Skip to content
ci

chore(flake/nixos-hardware): 6f976e53 -> 5d48925b #9927

Sign in to view logs

chore(flake/nixos-hardware): 6f976e53 -> 5d48925b

chore(flake/nixos-hardware): 6f976e53 -> 5d48925b #9927

Workflow file for this run

.github/workflows/ci.yaml at 4dd7ccf
name: ci
on:
push:
branches:
- master
- try
pull_request:
permissions: {}
env:
flake: github:${{ github.repository }}/${{ github.sha }}
nix-conf: |-
accept-flake-config = true
always-allow-substitutes = true
builders-use-substitutes = true
max-jobs = auto
cachix-install: nix profile install 'github:${{ github.repository }}/${{ github.sha }}#cachix'
aarch64-host: aarch64.nixos.community
aarch64-ssh-config: |-
Host aarch64.nixos.community 147.28.143.250
User lovesegfault
IdentitiesOnly yes
IdentityFile ~/.ssh/aarch64-builder-ed25519
aarch64-ssh-known-host: |-
aarch64-build-box,aarch64.nixos.community,147.75.77.190 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds
aarch64-machine-config: |-
ssh-ng://lovesegfault@aarch64.nixos.community aarch64-linux /etc/nix/ssh/aarch64-builder-ed25519 64 1 big-parallel - c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU1VVHo1aTl1NUgyRkhOQW1aSnlvSmZJR3lVbS9IZkdoZnduYzE0MkwzZHMgcm9vdEBuaXhvcwo=
jobs:
flake-check:
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@v10
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v14
with:
name: nix-config
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: nix-flake-check
run: nix flake check '${{ env.flake }}'
flake-show:
runs-on: ubuntu-latest
steps:
- uses: DeterminateSystems/nix-installer-action@v10
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v14
with:
name: nix-config
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: nix-flake-show
run: nix flake show '${{ env.flake }}'
get-attrs:
runs-on: ubuntu-latest
outputs:
build: ${{ steps.get-attrs.outputs.build }}
eval: ${{ steps.get-attrs.outputs.eval }}
env:
has_aarch64_ssh_key: ${{ secrets.AARCH64_BUILDER_KEY != '' }}
steps:
- uses: DeterminateSystems/nix-installer-action@v10
with:
extra-conf: ${{ env.nix-conf }}
- uses: DeterminateSystems/magic-nix-cache-action@v4
- id: install-jq
run: nix profile install '${{ env.flake }}#jq'
- id: get-attrs
run: |
function summary() {
printf '%s\n' "${*}" >> "$GITHUB_STEP_SUMMARY"
}
summary "# CI"
TMP="$(mktemp -d)"
# host packages
nix eval --json '${{ env.flake }}#hosts' | jq -c '
to_entries
| map({
name: .key,
evalOnly: false,
hostPlatform: .value.hostPlatform,
large: .value.large,
attr: "packages.\(.value.hostPlatform).\(.key)"
})
| map(
if .hostPlatform == "x86_64-linux" then .runsOn="ubuntu-latest"
elif .hostPlatform == "aarch64-linux" then .runsOn="ubuntu-latest"
elif .hostPlatform == "x86_64-darwin" then .runsOn="macos-13"
elif .hostPlatform == "aarch64-darwin" then .runsOn="macos-14"
else .evalOnly=true | .runsOn="ubuntu-latest"
end
)
| map(if .large then .evalOnly=true end)
' >"$TMP/hostAttrs.json"
# handle not being able to build aarch64-linux attrs when the ssh key
# is missing
if [[ "${has_aarch64_ssh_key}" != 'true' ]]; then
summary \
"- ⚠️ AArch64 builder SSH key is unavailable, all \`aarch64-linux\` attrs will be eval-only"
old_host_attrs="$(<"$TMP/hostAttrs.json")"
jq -c \
'map(if .hostPlatform == "aarch64-linux" then .evalOnly=true end)' \
<<<"$old_host_attrs" >"$TMP/hostAttrs.json"
fi
# dev shells
jq -c '
unique_by(.hostPlatform)
| sort_by(.runsOn)
| map(
.attr = "devShells.\(.hostPlatform).default.inputDerivation"
| .name = "devShell-\(.hostPlatform)"
)
' "$TMP/hostAttrs.json" >"$TMP/shellAttrs.json"
# join shell and host attrs
jq -c -s add "$TMP/hostAttrs.json" "$TMP/shellAttrs.json" >"$TMP/attrs.json"
# warn about eval-only attrs
read -r -a evalOnlyAttrs < \
<(jq -c -r 'map(select(.evalOnly) | .name) | @sh' "$TMP/attrs.json" | tr -d \')
if [[ "${#evalOnlyAttrs[@]}" -ne 0 ]]; then
printf -v attrs "\`%s\`, " "${evalOnlyAttrs[@]}"
summary \
"- ⚠️ The following attributes will only be evaluated: ${attrs%, }"
fi
# add all to-build attrs to the summary
read -r -a buildAttrs < \
<(jq -c -r 'map(select(.evalOnly | not) | .name) | @sh' "$TMP/attrs.json" | tr -d \')
if [[ "${#buildAttrs[@]}" -ne 0 ]]; then
printf -v attrs "\`%s\`, " "${buildAttrs[@]}"
summary \
"- ✅ The following attributes will be built: ${attrs%, }"
fi
# check for dupes
duplicate_count="$(jq -r '
group_by([.name, .attr]) | map(select(length>1)) | length
' "$TMP/attrs.json")"
if [[ "$duplicate_count" -ne 0 ]]; then
summary \
"- ‼️ Duplicate entries in \`attrs.json\`: \`$(cat "$TMP/attrs.json")\`"
exit 1
fi
# split build and evalOnly attrs
jq -c 'map(select(.evalOnly))' <"$TMP/attrs.json" >"$TMP/eval.json"
jq -c 'map(select(.evalOnly | not))' <"$TMP/attrs.json" >"$TMP/build.json"
echo "build=$(<"$TMP/build.json")" >>"$GITHUB_OUTPUT"
echo "eval=$(<"$TMP/eval.json")" >>"$GITHUB_OUTPUT"
eval:
name: eval ${{ matrix.attrs.name }}
runs-on: ${{ matrix.attrs.runsOn }}
needs: [ get-attrs ]
strategy:
fail-fast: false
matrix:
attrs: ${{ fromJson(needs.get-attrs.outputs.eval) }}
env:
system: ${{ matrix.attrs.hostPlatform }}
steps:
- uses: DeterminateSystems/nix-installer-action@v10
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v14
with:
name: nix-config
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: eval
if: ${{ matrix.attrs.evalOnly }}
run: |
nix eval --raw '${{ env.flake }}#${{ matrix.attrs.attr }}'
build:
name: build ${{ matrix.attrs.name }}
runs-on: ${{ matrix.attrs.runsOn }}
needs: [ get-attrs ]
strategy:
fail-fast: false
matrix:
attrs: ${{ fromJson(needs.get-attrs.outputs.build) }}
env:
aarch64-ssh-key: ${{ secrets.AARCH64_BUILDER_KEY }}
system: ${{ matrix.attrs.hostPlatform }}
steps:
- uses: DeterminateSystems/nix-installer-action@v10
with:
extra-conf: ${{ env.nix-conf }}
- uses: cachix/cachix-action@v14
with:
name: nix-config
authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
extraPullNames: nix-community
installCommand: ${{ env.cachix-install }}
- name: setup-aarch64-ssh
if: ${{ env.system == 'aarch64-linux' || env.system == 'aarch64-darwin' }}
run: |
mkdir -p ~/.ssh
sudo mkdir -p /etc/nix/ssh
echo '${{ env.aarch64-ssh-config }}' | tee ~/.ssh/config | sudo tee /etc/nix/ssh/config
echo '${{ env.aarch64-ssh-known-host }}' | tee -a ~/.ssh/known_hosts | sudo tee -a /etc/nix/ssh/known_hosts
echo '${{ env.aarch64-ssh-key }}' > ~/.ssh/aarch64-builder-ed25519
echo '${{ env.aarch64-ssh-key }}' | sudo tee /etc/nix/ssh/aarch64-builder-ed25519 >> /dev/null
chmod 0600 ~/.ssh/*
sudo chmod 0600 /etc/nix/ssh/*
echo '${{ env.aarch64-machine-config }}' | sudo tee -a /etc/nix/machines
- name: nix-fast-build
if: ${{ env.system != 'aarch64-darwin' }}
run: |
declare -a args=(
'--no-nom'
'--skip-cached'
'--systems=${{ env.system }}'
'--option' 'accept-flake-config' 'true'
'--retries=3'
)
# Add the remote builder for aarch64-linux builds
[[ '${{ env.system }}' == 'aarch64-linux' ]] && args+=('--remote=${{ env.aarch64-host }}')
args+=('--flake=${{ env.flake }}#${{ matrix.attrs.attr }}')
nix run '${{ env.flake }}#nix-fast-build' -- "${args[@]}"
- name: nix-build
if: ${{ env.system == 'aarch64-darwin' }}
run: |
nix build --keep-going '${{ env.flake }}#${{ matrix.attrs.attr }}'
check:
runs-on: ubuntu-latest
needs: [ flake-check, flake-show, build, eval ]
if: always()
steps:
- uses: re-actors/alls-green@release/v1
with:
jobs: ${{ toJSON(needs) }}
allowed-skips: eval