diff --git a/.github/workflows/nix-ci.yaml b/.github/workflows/nix-ci.yaml new file mode 100644 index 00000000..ef3707d8 --- /dev/null +++ b/.github/workflows/nix-ci.yaml @@ -0,0 +1,92 @@ +name: Nix CI +on: + pull_request: + workflow_dispatch: + workflow_call: + secrets: + GIT_HUB_TOKEN: + required: true + CACHIX_AUTH_TOKEN: + required: false + push: + branches: + - main + - prod + tags: + - '**' + +env: + CI_NIXOS_HOSTNAMES: worldcoin-hil-munich-0 worldcoin-hil-munich-1 + +jobs: + fmt: + name: Format + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 + with: + token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27 + with: + github_access_token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15 + continue-on-error: true + with: + name: worldcoin + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Print environment + run: | + uname -a + nix develop -c env + + - name: Check Nix formatting + run: | + nix develop -c \ + nixpkgs-fmt --check . + + build: + name: Build Nix Targets + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # pin@v3 + with: + token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/install-nix-action@ba0dd844c9180cbf77aa72a116d6fbc515d0e87b # pin@v27 + with: + github_access_token: ${{ secrets.GIT_HUB_TOKEN }} + - uses: cachix/cachix-action@ad2ddac53f961de1989924296a1f236fcfbaa4fc # pin@v15 + continue-on-error: true + with: + name: worldcoin + authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} + - name: Authorize private git repos + run: git config --global url."https://${{ secrets.GIT_HUB_TOKEN }}@github.com".insteadOf https://github.com + - name: Print environment + run: | + uname -a + nix develop -c env + + - name: Build + run: | + targets=( + .#liveusb + .#nixosConfigurations.worldcoin-hil-munich-0.config.system.build.toplevel + .#nixosConfigurations.worldcoin-hil-munich-1.config.system.build.toplevel + .#nixosConfigurations.ryan-worldcoin-hil.config.system.build.toplevel + ) + nix build ${TARGETS[@]} + + - name: Debug + run: ls -alh result* + + - name: Upload Artifacts + uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4.3.3 + if: github.event_name == 'workflow_dispatch' || format('refs/heads/{0}', github.event.repository.default_branch) == github.ref + with: + # upload v4 doesn't support writing multiple times to the same artifact name. + # so its important that we name it after the workflow and not something + # general like "artifacts" + name: nix + path: result/ + if-no-files-found: error + retention-days: 14 diff --git a/.github/workflows/rust-ci.yaml b/.github/workflows/rust-ci.yaml index e964ee4e..02e134a2 100644 --- a/.github/workflows/rust-ci.yaml +++ b/.github/workflows/rust-ci.yaml @@ -38,10 +38,6 @@ jobs: - name: Check Rust formatting run: cargo fmt --check --all - - name: Check Nix formatting - run: | - nix develop -c \ - nixpkgs-fmt --check flake.nix clippy: name: Clippy