-
Notifications
You must be signed in to change notification settings - Fork 403
99 lines (97 loc) · 3.93 KB
/
nix-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: Nix CI
on:
push:
branches:
- master
tags:
- '*'
pull_request:
branches:
- master
jobs:
Build:
runs-on: ${{ matrix.os }}
defaults:
run:
# Can't use `nix-shell` without configured nixpkgs path on macOS
shell: nix -v --experimental-features "nix-command flakes" run .#ciShell -- bash -euxo pipefail {0}
strategy:
matrix:
include:
- name: Linux
os: ubuntu-latest
nix_url: https://hydra.nixos.org/build/130670999/download/1/nix-2.4pre20201117_ae31916-x86_64-linux.tar.xz
- name: macOS
os: macos-latest
nix_url: https://hydra.nixos.org/build/130670982/download/1/nix-2.4pre20201117_ae31916-x86_64-darwin.tar.xz
# complete all jobs
fail-fast: false
name: ${{ matrix.name }}
steps:
- name: Checkout
uses: actions/checkout@v2
# Install flakes-enabled Nix manually from Hydra since `install-nix-action` doesn't accept raw tarballs
- name: Install Nix
shell: bash -euo pipefail {0}
run: |
curl ${{ matrix.nix_url }} | tar -xJ
# Do a single-user install so actions/cache doesn't get confused about permissions
nix-*/install --no-daemon --no-channel-add --darwin-use-unencrypted-nix-store-volume
rm -rf nix-*
# Call `install-nix-action` anyways to run its Actions-specific setup
- name: Setup Nix
uses: cachix/install-nix-action@v12
- name: Fixup install-nix-action
shell: bash -euo pipefail {0}
run: |
# the path set by install-nix-action is valid only for multi-user installations
echo "NIX_SSL_CERT_FILE=$HOME/.nix-profile/etc/ssl/certs/ca-bundle.crt" > $GITHUB_ENV
if: matrix.name == 'macOS'
- name: Further setup Nix
run: |
mkdir -p ~/.config/nix
echo '
max-jobs = auto
extra-sandbox-paths = /nix/var/cache/ccache
extra-trusted-substituters = https://lean4.cachix.org/
extra-trusted-public-keys = lean4.cachix.org-1:mawtxSxcaiWE24xCXXgh3qnvlTkyU7evRRnGeAhD4Wk=' > ~/.config/nix/nix.conf
sudo mkdir -m0770 -p /nix/var/cache/ccache
# macOS standard chown doesn't support --reference
nix shell .#nixpkgs.coreutils -c sudo chown --reference=/nix /nix/var/cache/ccache
echo 'max_size = 50M' > /nix/var/cache/ccache/ccache.conf
# install & use Cachix manually since `cachix-action` pushes *all* derivations (incl. `$mod-deps`, stage 2&3, etc.)
nix-env -iA cachix -f https://cachix.org/api/v1/install
- name: Setup CCache Cache
uses: actions/cache@v2
with:
path: /nix/var/cache/ccache
key: ${{ matrix.name }}-nix-ccache-${{ github.sha }}
# fall back to (latest) previous cache
restore-keys: |
${{ matrix.name }}-nix-ccache
- name: Build
run: |
# .o files are not a runtime dependency on macOS because of lack of thin archives
nix build -v --print-build-logs .#stage0 .#stage1 .#Lean.oTree -o push-build
- name: Test
run: |
nix build -v --print-build-logs .#test -o push-test
- name: Build manual
run: |
nix build .#mdbook .#doc-test -o push-doc
nix build .#doc
if: matrix.name == 'Linux'
- name: Push to Cachix
run: |
[ -z "$CACHIX_AUTH_TOKEN" ] || cachix push -j4 lean4 ./push-*
env:
CACHIX_AUTH_TOKEN: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Publish manual
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./result
destination_dir: ./doc
if: matrix.name == 'Linux' && github.ref == 'refs/heads/master' && github.event_name == 'push'
- name: CCache stats
run: CCACHE_DIR=/nix/var/cache/ccache nix run .#nixpkgs.ccache -- -s