system} --accept-flake-config"
-        # shellcheck disable=SC2086
-        nix build ${FLAKE}
-        nix store sign --key-file ./secret-key --recursive ./result
-        # shellcheck disable=SC2046
-        nix-store --export $(nix-store -qR ./result) | zstd -z8T8 > "${DEV_SHELL}.zstd"
-        # shellcheck disable=SC2086
-        nix print-dev-env ${FLAKE} > "${DEV_SHELL}.sh"
-        aws --endpoint-url https://s3.zw3rk.com s3 cp "./${DEV_SHELL}.zstd" s3://devx/
-        aws --endpoint-url https://s3.zw3rk.com s3 cp "./${DEV_SHELL}.sh" s3://devx/
-        rm result
-    done
+    DEV_SHELL="${system}.${FLAKE_DEV_SHELL}"
+    FLAKE=".#devShells.${DEV_SHELL} --no-write-lock-file --refresh --system ${system} --accept-flake-config"
+    # shellcheck disable=SC2086
+    nix build ${FLAKE}
+    nix store sign --key-file ./secret-key --recursive ./result
+    # shellcheck disable=SC2046
+    nix-store --export $(nix-store -qR ./result) | zstd -z8T8 > "${DEV_SHELL}.zstd"
+    # shellcheck disable=SC2086
+    nix print-dev-env ${FLAKE} > "${DEV_SHELL}.sh"
+    aws --endpoint-url https://s3.zw3rk.com s3 cp "./${DEV_SHELL}.zstd" s3://devx/
+    aws --endpoint-url https://s3.zw3rk.com s3 cp "./${DEV_SHELL}.sh" s3://devx/
+    rm result
 done