diff --git a/.github/actionlint.yml b/.github/actionlint.yml new file mode 100644 index 000000000..eaf4d7d50 --- /dev/null +++ b/.github/actionlint.yml @@ -0,0 +1,4 @@ +self-hosted-runner: + labels: + - blacksmith-2vcpu-ubuntu-2404-arm + - blacksmith-4vcpu-ubuntu-2404 diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index af003c0e2..3a8bf726f 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -36,7 +36,7 @@ jobs: id: set-versions run: | VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') - echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT + echo "postgres_versions=$VERSIONS" >> "$GITHUB_OUTPUT" build: needs: prepare @@ -67,25 +67,21 @@ jobs: substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= - - name: Run checks if triggered manually - if: ${{ github.event_name == 'workflow_dispatch' }} - run: | - SUFFIX=$(nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') - if [[ -z "$SUFFIX" ]] ; then - echo "Version must include non-numeric characters if built manually." - exit 1 - fi - - name: Set PostgreSQL version environment variable run: | - echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV - echo "EXECUTION_ID=${{ github.run_id }}-${{ matrix.postgres_version }}" >> $GITHUB_ENV + echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> "$GITHUB_ENV" + echo "EXECUTION_ID=${{ github.run_id }}-${{ matrix.postgres_version }}" >> "$GITHUB_ENV" - name: Generate common-nix.vars.pkr.hcl run: | - PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes - echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl + PG_VERSION="$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)" + BRANCH_NAME="$(echo "${{ github.ref }}" | sed 's|refs/heads/||')" + if [[ "${{ github.event_name }}" == "workflow_dispatch" && "$BRANCH_NAME" != "develop" && "$BRANCH_NAME" != release/* ]]; then + SUFFIX="${BRANCH_NAME//[^a-zA-Z0-9._-]/-}-${{ github.run_id }}" + PG_VERSION="${PG_VERSION}-${SUFFIX}" + echo "Added branch suffix to version: $SUFFIX" + fi + echo "postgres-version = \"$PG_VERSION\"" > common-nix.vars.pkr.hcl # Ensure there's a newline at the end of the file echo "" >> common-nix.vars.pkr.hcl @@ -110,8 +106,9 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') - echo "version=$VERSION" >> $GITHUB_OUTPUT + VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "::notice title=AMI Published::Postgres AMI version: $VERSION" - name: Create nix flake revision tarball run: | diff --git a/nix/hooks.nix b/nix/hooks.nix index 896c262ba..bcd0e0300 100644 --- a/nix/hooks.nix +++ b/nix/hooks.nix @@ -1,4 +1,8 @@ { inputs, ... }: +let + ghWorkflows = builtins.attrNames (builtins.readDir ../.github/workflows); + lintedWorkflows = [ "ami-release-nix.yml" ]; +in { imports = [ inputs.git-hooks.flakeModule ]; perSystem = @@ -8,9 +12,17 @@ check.enable = true; settings = { hooks = { + actionlint = { + enable = true; + excludes = builtins.filter (name: !builtins.elem name lintedWorkflows) ghWorkflows; + verbose = true; + }; + treefmt = { enable = true; package = config.treefmt.build.wrapper; + pass_filenames = false; + verbose = true; }; }; };